By John Carbo, Director of Information Security at Abacus Group
The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. The purpose of the CCPA is to extend protections for the personal data of California residents and imposes new requirements for businesses that process personal data. The focus of the CCPA is on disclosures for the collection and “sale” of personal information. In this context, a “sale” covers any disclosure of personal information for any “valuable consideration.” Consumers have the right to opt-out from selling of their personal information which can be done with a link on a website titled “Do Not Sell My Personal Information.” Obviously, this requirement is only for businesses that “sell” personal information.
The scope of the CCPA includes:
The CCPA excludes from its scope the collection and sharing of certain categories of personal information:
The CCPA also excludes specific processing activities from the definition of “selling”:
There are many similarities between the EU's General Data Protection Regulation (GDPR) and the CCPA. Firms that have taken action to comply with the GDPR will have many of the requirements in place that can be adapted for the CCPA. There are some notable differences: CCPA has “businesses” (Controllers) and “service providers (“Processors”). The CCPA requires that personal information disclosed to service providers be done under a written contract that prohibits the service provider from retaining, using, or disclosing the information for any purpose other than the purpose of the service specified in the contract.
For Abacus (service provider) and Clients (business), the personal information processed by the Abacus FLEX platform is not considered “selling” information. Abacus does not further collect, sell, or use the personal information except as necessary to perform the business purpose.
Abacus recommends working with your compliance professionals to:
Lorem ipsum dolor sit amet, consectetur adipiscing elit
These Stories on data privacy