Did The GDPR Just Land On The West Coast?

July 3, 2018 at 8:30 am Leave a comment

That is the question I was thinking about this morning after reading California Bill AB-375 which imposes European like restrictions on companies doing business in California that buy and sell large amounts of personal information.

As readers of this blog may recall, I have been unapologetically equivocated when it comes to expressing my opinion as to how much credit unions should really be concerned about the General Data Protection Regulation (GDPR). After all, there are several jurisdictional hurdles that European regulators would have to overcome before imposing penalties on a credit union which has no branches on the continent, does not actively seek out European citizens for membership and only incidentally has some members who qualify for the GDPR protection. That being said, a commitment to giving consumers control over their personal data is the direction in which things are headed.

The California law passed a few days ago shows that things are moving even quicker than anticipated. Most importantly, it gives consumers the right to request that a business that collects personal information disclose to the consumer “the categories and specific pieces of personal information” that the business has collected. This requirement only applies to a consumer who has worked with the business more than once and requests such information.

Similar to the GDPR, the statute also gives consumers the right to be forgotten. Specifically, it empowers them to request that a business “delete any personal information” about the consumer which the business has collected. Finally, a consumer has the right to know if its information has been sold to third-parties. The consumer shall have the right to opt out of allowing its information to be sold by third-parties.

California likes to do things first and this statute certainly fits the bill. Now I want to stress that this bill does not apply to your credit union, unless of course it is based in California. That being said, you should be generally aware of what it mandates because California does tend to establish trends that other states like to follow and on a practical level, so many vendor contracts are interpreted pursuant to California law, you are likely to see increased data protection obligations imposed under some of your agreements.

Have a great July 4th! It appears that many of you are taking the week off so yours truly will be returning with a new blog on Monday. See you then.

Entry filed under: General, Regulatory. Tags: , , .

Don’t Forget You Are Now Making Additional Warranties As Part Of Your Check Collection Process NYS Takes Strong Stand In Favor Of Marijuana Banking

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 756 other followers


%d bloggers like this: