Compliance with the CCPA will be challenging because it represents major changes in how financial institutions conduct their business.
DATA DISPERSION
Consumer personal data is often scattered across multiple internal platforms and shared with many third parties. Firms may not have a full picture of where this information is stored and how it is controlled.
MARKETING USAGE
Firms use consumer personal data to identify and qualify prospects, cross-sell and up-sell to existing customers, and create targeted outreach messages. Many of these processes will have to be reviewed to ensure their compliance with the CCPA.
COMPLIANCE RISK
Financial institutions are liable for penalties up to $750 per consumer, per incident of noncompliance. This can add up to a massive fine for institutions with hundreds of thousands of consumer
records. In addition, institutions are subject to lawsuits by consumers.
THIRD-PARTY RISK
Firms will be liable if their third parties do not comply or are subject to data breaches. A comprehensive customer personal data program will therefore have to cover both the firm’s internal processes and third-party relationships.
GREY AREAS
Some sections of the CCPA may be modified prior to implementation. For example, there are ambiguities in certain areas such as what constitutes personal information, and the legitimate uses of that information.
We recently published a guide examining the California Consumer Privacy Act of 2018, and the steps any financial institution must take in its response to the new law to evaluate its exposure and current state of readiness. You can download the guide below.
