California And Federal Consumer Privacy Rulemaking
On November 8, the California Privacy Protection Agency (CPPA) Board voted to adopt new regulations regarding data broker registration requirements. In addition, the board voted to advance the proposed rule-making package for insurance, cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and updates to existing regulations, to the formal rule-making process.
Read the full CPPA’s announcement here.
Find a copy of the proposed regulations here.
Interested parties can submit public comment during the mandated comment periods., and you can also sign up to receive alerts about future public comment opportunities here.
View a free webinar from the Husch Blackwell Privacy team analyzing the draft regulations here.
If the voluminous amount of data breaches to date still hasn’t convinced you of the need for greater data broker oversight, here’s another one impacting approximately 800,000 individuals and some of their most sensitive information, including their social security numbers, dates of birth, and passport and drivers license numbers. If you’re insured by one of these entities, you should monitor your credit reports: American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company and the Capitol Life Insurance Company.
On November 21, the federal Consumer Financial Protection Bureau (CFPB) finalized a rule to supervise the largest nonbank companies offering digital funds transfer and payment wallet apps. The rule will help the CFPB to ensure that these companies – specifically those handling more than 50 million transactions per year – follow federal law just like large banks, credit unions, and other financial institutions already supervised by the CFPB. The CFPB estimates that the most widely used apps covered by the rule collectively process over 13 billion consumer payment transactions annually.
Shortly before the November 21 action, the CFPB released its report on “State Consumer Privacy Laws and the Monetization of Consumer Financial Data”, which according to this Cooley blog post, “analyzes state and federal privacy laws that have been passed in recent years – many of which exempt data and/or institutions that are subject to the federal Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA). Based on this analysis, the CFPB concludes that states should consider removing or narrowing the GLBA and FCRA exemptions in their privacy laws in order to provide more robust privacy protections over consumer financial data.”