Annual Letter: 2020
This is our annual letter briefly reviewing various issues that our investment adviser clients should consider over the next few weeks. We will be pleased to respond to questions, assist you in preparing needed forms and otherwise assist you in satisfying any of the requirements discussed in this letter. Please contact John Broadhurst, Carolyn Reiser, Jahan Raissi, Neil Koren, Jim Frolik, Christina Hamilton, David Suozzi, Anthony Caldwell or Joan Grant.
Legal and and Regulatory Changes
1. California Consumer Privacy Act (the “CCPA”). California residents now have new rights with respect to the information certain businesses hold and collect about them. The CCPA became effective on January 1, 2020, and applies to any for-profit firm that collects personal information about California residents and has annual revenue of over $25 million.
The CCPA does not apply to information protected by the Gramm-Leach-Bliley Act (“GLB”) and its implementing regulations, including the SEC’s Regulation S-P (which applies to SEC-registered investment advisers) and the Consumer Financial Protection Bureau’s (the “CFPB”) Regulation P (which applies to private funds, exempt reporting advisers and state registered advisers). Regulation S-P and Regulation P generally cover the same information and are discussed on pages 11 and 12. It is likely that most, if not all, of the personal information an adviser collects is already subject to GLB and therefore not subject to the CCPA.
Any personal information not protected by GLB could be subject to the CCPA. In particular, marketing information about prospective clients and investors who are California residents that an adviser collects through means other than a subscription agreement or other application to become a client or investor is not covered by GLB and may be subject to the CCPA. An adviser may obtain such information through website portals, contact forms, cookies or emails or in meetings or conversations. An adviser that does not collect any information about prospective California clients or investors does not currently need to change its privacy practices.
If an adviser is required to comply with the CCPA, it must update its website and other privacy notices to cover the required information, inform consumers of their rights under the CCPA and instruct them on how to exercise those rights. It should also prepare to respond to consumer requests that the adviser identify specific personal information it has about those consumers, that the adviser delete such information and permit consumers to opt out of certain sharing of that information.
In 2021, two additional categories of information not currently covered by the CCPA will become subject to it: (a) information about California residents representing a business entity, and (b) employment information collected about California employees. This data is not protected by GLB and, accordingly, will not be exempt from the CCPA. Firms that are subject to the CCPA should begin preparing now to comply the CCPA’s requirements with respect to these categories next year.
2. Cayman Islands Data Protection Law (“DPL”). The DPL became effective in 2019 and applies to all advisers that provide investment advice to Cayman Islands funds. Advisers that do not manage a Cayman Islands fund are not subject to it. Please see our Investment Fund & Advisers Insights post about the DPL at https://www.sflaw.com/blogpost/ the-cayman-islands-data-protection-law-2017/.