Reasonable Security Steps to Avoid CCPA Exemption Pitfalls Webinar with Morgan Lewis

November 5, 2019 | (Conference)
Webinar , Countries

Financial services entities regulated under the Gramm-Leach-Bliley Act (GLBA) and healthcare entities regulated under the Health Insurance Portability and Accountability Act (HIPAA) may be exempt from the provisions and requirements of the California Consumer Privacy Act (CCPA ). However, for most organizations the coverage provided by the CCPA exemptions is not complete, and concrete steps will be required to ensure compliance.
Leading privacy and security experts from Kroll’s Cyber Risk practice will join Reece Hirsch, a partner at Morgan Lewis, to examine potential exemption pitfalls of the CCPA, the extent of GLBA and HIPAA coverage for regulated entities and share examples of steps organizations have taken to demonstrate reasonable security.

Watch the On-demand Webinar Now.

This webinar will cover:

  • Key differences in how the CCPA defines “personal information” vs. the GLBA and HIPAA
  • The impact of the CCPA’s employee exception
  • How the HIPAA Security Rule aligns with the CCPA mandates, and how it doesn’t
  • Real-life examples of “reasonable” security measures
  • How to strengthen your security incident response plan and security measures to defend against CCPA class action lawsuits

Schedule: 1:30 p.m. – 2:45 p.m. (EST)

Moderator: Jonathan Fairtlough, Managing Director, Cyber Risk, Kroll


  • W. Reece Hirsch, Partner, Morgan Lewis
  • Yvette Gabrielian, Senior Director, Cyber Risk, Kroll
  • Keith Novak, Associate Managing Director, Cyber Risk, Kroll
  • Cole Manaster, Director, Cyber Risk, Kroll

Watch the On-demand Webinar Now.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Data Protection Officer (DPO) Consultancy Services

Kroll's data privacy team provide DPO consultancy services to help you become and stay compliant with regulatory mandates.

Cyber Risk Assessments

Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.