Skip to content
BOL Conferences
Learn More - Click Here!

Page 2 of 3 1 2 3
Thread Options
#2228079 - 12/30/19 07:00 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
Business/Commercial accounts/loans have a one year exemption from CCPA. We have asked our attorney the same questions, and was advised to wait to see the final regulations from the CA attorney general and if any additional changes are made by the Legislature during 2020.

Also beware, that the organization behind CCPA, does not think that the current version of CCPA goes far enough and is trying to get an initiative on the fall ballot. https://www.caprivacy.org/

Return to Top
#2230697 - 02/11/20 04:22 PM Re: NEW California Privacy Law Reg Warrior
Reads Regs Offline
Diamond Poster
Joined: Nov 2004
Posts: 2,307
Link to redlined version of latest CA privacy proposed regulation.

https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-text-of-mod-redline-020720.pdf?
_________________________
Opinions expressed are my own and not necessarily those of my employer. They are not legal advice.

Return to Top
#2230736 - 02/11/20 07:22 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
Comments on the modified proposed regulations are due the CA Attorney General by Feb. 25 at 5pm.

https://oag.ca.gov/privacy/ccpa

Return to Top
#2244444 - 10/21/20 10:05 PM Re: NEW California Privacy Law Reg Warrior
green_banker Offline
New Poster
Joined: Oct 2020
Posts: 1
Now that this is effective, has anyone determined what PI if any is exempted under GLBA? If you receive a copy request, what are you giving them?

Return to Top
#2244469 - 10/22/20 03:38 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
Based on the GLBA and California Financial Information Privacy Act, all PI we collect on members (we are a credit union) is exempt from CCPA. However any PI we collect on consumers associated with business account/commercial loans is not exempt from CCPA, nor is our own employee PI. If a member submits a request, we advise them that their PI is exempt from CCPA and that we comply with federal and state privacy laws.

FYI there is ballot measure that could make all this much more fun.
https://voterguide.sos.ca.gov/propositions/24/
https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf

Return to Top
#2245547 - 11/16/20 03:55 PM Re: NEW California Privacy Law Reg Warrior
awilli Offline
Gold Star
Joined: Oct 2014
Posts: 291
What is the delivery timing requirement for the CA Privacy Notice?

ex. Within three days after application? At the time of application (prior to application)? Before applicant information is collected? Etc...
_________________________
Say what you mean, mean what you say, but don't say it mean.

Return to Top
#2245552 - 11/16/20 04:30 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
The Notice at Collections must given prior to any personal information is collected from a consumer.

Return to Top
#2245556 - 11/16/20 05:27 PM Re: NEW California Privacy Law Reg Warrior
awilli Offline
Gold Star
Joined: Oct 2014
Posts: 291
So before they even apply for a loan application? (since there are certain information needed for an application)
_________________________
Say what you mean, mean what you say, but don't say it mean.

Return to Top
#2245559 - 11/16/20 05:57 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
Yes. Keep in mind, personal information collected for opening, maintaining, or servicing a personal account/loan is exempt as this personal information falls under GLBA or CalFIPA. Personal information that is collected for employment, business banking, commercial lending, marketing and other areas is not exempt from CCPA.

Return to Top
#2245563 - 11/16/20 06:57 PM Re: NEW California Privacy Law Reg Warrior
Inherent_Risk Offline
Platinum Poster
Joined: Jan 2017
Posts: 570
Am I right that business to business and employment exemptions were extended to 2023 by the new ballot initiative?

Return to Top
#2245565 - 11/16/20 08:00 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
Yes, but you still need to provide the Notice at Collection beginning no later than 1/1/2022, due to the look back period for responding to requests that begins 1/1/2023. We've had our Notices posted since July for employment and business, and all marketing related items have had a form of the Notice since January.

Return to Top
#2258931 - 08/30/21 04:35 PM Re: NEW California Privacy Law Reg Warrior
Mountaineers_Fan Offline
100 Club
Joined: Jun 2018
Posts: 100
Reviving this thread...

Does anyone have a CCPA audit checklist or something similar that they'd be willing to share?

Return to Top
#2260197 - 09/24/21 03:22 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
The new California Privacy Protection Agency (CPPA) has begun its proposed rulemaking to enact the recently passed California Privacy Rights of Act of 2020, that amends the CCPA. Here is the link to their preliminary questions that are due on 11/8.

https://cppa.ca.gov/regulations/pdf/invitation_for_comments.pdf

Return to Top
#2271086 - 06/01/22 04:06 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
The California Privacy Protection Agency (CPPA) has issued draft regulations for CCPA that are required by CPRA. The draft regulations will be discussed at the next CPPA Board meeting on June 8.

https://cppa.ca.gov/meetings/materials/20220608_item3.pdf

Return to Top
#2273496 - 07/27/22 09:15 PM Re: NEW California Privacy Law Reg Warrior
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 2,199
The West
Proposed regulations here:

CCPA/CPRA Proposed Regulations[/url]https://cppa.ca.gov/regulations/con...sid=d8918670-250d-ed11-82e5-0022480a000d
_________________________
TryingToComply
CRCM

Return to Top
#2273497 - 07/27/22 09:15 PM Re: NEW California Privacy Law Reg Warrior
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 2,199
The West
Would be interested to know which department in your bank is responsible for CCPA/CPRA.
_________________________
TryingToComply
CRCM

Return to Top
#2273527 - 07/28/22 03:55 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
Compliance (part of Enterprise Risk Management) is responsible for CCPA/CPRA, and all other privacy laws.

Return to Top
#2275582 - 09/14/22 10:30 PM Re: NEW California Privacy Law Reg Warrior
Mel in WA Offline
Diamond Poster
Joined: Mar 2013
Posts: 1,265
Curious if anyone has used a standard vendor form to comply with CCPA? Or, is it too specific for each institution.

Return to Top
#2275884 - 09/21/22 06:34 PM Re: NEW California Privacy Law Reg Warrior
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 2,199
The West
We looked at several CCPA notices of large financial institution to see what they disclosed to assist us with developing ours. There certainly is no harm in having a vendor assist with the project. There is a company called sixfifty.com that I know some banks have used.
_________________________
TryingToComply
CRCM

Return to Top
#2280626 - 02/03/23 06:35 PM Re: NEW California Privacy Law Reg Warrior
TR Offline
New Poster
Joined: Feb 2023
Posts: 1
Does anyone have data mapping template document that they are willing to share? Thanks

Return to Top
#2282253 - 03/15/23 01:04 AM Re: NEW California Privacy Law Reg Warrior
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 2,199
The West
Now that the B2B exemption is gone, how is everyone handling the business side? I understand some are incorporating the NAC into their business loan applications or Personal Financial Statement forms to address guarantors. This works great if you require guarantors to use your form. As for business signers on deposit accounts, some are incorporating the NAC into the new account workflow. The NAC would need to be provided at the beginning of the process.

Curious to know what others are doing.
_________________________
TryingToComply
CRCM

Return to Top
#2282271 - 03/15/23 04:24 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
We have incorporate a NAC in all business account (deposit and loan) applications and related documents. If the document is collecting any PI (owners, authorized signers, guarantors, etc.), a NAC has been incorporated.

Return to Top
#2282322 - 03/16/23 05:42 PM Re: NEW California Privacy Law Reg Warrior
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 2,199
The West
For the lending side, I was thinking of adding language to the paragraph above the signature line on our Personal Financial Statement to indicate, "If you are a California resident, the California Consumer Privacy Act requires ABC Bank to provide you with a Notice at Collection prior to collecting personal information from you. You can access the Notice at Collection on our website [URL].

This would eliminate us having to update the PFS if/when the notice needs to be updated.

Thoughts?
_________________________
TryingToComply
CRCM

Return to Top
#2282336 - 03/16/23 09:13 PM Re: NEW California Privacy Law Reg Warrior
Reg Warrior Offline
100 Club
Joined: Jan 2017
Posts: 214
As long as you are following the regs., you'll be in compliance. The regs. have the following guidance for when to provide a NAC offline: it may include the notice on printed forms that collect personal information, provide the consumer with a paper version of the notice, or post prominent signage directing consumers to where the notice can be found online.

Return to Top
#2282339 - 03/16/23 11:52 PM Re: NEW California Privacy Law Reg Warrior
TryingtoComply Offline
Diamond Poster
Joined: Apr 2013
Posts: 2,199
The West
Thanks Reg Warrior. We are leaning towards incorporating into the PFS form that we use. This way we know it has been provided.
_________________________
TryingToComply
CRCM

Return to Top
Page 2 of 3 1 2 3