The nation’s first comprehensive privacy law, the California Consumer Privacy Act (CCPA), went into effect this month. FMG Suite has made the necessary changes to ensure that advisors using the FMG Suite platform are prepared and compliant!

If you haven’t been paying attention, here’s a quick explainer: Signed into law in June 2018, the CCPA is a bill that intends to enhance privacy rights and increase consumer protections for California residents. It was amended late in 2018 and again in late 2019, and went into effect as of 1-1-2020. The law impacts FMG Suite itself as well as most financial services firms.  Under the law, FMG Suite is a Service Provider and is required to direct certain privacy-related inquiries to your firm. If your firm is impacted by the law, and you take any requests from California residents, you’ll have certain responsibilities under the CCPA as well.

The FAQs below provide a lot more detail, but for advisors with an FMG Suite-powered website, here’s what you need to know.  We recommend you consult with your broker dealer (BD) or registered investment advisor (RIA) for additional guidance. 

As required by the law, you’ll see a new text link appear in the disclosure area of your website footer, just above the FMG Suite copyright. It reads “We take protecting your data and privacy very seriously. As of January 1, 2020 the California Consumer Privacy Act (CCPA) suggests the following link as an extra measure to safeguard your data: Do Not Sell My Personal Information.

 

When this link is clicked, your website visitors will be directed to a new page containing a Personal Information Form, where they can choose one of three actions: 

  • Prohibit Sale of My Personal Information
    It’s bad form to sell your customer’s personal info, and there’s little reason to do this unless you’re selling your entire book of business. In that case, you’ll probably use official channels which should ensure the ongoing protection of your customer’s data. 

 

  • Provide a Copy of My Personal Information
    If you get this request, contact yourBD or RIA and follow their normal protocols.

 

  • Delete My Personal Information
    Again, if you get this request, you will want to contact your BD or RIA and follow their established protocols. 

The Personal Information Form is available to all your website visitors. It is designed to meet ADA requirements for visibility and ease of use. It is not intrusive and won’t impact your other lead generation forms. If a visitor completes the new Personal Information Form, you’ll receive an email in your inbox with details of their request. The steps you’re required to take after you receive the email are probably similar to the processes you and your BD or RIA already follow when dealing with clients and their personal information. We recommend you contact your BD or RIA for additional guidance.

In summary, look for a new link in your FMG Suite-powered website footer by the end of 2019 link to the Personal Information Form. If for some reason you don’t see it, contact us. Otherwise, read on for more, and cheers to California for leading the nation in protecting consumer data and privacy!

CCPA Frequently Asked Questions

What is the CCPA (California Consumer Privacy Act)?

In response to events like the Cambridge Analytica scandal, the California State Legislature passed the California Consumer Privacy Act in 2018 and it went into effect on January 1, 2020. The Act is intended to provide clarity regarding the business models of firms that collect and use information about persons and households on the internet. 

It introduces a comprehensive list of rights for California consumers and offers some new twists on privacy. The Act differs from existing privacy regulations, such as the European Union’s GDPR, in that it covers information about households and the devices they use in addition to individual consumers. That makes it more comprehensive than any other privacy law. 

What rights does the CCPA grant consumers?

The Act grants six basic rights. These are fundamentally similar to those in other current or proposed state privacy laws. The new rights allow consumers to:

  1.  Know what personal data is being collected about them.
  2.  Know whether their personal data is sold and to whom.
  3.  Prohibit the sale of their personal data.
  4.  Receive access to their own personal data.
  5.  Request deletion of the data collected from them.
  6.  Be protected from discrimination by covered business when consumers exercise their rights under the CCPA.

Does the CCPA only apply to information gathered through our website?

Nope. It applies to all personal information gathered in any manner. There are certain exemptions for data subject to the Gramm Leach Bliley Act, but it doesn’t preclude all responsibilities under the CCPA and your firm almost certainly collects data outside of GLBA coverage. The data in your FMG Suite account is only a small part of the information you may need to provide upon a verified request. Most firms are using their established process for verifying “Know Your Customer (KYC)” information to handle requests to provide personal information.

Do we really have to delete customer information?

No, financial regulation generally prohibits firms from deleting all of the information they’ve gathered about clients and prospects. The CCPA recognizes this and provides exemptions to some, but not all, customer deletion requests. Depending on your Compliance department’s choices, this could mean placing the customer on a Do Not Contact list or other restrictions.

How will we receive requests from the Personal Information Form?

Requests will arrive in two forms.  First, you will receive an email with the details of the request. It looks very similar to the emails you receive from the “Ask A Question” form.  Second, you will see an item titled “Personal Information Request” in your FMG Suite Dashboard. Unlike the existing forms, submissions to the Personal Information Form will not create a new contact.  

Will this new link trigger Compliance review for my site?

No, like the changes made for features like the BrokerCheck link and updates to our copyright disclosure, the addition of the CCPA link did not trigger review of the disclosure block.  The change has, however, been archived to accurately reflect the appearance of the site and prove compliance with the CCPA as of 1-1-2020.

I don’t do business in California. Why am I affected?

First, most BDs and RIAs are affected by the law even if their branches aren’t located in California. The CCPA applies to all California residents so even if BDs and RIAs don’t have physical branches in California but they serve California residents, they will need to comply with the law.  The nature of the financial services business means that the responsibility for compliance is often spread across multiple business entities and this was the best way to ensure that everyone was covered. Second, there are similar laws going into effect in other states. Nevada Senate Bill 220, for example went into effect on October 1, 2019.  The Nevada Law is a less comprehensive privacy bill but still requires businesses with a web presence and customers in Nevada to give consumers the choice to opt-out of having their data sold to third parties. Third, most of our clients were already extending this level of care to the information they safeguard and this is another step to ensure to help them with the process. Fourth, FMG Suite itself is subject to the CCPA and we’re required to make certain you receive requests from California residents.

My firm wants the “Do Not Sell…” link in the main navigation. How do I do this?

The new “Personal Information Form” is a distinct page you can add to any link or navigation element. Contact us if you’d like help adding a new menu option.

Alternately, my firm wants to remove the link. How do I do this?

We’ve designed the link to be easily removed via CSS. You can contact our Customer Service team to have this done. However, we are still required to forward any requests we receive from visitors to your site so it is possible that you may still get CCPA inquiries.

Is this it? Are we done making privacy or data changes?

Probably not. While California led the nation, new laws are being considered in several states and at the federal level. California also has some leeway to change how they interpret the CCPA as it is rolled out. Our team is monitoring the requirements so we can make any future changes and communicate them to you in a timely manner. We’ve got you covered!

I’m a member of the Compliance team. Where can I get more information?

Start with our more comprehensive knowledge base article. It includes more detail about the CCPA and an explanation of the types of data collected via FMG Suite websites and by financial services firms in general, along with suggestions on how to amend your privacy policy.

We want to note this blog post is provided solely for informational purposes. It is not legal advice, and should not be relied on as legal advice. As each of our customer’s requirements will differ, FMG Suite strongly encourages its customers to obtain appropriate advice on their implementation of privacy and data protection requirements, and on applicable laws and other requirements relevant to their business.