The CCPA is focused on organizational compliance over product-level compliance. However, we still give utmost importance to how we build our product and have adopted a Privacy and Security by Design approach. Our product is designed with privacy and security in mind and as a core component of our development process.
We have been certified for the following certifications to ensure CCPA preparedness:
ISO/IEC 27001 is the international standard developed specifically for information security management systems, requiring a company to use a systematic approach to managing sensitive information and ensuring data security.
ISO 27701:2019 specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and 27002 for privacy management within the context of the organization. It specifies PIMS related requirements and provides guidance for PII controllers and PII processors.
The California Consumer Privacy Act (CCPA) is a new, post-GDPR data privacy law coming out of California. The law itself will go into effect on January 1st, 2020, and it’s set to alter the landscape of U.S. data privacy.
Consumers have the right to opt-out: Unlike the GDPR, which has a total opt-out option, CCPA only allows consumers to opt-out of their data being sold. The definition of data being sold is extremely broad in the case of CCPA. Virtually all B2B data transfer is considered “data sold” under the law. This means that consumers must receive an opt-out form prior to that data transfer.
Consumers have the right to access: This means that consumers can request specifics on all information that has been collected on them, and that information must be provided.
Consumers have the right to delete (sort-of): The law requires that consumers have the right to ask that their data be deleted. But, the law also contains plenty of exceptions, including — security, internal use, research, and compliance.
Children have to opt-in: Any person under 16 must opt-in for data collection. And, any child under 13 must have their parent (or guardian) opt-in.