Pub. 8 2018-2019 Issue 4

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S January • February 2019 17 private, personal information like that of the recent Facebook breach. As mentioned above, the CCPA is a fairly expansive piece of California state law that grants more extensive priva - cy to rights than that of current federal law. In summary and among other rights, it provides the consumer the right: to know what information the business had actually collected and how it is being used; opt out of allowing businesses to sell personal information to third parties; and have a business delete personal information (subject to exceptions). To start, the definition of “personal information” is very, very broad under the CCPA. The term “personal information” is defined under the state statute as: “information that identi - fies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The GLBA, on the other hand, defines “nonpublic personal information” as: “personally identifiable information that is (i) provided by the consumer to the financial institution; (ii) resulting from any transaction with the consumer or any service performed for the consumer; or (iii) otherwise obtained by the financial institution.” Notably, the GLBA does not include the “reasonably linked” information. Banks, understandably, were concerned about the impact of this statute and how it would affect them, as they are already subject to extensive federal, privacy provisions. Late in September, the Act was amended, via SB 1121 and lessened the blow to much of the financial community. SB 1121 provides an exemption for activities within the the correla - tive federal statute, the Gramm-Leach-Bliley Act (“GLBA”). However, it still has substantial implications because, even for GLBA-related entities, activities that fall outside the scope of the GLBA are still regulated by the CCPA. As in: activities like online advertising, tracking visitors on the bank website, and collecting data in respect to location are covered under the CCPA and not exempted by the carve out language provided by SB 1121. What does this mean for other states? As most people know, California, a blue state, is one of the leaders in advancing reg- ulations. So, most people would not be surprised to see other similar-leaning states like New York follow suit. However, even if a state does not share California’s political leanings, many regard this specific legislation as a blueprint for expanded pri - vacy protections for consumers because of the nature of public data breaches. And what about federal regulators? Is legislation like this seen to potentially impact federal regulations? At the moment, there is not much implication one way or another. Though, again, in the current political climate and because of the slower pace federal laws and regulations change, many have a hard time seeing this affect federal law any time soon. It is not out of the question, though, as we look to the future. Finally – what does this mean for Texas? Although Califor - nia is very different in respect to political leanings as compared to the much more conservative state of Texas, many are of the opinion that Texas could, indeed, implement something of this nature, as current events sway public opinion in the direction of having more (rather than less) protections on consumer privacy. So, again, we encourage you to keep a close eye during this upcoming session. If you have any questions, Compliance Alliance is here to help! You can reach us at hotline@compliancealliance.com or (888) 353-3933. n Sarah serves as Associate General Counsel for Compliance Alli- ance. She is an Honors Program graduate who graduated summa cum laude from Lamar University in Beaumont, Texas where she received her bachelor’s degree. While at Baylor Law School, Sarah heavily studied the financial aspects of the law—focusing her attention on secured transactions and the Uniform Commercial Code. Before coming to Compliance Alliance, she worked at Frost Bank within their Credit Administration Department. As an attorney with Compliance Alliance, Sarah is eager to help members with their compliance and regulatory questions. To start, the definition of “personal information” is very, very broad under the CCPA. The term “personal information” is defined under the state stat - ute as: “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The GLBA, on the other hand, defines “nonpublic personal information” as: “personally identifiable information that is (i) provided by the consumer to the financial institution; (ii) result- ing from any transaction with the consumer or any service performed for the consumer; or (iii) otherwise obtained by the financial institution.”