The recently enacted California Consumer Privacy Act of 2018 (the "California Privacy Act" or the "Act"), will require companies that do business in California to provide notice regarding the collection and use of personal information, delete personal information upon request, allow individuals to opt out of the sale of their personal information, and adopt reasonable security procedures and practices to protect personal information. The Act will protect a far broader category of "personal information" than is covered by most other state and federal statutes, will provide enhanced penalties for noncompliance, and will provide a private right of action. The Act will become effective in January 2020 unless it is amended beforehand.
The Act addresses many of the same privacy and security concerns as the European Union's General Data Protection Regulation (GDPR) but is distinct in several key respects. Asset managers doing business in California will likely be subject to the Act and should evaluate their privacy practices accordingly.