The California Consumer Privacy Act of 2018 (CCPA or Act) is set to become largely effective on January 1, 2020. At first blush, hedge fund managers – particularly those without offices in the state of California – may be tempted to assume that a privacy statute designed to protect “California consumers” does not apply to them. Upon closer inspection of the Act, however, many private fund managers are coming to appreciate the broad reaches of the CCPA and recognizing that the Act may in fact apply to their advisory businesses, requiring them to comply with various affirmative notice obligations and subjecting them to potential private litigation for failing to implement and maintain reasonable security practices and procedures. In a recent interview with the Hedge Fund Law Report, Ropes & Gray partner Melissa Bender and counsel Catherine Skulan
discussed how the CCPA will affect the businesses of private fund managers. This first article in our two-part series presents their insights on how fund managers can determine whether they are subject to the CCPA, including a detailed discussion of how the carve-out for entities subject to the Gramm-Leach-Bliley Act will provide some, but likely not complete, relief from compliance with the CCPA. The second article
will provide their thoughts on how fund managers can complete data-mapping exercises and outline next steps for managers that believe they are subject to the CCPA. For more on data privacy regimes, see “How Fund Managers Should Prepare for the Cayman Islands Data Protection Law
” (Sep. 12, 2019); and “How Fund Managers Can Navigate the E.U. General Data Protection Regulation and the Cayman Islands Data Protection Law
” (Aug. 9, 2018).