Return to Glossary

The California Privacy Act is a state level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. The California Privacy Act provides narrower definitions of some language found in the Gramm-Leach-Bliley Act. For example, financial institutions that are regulated under the act only include institutions that are “significantly engaged in financial activities. The act also provides an opt-in rule instead of opt-out which allows consumers more control over the situations in which financial institutions can handle information without consent. Financial information is also required to stay within one financial entity, which means other institutions are not allowed access based on affiliation.

Punishment is also outlined in the act to deal with any institution that fails to comply. Violations of the act may result in a maximum penalty of $500,000. However, the fine can double in situations concerning identity theft.

Despite providing more stringent rules, the act also includes exceptions. Those who entered into contracts before the act was passed may still have their information shared if they do not manually opt out. Institutions that share the same regulator are allowed to exchange consumer information without notifying the customer. Customers also do not need to be notified that their information has been given out if the information is used for any legal proceedings.

Source: https://en.wikipedia.org/wiki/Financial_privacy_laws_in_the_United_States#California_Privacy_Act