airSlate and CCPA
The California Consumer Privacy Act (CCPA) is legislation adopted by the state of California. CCPA gives every California resident more control over their personal information. CCPA establishes rules that regulate how companies can sell consumer personal information that they have collected, received, or processed, to third parties.
CCPA applies to any for-profit business that buys, sells, collects, or shares the personal information of California residents and meets one of the determined thresholds. As of January 2024, the threshholds are:
- The business generates $25 million or more in annual revenue.
- The business collects, purchases, sells, or shares the personal information of more than 100,000 consumers.
- The business earns at least 50% of its annual revenue from selling or sharing of personal information.
However, non-for-profit companies and Government Agencies are exempt from CCPA. Furthermore, personal information collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act, and implementing regulations are exempt from the CCPA. Additionally, CCPA provides certain medical providers an exemption concerning "protected health information" (PHI).
Despite these exemptions, the health and life sciences providers and financial services firms should seek legal counsel to determine if they are subject to the guidelines established by the CCPA.
Although the CCPA has much in common with GDPR, it introduces some additional obligations to business owners:
- The definition of personal information is expanded to include information linked at the household or device level. It includes such elements as IP address, device and biometric identifiers, audio, and other location information.
- Businesses must enable and comply with a consumer’s request to opt out of the selling of personal information to third parties, subject to certain exceptions.
- If a business sells consumer personal information, it should include a "Do Not Sell My Personal Information" link in on their website’s homepage a clear and conspicuous location.
- Businesses shall not request reauthorization to sell a consumer’s personal information for at least 12 months after the person opts-out.
- CCPA raises the stakes in the event of a data breach by creating a class action right and statutory damages without having to prove actual losses.
- A California resident may use an authorized agent to submit a right to know request or a request to delete. To use an authorized agent, the California resident must provide the agent with written authorization.
- CCPA prohibits a business from charging different "prices or rates" or offering "discounts, or other benefits" based upon whether a consumer "exercised any of the consumer’s rights" under the Act.
- airSlate is committed to maintaining CCPA compliance.
- airSlate invests in the Infosecurity of our products and aims to match or exceed industry regulations in protecting our customer’s data.
- airSlate does not charge consumers different prices based upon whether they exercise any of their rights.
- airSlate only partners with vendors that meet its security standards.
- airSlate’s privacy policy, terms of service, and other disclosures educate consumers and give them notice about which data is collected and how it may be used.
- airSlate honors consumer’s rights enumerated in CCPA.
- airSlate provides an easy-to-use mechanism for consumers to request access to their data and data erasure.
Please contact our sales team to learn more about our CCPA compliance at sales@airslate.com.