One observation. Not sure amendments make the CCPA inapplicable to the financial sector.
The exemption, as worded, applies to data, not necessarily the institution (information collected … pursuant to (GLB)). Theoretically, financial companies may have to analyze data to determine whether it is “GLB data” (NPPI under GLB or RegP) or “non-GLB-data.” For example, an email address collected to establish a financial account may be exempt, but will that same email address be regulated under the CCPA if you use it for marketing?
I’d sleep better if with more clarity on the scope of this exemption.