- 1798.100 – Consumers right to receive information on privacy practices and access information
- 1798.105 – Consumers right to deletion
- 1798.110 – Information required to be provided as part of an access request
- 1798.115 – Consumers right to receive information about onward disclosures
- 1798.120 – Consumer right to prohibit the sale of their information
- 1798.125 – Price discrimination based upon the exercise of the opt-out right
Consumer Rights and Information
Exercise of Consumer Rights/Opt-Outs
Definitions
Other statutes and enforcement
Statutory Construction and Regulation
Miscellaneous Provisions
CPRA Only
Full Text
State Privacy Law Tracker
CCPA Security FAQs: Does the CCPA open insurance companies to increased litigation?
Yes.
The CCPA provides a partial exemption for information collected by financial institutions that are subject to the Gramm Leach Bliley Act (e.g., information about individuals who have obtained personal financial products from the institution). Insurance companies are generally considered “financial institutions” subject to the Gramm Leach Bliley Act, as well as any regulations imposed by state insurance commissioners pursuant to the Act. While the CCPA’s financial institution exemption provides some protection to insurers, that exemption does not apply to Section 1798.150 of the CCPA, which confers a private right of action on consumers to seek statutory damages against a business following a data security breach.1 It is worth noting that the relatively narrow scope of the financial institution exemption within the CCPA contrasts with broader exemptions provided to financial institutions by other states. For example, the following compares the financial institution exemption provided in the CCPA with the broader exemption provided in Nevada’s online privacy statute:
| CCPA | Nevada Online Privacy Notice Statute |
| Statute does not apply to “personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations . . . . This subdivision shall not apply to Section 1798.150 [the data breach right of action of the CCPA].2 | Statute does not apply to “A financial institution or an affiliate of a financial institution that is subject to the provisions of the Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801 et seq., and the regulations adopted pursuant thereto.3 |
CCPA Security FAQs: Does the CCPA open financial institutions to increased litigation?
Yes.
While the CCPA provides a partial exemption for information collected by financial institutions that is subject to the Gramm Leach Bliley Act (e.g., information about individuals who have obtained personal financial products from the institution), that exemption does not apply to Section 1798.150 of the CCPA which confers a private right of action on consumers to seek statutory damages against a business following a data security breach.1 It is worth noting that the relatively narrow scope of the financial institution exemption within the CCPA contrasts with broader exemptions provided to financial institutions by other states. For example, the following compares the financial institution exemption provided in the CCPA with the broader exemption provided in Nevada’s online privacy statute:
| CCPA | Nevada Online Privacy Notice Statute |
| Statute does not apply to “personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations . . . . This subdivision shall not apply to Section 1798.150 [of the CCPA].2 | Statute does not apply to “A financial institution or an affiliate of a financial institution that is subject to the provisions of the Gramm-Leach-Bliley Act, 15 U.S.C. §§ 6801 et seq., and the regulations adopted pursuant thereto.3 |