Information which is collected, processed, disclosed, or sold under the California Financial Information Privacy Act and the GLBA, is CCPA exempt. However, personal information relating to residents of California that are outside the scope of these laws will still be subject to the CCPA. This includes applicant and employee information, business contacts, commercial client information, marketing lists, and website visitors.
It’s hardly surprising that the CCPA is being compared to the European Union’s General Data Protection Regulation (GDPR). And it’s fair to say that the writers of the draft CCPA have probably drawn a degree of inspiration from the GDPR. However, the CCPA is by no means a carbon copy of the GDPR. Moreover, the GDPR will not automatically meet the requirements of the CCPA.
As organizations across the state – and the country, start to apply efforts to comply with CCPA, a greater awareness of the differences between these two sets of laws will be the key to formulating effective compliance programs that utilize the work done on GDPR, but also address the unique nuances and requirements of the CCPA.