August 18, 2022

Submitted via email: [email protected]

California Privacy Protection Agency
Attn: Brian Soublet
2101 Arena Blvd.
Sacramento, CA 95834

Re: CPPA Public Comment for CPRA Regulations

Dear Mr. Soublet,

The Securities Industry and Financial Markets Association (“SIFMA”)1 appreciates the opportunity to respond to the California Privacy Protection Agency (“CPPA”) Notice of Proposed Rulemaking dated July 8, 2022 (the “Proposed Regulations”) that will implement regulations required under the Consumer Privacy Rights Act of 2020 (“CPRA”).2 SIFMA appreciates the work that the CPPA has done to bring public attention to consumer privacy issues and work with companies to achieve a higher level of consumer protection.

SIFMA is the leading trade association for broker-dealers, investment banks and asset managers operating in the U.S. and global capital markets, including a significant presence in California. SIFMA has 24 broker-dealer and asset manager members headquartered in California. Further, there are approximately 384 broker-dealer main offices, nearly 40,000 financial advisers, and 93,522 securities industry jobs in California.3

SIFMA urges the CPPA to carefully consider the costs associated with potentially overly prescriptive regulations both for businesses and ultimately for customers. We highlight below several proposed requirements which may do little to protect investors but would be costly to comply with. Companies that must comply with the CPRA are already engaged in updating their policies, processes, procedures, contracts, and websites to meet the by January 1, 2023 deadline. Any new obligations in the Proposed Regulations that markedly change or expand upon the CPRA requirements will create significant unnecessary expenditures of resources for all such companies, while not necessarily aligning with the expectations of the California citizens who voted for the law. The CPPA should avoid creating regulatory mandates that far exceed the requirements of the CPRA, which is itself an expansion of the existing privacy law in California.

1 The Securities Industry and Financial Markets Association (SIFMA) is the leading trade association for broker-dealers, investment banks and asset managers operating in the U.S. and global capital markets. On behalf of our industry’s one million employees, we advocate on legislation, regulation and business policy affecting retail and institutional investors, equity and fixed income markets and related products and services. We serve as an industry coordinating body to promote fair and orderly markets, informed regulatory compliance, and efficient market operations and resiliency. We also provide a forum for industry policy and professional development. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit http://www.sifma.org.

2 https://cppa.ca.gov/regulations/pdf/20220708_npr.pdf

3 https://states.sifma.org/#state/ca