Which of the following state laws has an entity exemption for organizations subject to the Gramm-Leach-Bliley Act (GLBA)?
Which of the following state laws has an entity exemption for organizations subject to the Gramm-Leach-Bliley Act (GLBA)?
The Nevada Privacy Law provides an entity exemption for organizations subject to the Gramm-Leach-Bliley Act (GLBA). Specifically, under Nevada Revised Statutes (NRS) 603A.340, organizations that comply with the GLBA are not required to comply with certain provisions of the Nevada Privacy Law related to data security and privacy.
"Nonetheless, the VCDPA will not apply to financial institutions. Specifically, the VCDPA provides that it “shall not apply to any . . . financial institutions or data subject to Title V of the federal” GLBA. In this regard, the VCDPA’s GLBA exception is far broader than the CCPA’s GLBA exception, which is limited only to information subject to the GLBA. That is, unlike the CCPA, the VCDPA provides not only a GLBA “information” exception, but also a GLBA “entity” exception." https://www.mofo.com/resources/insights/210302-financial-institutions-exempt-virginia-privacy-law
A is the correct answer. The Nevada Privacy Law, specifically Nevada Revised Statutes (NRS) 603A.340, provides an exemption for entities subject to the Gramm-Leach-Bliley Act (GLBA). This exemption means that organizations that comply with GLBA are not required to comply with certain provisions of the Nevada Privacy Law related to data security and privacy. D is incorrect because the Virginia Consumer Data Protection Act (VCDPA) does not explicitly include an entity exemption for organizations subject to the Gramm-Leach-Bliley Act (GLBA). While the VCDPA does have certain exemptions, such as for entities subject to the Health Insurance Portability and Accountability Act (HIPAA) or the GLBA for data processed in compliance with those laws, it does not specifically mention an exemption for GLBA compliance. Therefore, option D is not the best choice in this context.
Agree with smp175