TABLE OF CONTENTS
What are the CCPA and CPRA?
The California Consumer Privacy Act became law on January 1, 2020, and has since been amended by the California Privacy Rights Act (collectively, the "CCPA").
The CCPA is similar to the European data privacy law introduced in May 2018, the General Data Protection Regulation (GDPR) and establishes certain privacy rights for consumers who are California residents, including:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
Businesses are required to give consumers certain notices explaining their privacy practices.
Businesses are also required to enter into specific contractual provisions with their vendors that process their covered personal information.
What if the CCPA applies to my business operations?
The CCPA does not apply to all businesses.
It is important to review your operations, review the CCPA and its regulations, consult an attorney where needed, and determine if the CCPA applies to your business operations. If it does apply, it is important that you ensure that you have entered into a Data Processing Addendum with Centercode that includes CCPA service provider clauses. For more about this, please keep reading.
What is Centercode doing to help its customers with CCPA compliance?
Centercode never sells its customers’ data or “shares” its customers’ data as defined in the CCPA. As your service provider, we are ready to work with you as you ensure your CCPA compliance in connection with your use of the Centercode Platform.
First, the features we built into the Centercode Platform to assist you with GDPR compliance also apply to assist your business with its CCPA compliance efforts. You can review those features here.
Second, our standard agreements include provisions designed to ensure compliance for you and Centercode as your service provider. If you do not already have a master agreement and/or data processing addendum in place with Centercode that addresses the CCPA and Centercode’s obligations as a service provider to you, we have a short contract addendum available for execution by customers that addresses these obligations. Any Centercode customer in this situation can download, execute, and return this contract addendum to its sales associate at Centercode. If your agreement with Centercode does not already include these terms, we will counter-sign and return the fully-signed contract addendum to you.
If you also don’t have a GDPR-compliant data processing addendum with Centercode, please check here for more information.
What about other US state privacy laws?
Several other US states have adopted privacy laws similar to the CCPA and/or the GDPR, including Utah, Colorado, Virginia, and Connecticut, and additional states have laws under consideration. Each state’s law has different thresholds for determining if it applies. Centercode’s customers whose activities with Centercode might be covered by these state laws should enter into Centercode’s most recent Data Processing Addendum if they have not already done so.
We are here to assist you at any time. If you have any questions, please don’t hesitate to reach out to privacy@centercode.com.