The California Consumer Privacy Act (CCPA) is coming into effect on January 1, 2020, and we want to update you on what we are doing at here at SurveyMonkey to make sure we are compliant.
SurveyMonkey has always prioritized data privacy and security, and CCPA is no different. We’re taking the necessary steps to ensure that all requirements are fully met.
What is CCPA?
The California Consumer Privacy Act (CCPA) is considered one of the most influential privacy laws in the United States. It expands the definition of “personal information” under previous California state laws and regulates how businesses collect, use, and disclose consumers’ personal information. CCPA also grants California consumers new privacy rights:
1.The right to know what personal information businesses collect about them and request a copy of or delete such information
2. The right to opt out of the sale of personal information
3. The right to hold businesses accountable for not safeguarding their personal information, including the right to bring a lawsuit for data breaches
Why is CCPA important?
Although CCPA primarily affects California residents, any business that conducts substantial activity in California and collects, sells, or discloses California consumers’ personal information may be subject to CCPA. California is also considered a trendsetter when it comes to U.S. privacy laws, so other states will likely follow suit. Since CCPA was passed in June 2018, many states have introduced similar new laws and bills.
What are we doing about CCPA?
We see CCPA as an opportunity to continue our long tradition of protecting your data and giving you more control. We plan to introduce the following changes:
|What we are doing||Anticipated Timeline|
|Updates to our customer-facing legal terms|
● Master Services Agreement
● Data Processing Agreement
| -December 2019|
|Updates to our service provider agreements||November 2019|
|Enhancements to our privacy training program||December 2019|
|Adjustments to our existing processes for handling data access and deletion requests● User-friendly online form to route your request to appropriate support contacts||Live now (October 1, 2019)|
How is CCPA different from the General Data Protection Regulation (GDPR)?
●Definition of personal information: CCPA covers California residents and protects personal information reasonably linkable to an individual consumer or a household, while GDPR covers EU data subjects (both business and consumer users) without regard to citizenship or residency requirements and protects personal data related to an individual only.
●Covered entities: CCPA applies only to for-profit companies that meet certain minimum thresholds, while GDPR applies to all types of organizations, including public bodies and non-profit organizations.
● Covered data: CCPA specifically excludes personal information covered by current federal privacy laws, such as the Health Information Portability and Accountability Act (HIPAA) or Gramm-Leach-Bliley Act (GLBA), while GDPR applies to all categories of personal data.
● Consumer rights: Both CCPA and GDPR grant consumers the right to access a copy of their personal data or request that a business delete their personal data. CCPA’s deletion right applies only to personal information collected from the consumer, while GDPR’s deletion right covers all personal data regarding a data subject, regardless of the source.
● Sale of Data: CCPA allows California residents to opt out of the sale of their personal information, while GDPR allows a data subject to request the deletion of their data or that processing be restricted.
Disclaimer: This article is not to be construed as legal advice or representative of our interpretation of privacy laws, but instead is intended to help our customers understand our approach to CCPA in practical terms. If you are in doubt as to your legal obligations or require advice on any of the areas covered, we urge you to seek independent legal counsel.