Effective from January 1, 2020, the California Consumer Privacy Act (CCPA) introduced new privacy rights for consumers in California. The following items present a summary of its requirements.
•The right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information
• The right to delete personal information held by businesses and by extension, a business’s service provider
• The right to opt-out of sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information.
• The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA
This new legislation has parallels with GDPR’s requirements, which RedShield have used in conjunction with other international standards as a framework for privacy commitments. However, these regulations differ in scope, definitions, and requirements, the CCPA introduces some additional considerations.
• Data inventory mapping is a requirement common to both regulations, although core requirements differ, RedShield captures extremely limited amounts of personal data and our existing processes encompass the requirements of the CCPA.
• The processes used to respond to individual data requests include requirements for verification of consumer identity. It should be noted that CCPA and GDPR have different definitions of personal information. However, since RedShield has no business use for any personal information that might be recorded by our services data can be removed on request.
In the context of privacy requirements under CCPA RedShield performs the role of a service provider, a data processor under GDPR. In all cases our subscribers have the responsibility of a business under CCPA, which essentially equates to that of a Data Controller under GDPR.
Regardless of the regulatory framework in question, RedShield will not:
• sell personal information we record, this is not our business model
• process your personal information for any commercial purpose other than providing our shielding services
• retain, use, or disclose your personal information outside of the scope of the agreement we have with subscribers
To be clear, RedShield does not sell, rent, or otherwise disclose personal information we collect in exchange for money or something else of value. In fact, due to the reducing value of all data collected by the shielding service, we purge our logs on a rolling 90 day basis. This has several advantages for us as well as ensuring that we comply with our privacy considerations. We also understand our obligations under the CCPA and will comply with them.
In the event that we receive any request, complaint, or other communication from a verifiable consumer, regulatory authority, or third party in connection with our processing of your content, we will promptly inform you and provide details, of course this will be to the extent legally permitted. Unless legally obligated to do so, we will not respond to any such request, inquiry or complaint without your prior consent except to confirm that the request relates to you.
It should be noted that subscribers to our service are responsible for ensuring that they have complied, and will continue to comply with the requirements of the CCPA in the use of the services we provide in relation to the processing of personal information. If your business collects personal information about California consumers, then your business may be subject to the CCPA and we recommend that you consult the statute, regulations, and legal counsel to determine any obligations you may have.