Potential Pitfalls of the CCPA Exemptions: Ensuring Reasonable Security Measures

Tuesday, November 5, 2019
01:30 PM - 02:45 PM Eastern Standard Time
12:30 PM - 01:45 PM Central Standard Time
10:30 AM - 11:45 AM Pacific Standard Time

Join Morgan Lewis and Kroll for the webinar, “Potential Pitfalls of the CCPA Exemptions: Ensuring Reasonable Security Measures.” Financial services entities regulated under the Gramm-Leach-Bliley Act (GLBA) and healthcare entities regulated under the Health Insurance Portability and Accountability Act (HIPAA) may be exempt from the provisions and requirements of the CCPA, but for most organizations the coverage provided by the CCPA exemptions is not complete, and concrete steps will be required to ensure compliance.

This webinar brings a diverse panel of leading security and legal professionals to examine potential exemption pitfalls, the extent of GLBA and HIPAA coverage compared to the CCPA and share real-life examples of steps organizations have taken to demonstrate reasonable security.

This webinar will cover:

Key differences in how the CCPA defines “personal information” vs the GLBA and HIPAA
The impact of the CCPA’s employee exception
How the HIPAA Security Rule aligns with the CCPA mandates – and how it doesn’t
Real-life examples of “reasonable” security measures
How to strengthen your security incident response plan and security measures to defend against CCPA class action lawsuits 


  • Jonathan Fairtlough, Managing Director, Cyber Risk, Kroll


  • W. Reece Hirsch, Partner, Morgan Lewis
  • Yvette Gabrielian, Senior Director, Cyber Risk, Kroll
  • Keith Novak, Associate Managing Director, Cyber Risk, Kroll
  • Cole Manaster, Senior Associate, Cyber Risk, Kroll