November 15, 2019

Compliance Blog tackles CCPA requirements for CUs

compliance blogNAFCU Senior Regulatory Compliance Counsel Elizabeth LaBerge details the requirements and proposed regulations of the California Consumer Privacy Act (CCPA) in a new post on the Compliance Blog. The CCPA, which was enacted in 2018, is set to take effect Jan. 1, 2020.

"After the CCPA was passed, at least twenty amendments to address ambiguities, technical problems, drafting errors and substantive changes were considered before the California Legislature went into recess for the last time in 2019," notes LaBerge. "Eight of these amendments were passed."

NAFCU, in a joint letter with the United States Chamber of Commerce and other organizations representing every sector of the American economy, earlier this year urged the California governor, attorney general and members of the California state senate and assembly to delay the effective date of the CCPA by two years.

In the blog, LaBerge highlights the requirements that credit unions would likely be subject to under the CCPA, if they meet the threshold requirements. LaBerge also discusses the proposed regulations, which remain open for comment, highlighting that they do not include specific implementing rules for every piece of the CCPA. NAFCU will submit written comments on the proposed regulations ahead of the Dec. 6 deadline.

A number of congressional hearings have reviewed efforts to establish consumer data privacy standards as lawmakers consider national data security and privacy laws, and NAFCU has previously urged Congress to create uniform standards to prevent confusion stemming from a patchwork of different state laws.

Credit unions doing business in California may want to start preparing now to be in compliance by the effective date, as no further legislative clarification on the act is expected this year.

The association has multiple resources available to help credit unions prepare, including a webinar on CCPA and the future of privacy laws available on-demand. NAFCU members can also access a previous edition of the  NAFCU Compliance Monitor on the substantive requirements of the GDPR and how they differ from existing U.S. mandates.