Updated privacy policies. New guidelines and regulations. This year brings the California Consumer Privacy Act (CCPA) to the playing field. What is the CCPA, and what does it mean for your relationship with ExaVault?
What is CCPA?
The California Consumer Privacy Act (CCPA) creates new rights for consumers in regards to their personal information. This act includes rights to how that information is collected, shared, and deleted as well as how you can access your personal information that a company has.
Specifically, the CCPA applies to businesses that collect any personal data from consumers and do business in the state of California. It went into effect starting January 1st, 2020. Sanctions include a fine up to $7,500 for each intentional violation and $2,500 for each unintentional violation of the privacy act.
Consumer’s Personal Data
Whenever you are engaging in a transaction or service with a business online, you inevitably provide some personal data. Your name and contact information are essential to mail any items you purchase. Your email address may be necessary for correspondence with the company. Our file transfer service allows you to create users on your account. Each of those users gets set up with a unique username associated with their activity on the account. Businesses can check their account activity logs to ensure that files are uploaded and downloaded as needed.
“CCPA defines personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.”~According to the California Legislative Information
ExaVault and the CCPA
Primarily a business to business SaaS company, ExaVault values data and privacy. As a company with clients across the globe, we strive to comply with region-specific policies and regulations to provide the best protection for all clients, both businesses and individuals.
Our Key CCPA Focus Areas:
- The Right to To Opt-Out of the Sale of Personal Information
- The CCPA Right to Know and Right to Deletion Requests
- Protection of Data Processed on Our Behalf
For the first point, we reiterate that ExaVault has not, does not, and will not sell personal information. Rather than show additional prompts allowing you to select “Do Not Sell My Personal Information, it is an automatic “opt-out.” We call this “Opt-out by default.” No additional action or notification is needed as our policy has been to neither share nor sell any personal information.
The second point focuses on specific rights regarding the personal information a company has. ExaVault has established policies detailing consumer rights. We allow individuals to request disclosure of or deletion of their personal data. Our updated policy reflects the process for you to make such requests. This includes verification of the individual making a request and compliance with the CCPA.
Once an individual has been verified, we will disclose or delete their personal data as requested. We have policies set to meet these requests in accordance with privacy guidelines. There is no discrimination against clients who make a request to act on their CCPA privacy rights.
The Future of Data Security
Data security is an ongoing concern. More than likely, we will see additional privacy-related regulations and policies come into effect as time goes on. ExaVault will continue to anticipate and make modifications to our practices and policies in addition to doing vendor reviews. We will ensure that all our business partners have privacy policies and procedures that are at least as stringent as ours. Each new vendor must provide satisfactory documentation regarding their policies and procedures.
To ensure that we remain up to date on all policies and regulations, we will continue doing periodic policy reviews. This will include reviewing internal privacy and security policies and procedures. We couple this with security reviews and verifications to make sure we have all the necessary technical safeguards in place to protect your data. Finally, reflecting any updates or changes in writing so that our documentation is up-to-date for CCPA compliance as well as GDPR (the European Union General Data Protection Regulation.)
For secure business file transfer with global compliance – Sign up for ExaVault today!