Interested in training for your team? Click here to learn more

Financial Service Providers and the CCPA: Analyzing the GLBA Exemption, Avoiding Damages for Noncompliance

Recording of a 90-minute premium CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Thursday, October 3, 2019

Recorded event now available

or call 1-800-926-7926

This CLE course will analyze the issues presented by the California Consumer Privacy Act (CCPA) for banks and other financial services providers. The panel will discuss the complexities of the Gramm-Leach-Bliley Act (GLBA) exemption, the types of financial services transactions and data which remain subject to CCPA rules, and potential liability for noncompliance.


California enacted the nation's most extensive consumer privacy law in 2018. The CCPA provides notice, access, erasure and opting out rights for California residents, as well as a private right of action in the event of a data breach. It places a significant burden on the financial services industry (both banking, nonbank lenders and fintech), where companies collect, aggregate, analyze, and move the consumer data at the heart of the law.

The CCPA exempts certain information subject to the GLBA regulations, but GLBA entities are subject to CCPA provisions and requirements if they collect, use, and disclose information that is not subject to the GLBA. So, GLBA-regulated entities using targeted online advertising, tracking web page visitors, and/or collecting geolocation data--to name a few examples--and their counsel must grasp the CCPA requirements.

CCPA regulations provide a private right of action for consumers to seek statutory damages of not less than $100 and not greater than $750 per incident if the consumer's information "is subject to unauthorized access, exfiltration, theft, or disclosure as a result of the business's violation of the duty to implement and maintain reasonable security procedures and practices." GLBA-regulated entities are subject to millions of dollars of potential damages if they experience a data breach.

Listen as our authoritative panel discusses the CCPA and the extent to which financial services providers may be subject to CCPA notwithstanding the exemptions provided under the law for GLBA-regulated entities.



  1. Overview of CCPA
  2. Transaction thresholds extending the reach of CCPA to out-of-state financial services providers
  3. GLBA--types of financial services entities covered
  4. CCPA exemption for data already regulated under GLBA
  5. Data still covered under CCPA
  6. Potential damages and penalties for noncompliance
  7. Best practices for compliance


The panel will review these and other key issues:

  • What are the criteria which subject out-of-state businesses to CCPA, and why might banks and Fintech companies be likely to meet those criteria?
  • What is the CCPA exemption for data covered by GLBA?
  • What types of activities could fall outside the purview of GLBA?
  • What are the potential damages for noncompliance with CCPA, and what kinds of protocols should financial services businesses put in place to avoid them?


Kawski, Marci
Marci V. Kawski

Husch Blackwell

Ms. Kawski represents installment lenders, motor vehicle finance companies, short-term lenders, online lenders, credit...  |  Read More

Moon, Tobias
Tobias Moon

Husch Blackwell

Mr. Moon advises clients with regard to compliance with state lending and servicing statutes and regulations. He has...  |  Read More

Stauss, David
David M. Stauss

Husch Blackwell

Mr. Stauss focuses on complex business and commercial litigation in state and federal courts involving data privacy and...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video