Privacy Laws for Funds and Service Providers ‒ The “California Initiative”
In response to the realization that technology firms and other progressive companies capture and utilize vast amounts of personal data, California enacted very comprehensive privacy laws for its residents. The law is entitled the California Consumer Privacy Act of 2018 (the Act) and is effective January 1, 2020. This law is similar to the General Data Protection Regulation (GDPR) enacted in Europe and the UK.
This Act gives California residents affirmative privacy rights and enables legal action by its citizens, rather than following current privacy rules which promulgate privacy standards of conduct. This Act will enable individuals to sue Funds in the event that their personal investment, social security number or other private information is divulged in a harmful way. Whether this same level of harm is actionable by institutions is not yet promulgated. However, it must be assumed that institutions might enjoin with individuals or seek damages for security breaches, cyber hacking or damaging divulgence of private information.
Bottom line: Safeguarding privacy is a very important policy and procedural matter for Funds and, perhaps, should be insured against. Further, care must be adhered to by Funds via cyber and IT controls over investor information and by way of its service providers who have access to private information and perform tasks on behalf Funds and Fund Managers. These service providers include Fund auditors, accountants, administrators and lawyers. Privacy controls at such firms must be reviewed by the Fund Manager/CCO at least annually. Comprehensive Fund and Fund Manager privacy policies and procedural controls, including IT controls, must be optimal.