On June 28, 2018, Governor Jerry Brown put into motion the California Consumer Privacy Act (CCPA), also known as Assembly Bill No. 375 (AB-375). With all the talk of GDPR that was happening at the time, the CCPA was a topic of little discussion. But with the CCPA going into effect on January 1, 2020, there has been an increase in chatter amongst businesses and consumers around the country.
With January 1, 2020 approaching quickly, we are going to give you a rundown of what CCPA is, what it requires, and what it means for high-volume transactional or marketing email senders.
What is the CCPA?
The CCPA or AB-375 is a comprehensive privacy law that grants specific rights to California residents in regard to the data that is collected on them. This legislation comes at an important time in consumer rights as innovation in technology has allowed companies to collect and sell more unregulated personal data on users than ever before. The CCPA is an attempt to give Californians more control over their data in three ways:
- The right to access information collected on them. This includes knowing what type of information is collected/sold, who it is being collected and sold by, and why it was collected.
- The right to delete information collected on them. California consumers will be able to request for the deletion of the personal data that has been collected on them.
- The right to opt out of personal data collection. California consumers will now have the right to tell a company that they cannot sell their information to any other third party organizations.
Does The CCPA Apply to You?
According to the official CCPA bill, applicable California companies will fit the following criteria:
- Has annual gross revenues in excess of twenty-five million dollars ($25,000,000).
- Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
- Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
Aside from the three points above, the CCPA protects California residents across state lines as well. This means the companies working with California residents’ information will need to undergo the necessary policy adaptations to be CCPA compliant.
What Does The CCPA Mean For SocketLabs Customers
At SocketLabs, security and compliance have always been a top priority. Because of this, we have always put the necessary rules, regulations, and policies into place to help customers around the world send email in a way that complies with major global government legislation.
As with GDPR, we have worked to ensure that the most critical privacy controls are available as a standard part of our Email Service Privacy Policy, not just with the European Union. And with the upcoming enactment of the CCPA, we are once again working to re-emphasize our commitment to privacy by adopting all regulations set forth by the CCPA into our own policies.
While other technology-based companies are quickly seeking ways to deal with the CCPA, SocketLabs has always had the necessary data and privacy regulations in place to give our customers the safest and most open platform to communicate important information with their stakeholders (See more information on this in the section below titled ‘The SocketLabs Security Promise’). This means that SocketLabs customers concerned with CCPA will NOT have to worry about the policies and regulations set forth by SocketLabs as a third party organization complying with CCPA due to our extensive preparation and implementation of the policy. It’s important to note that while SocketLabs is CCPA compliant, the requirements and policies that CCPA demand of your business specifically may differ.
What Does The CCPA Mean for High-Volume Email Senders?
When it comes to sending high-volume email, marketers are among the most well-known group to use personal consumer data to target their messages, maximize their efficiency, and increase their return. The CCPA is all about corporations being completely transparent with the personal data they are collecting, buying, or selling from their stakeholders. At a high level, this means that if you fall into this category, you need to make the necessary changes to your policies to be able to be as well-equipped as possible to disclose this data to the consumer.
With CCPA going into effect, we cannot emphasize enough how important it is to know what information you are collecting, where it is coming from, where it is going, and how it is being used. It is now important to always have the consumer privacy in mind – asking to collect data or giving stakeholders the ability to opt-out of data collection or delete existing data is a huge part of the CCPA and will carry a lot of weight moving forward.
Considering these points ahead of time for your organization will help you save tons of time and money in the long run.
The Socketlabs Security and Compliance Promise
SocketLabs has always implemented the necessary controls and regulations to keep our senders secure. As an email service provider we have always worked to help our customers simplify and improve the way they send emails. We believe that time our customers spend worrying about security is time they lose building their businesses and accomplishing their goals. As described in more detail on our security and compliance page, SocketLabs has taken the time and made the necessary policy adaptations with our customers’ best interests kept top of mind by becoming:
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
The VeraSafe Website Security Program is comprised of services that help participants ensure their compliance with these Program Criteria. The Program Criteria are based on industry best practices and consumer protection legislation such as the California Senate Bill 1386. The Criteria also go much deeper into topics like:
- Neutrality
- Contact information Security
- Data Security Controls
- Vulnerability Mitigation
- Data breach disclosure policies, and much more
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the email industry comes together to work against botnets, malware, spam, viruses, DoS attacks and other online exploitation. M3AAWG is the largest global industry association, with more than 200 members worldwide, bringing together all the stakeholders in the online community in a confidential, open forum.
The GDPR (General Data Protection Regulation) is a regulation designed to strengthen data protection for residents of the EEA (European Economic Area) which includes the EU, Iceland, Lichtenstein, and Norway. SocketLabs is dedicated to data protection and GDPR compliance. We offer a GDPR compliant Data Processing Addendum to customers (see below). If you would like to read more about the GDPR, please see our blog article or click here for a detailed guide.