In 2018, California passed The California Consumer Privacy Act of 2018 (CCPA or Act) – a law that is likely the most expansive piece of privacy legislation in the U.S. to date and that becomes largely effective on January 1, 2020. SEC-registered investment advisers have not received a blanket exemption under the Act by virtue of the fact that they are already subject to the Gramm-Leach-Bliley Act (GLBA) and its implementing regulation – Regulation S‑P. In a recent interview with the Hedge Fund Law Report, Ropes & Gray partner Melissa Bender and counsel Catherine Skulan discussed how the CCPA will affect the businesses of private fund managers. This second article in our two-part series reviews two recent amendments to the CCPA that would help address areas where the GLBA exemption falls short and next steps for managers that believe they are subject to the CCPA, including an explanation of how fund managers can complete a data-mapping exercise and other insights. The first article
explored how fund managers can determine whether they are subject to the CCPA, including a detailed discussion of how the carve-out for entities subject to the GLBA will provide some, but likely not complete, relief from compliance with the CCPA. For more on privacy considerations, see our three-part series: “How Can Hedge Fund Managers Reconcile Effective Monitoring of Electronic Communications With Employees’ Privacy Rights?
” (Apr. 4, 2014); “Three Best Practices for Reconciling the Often Conflicting Sources of Privacy Rights of Hedge Fund Manager Employees
” (Apr. 11, 2014); and “Six Privacy-Related Topics to Be Covered by a Hedge Fund Manager’s Compliance Policies and Procedures
” (May 23, 2014).