Privacy for Your Personal Information in 2020: The CCPA

Updated privacy policies. New guidelines and regulations. This year brings the California Consumer Privacy Act (CCPA) to the playing field. What is the CCPA, and what does it mean for your relationship with ExaVault?

What is CCPA?

The California Consumer Privacy Act (CCPA) creates new rights for consumers in regards to their personal information. This act includes rights to how that information is collected, shared, and deleted as well as how you can access your personal information that a company has.

Specifically, the CCPA applies to businesses that collect any personal data from consumers and do business in the state of California. It went into effect starting January 1st, 2020. Sanctions include a fine up to $7,500 for each intentional violation and $2,500 for each unintentional violation of the privacy act.

Consumer’s Personal Data

Whenever you are engaging in a transaction or service with a business online, you inevitably provide some personal data. Your name and contact information are essential to mail any items you purchase. Your email address may be necessary for correspondence with the company. Our file transfer service allows you to create users on your account. Each of those users gets set up with a unique username associated with their activity on the account. Businesses can check their account activity logs to ensure that files are uploaded and downloaded as needed.

“CCPA defines personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.”

~According to the California Legislative Information 

ExaVault and the CCPA

Primarily a business to business SaaS company, ExaVault values data and privacy. As a company with clients across the globe, we strive to comply with region-specific policies and regulations to provide the best protection for all clients, both businesses and individuals.

ExaVault CCPA notice

Consequently, we’ve updated our privacy policy to reflect our compliance efforts with the California Consumer Privacy Act. Among other items reviewed, a few key areas were the focus of our compliance efforts.

Our Key CCPA Focus Areas:

  1. The Right to To Opt-Out of the Sale of Personal Information
  2. The CCPA Right to Know and Right to Deletion Requests
  3. Protection of Data Processed on Our Behalf

For the first point, we reiterate that ExaVault has not, does not, and will not sell personal information. Rather than show additional prompts allowing you to select “Do Not Sell My Personal Information, it is an automatic “opt-out.” We call this “Opt-out by default.” No additional action or notification is needed as our policy has been to neither share nor sell any personal information.

The second point focuses on specific rights regarding the personal information a company has. ExaVault has established policies detailing consumer rights. We allow individuals to request disclosure of or deletion of their personal data. Our updated policy reflects the process for you to make such requests. This includes verification of the individual making a request and compliance with the CCPA.

Once an individual has been verified, we will disclose or delete their personal data as requested. We have policies set to meet these requests in accordance with privacy guidelines. There is no discrimination against clients who make a request to act on their CCPA privacy rights.

Finally, ExaVault operates primarily as a service provider in regard to CCPA. Being a service provider means that we have little direct collection of personal data, but we need to make sure that the data our customers upload is properly protected. As part of this process, we conduct recurring reviews of our third-party processors (such as the services we use to send email or provide messaging inside our application) to ensure that they are taking the appropriate security and privacy protections. The CCPA portion of the privacy policy also includes our annual disclosure reporting so that you can see how and when we disclose information to other parties.

If you haven’t reviewed the new privacy policy yet, we would encourage you to do so: Review our Privacy Policy.

The Future of Data Security

Data security is an ongoing concern. More than likely, we will see additional privacy-related regulations and policies come into effect as time goes on. ExaVault will continue to anticipate and make modifications to our practices and policies in addition to doing vendor reviews. We will ensure that all our business partners have privacy policies and procedures that are at least as stringent as ours. Each new vendor must provide satisfactory documentation regarding their policies and procedures.

To ensure that we remain up to date on all policies and regulations, we will continue doing periodic policy reviews. This will include reviewing internal privacy and security policies and procedures. We couple this with security reviews and verifications to make sure we have all the necessary technical safeguards in place to protect your data. Finally, reflecting any updates or changes in writing so that our documentation is up-to-date for CCPA compliance as well as GDPR (the European Union General Data Protection Regulation.)


For secure business file transfer with global compliance – Sign up for ExaVault today!