As the world is now well-aware, the California Consumer Privacy Act of 2018 (CCPA) takes effect on January 1, 2020 with enforcement beginning July 1, 2020. The CCPA is not, however, the first consumer privacy act to make it through the state legislature, even if it seems to be garnering a significant share of the limelight. California privacy laws implicate a number of economic sectors including financial institutions, insurance companies, and medical providers. This chart compares the CCPA to financial- and insurance-related privacy laws.
Three of the financial and insurance California privacy laws that impact a large number of businesses who conduct business in California are: (1) the Insurance Information and Privacy Protection Act (IIPPA), (2) the California Financial Information Privacy Act (CFIPA), and (3) the Consumer Credit Reporting Agencies Act (CCRAA). Whether the privacy of a California resident’s personal information is governed by one or more of the CCPA, IIPPA, CFIPA, or CCRAA depends largely on the business who possesses the resident’s personal information. The CCPA, IIPPA, CFIPA, and CCRAA differ in various ways and require that businesses remain cognizant of what privacy act(s) to which they must adhere. Here, we provide a side-by-side summary comparison of the CCPA, IIPPA, CFIPA, and CCRAA.
Please note that while all of these laws deal with privacy, they are in fact different in application and in scope, and compliance with one of them does not necessarily mean that there is complete compliance with any of the others. As a practical matter, different industries are going to be subject to different acts; the CCPA, however, puts on an overlay that (so far) applies to a large number of businesses.