The CCPA applies to any for-profit business that collects consumers' personal data, that does business in California, and satisfies at least one of the following thresholds:
No. While some components are similar, CCPA requires specific compliance standards which are not part of GDPR.
Yes. If you are a covered company under CCPA, you are required to become CCPA compliant.
Broadly speaking, under the CCPA List Owners & Mailers are required to:
mydataprivacy.com covers each of these compliance items and more. Notification, access, disclosure, reporting, opt-out and deletion requests are all handled within the platform. It provides consumers with an easy-access, verified request portal to access their personal information. It offers online reporting to satisfy disclosure requirements along with opt-out and deletion request options.
Ours is the only turnkey, fully automated consumer-facing CCPA solution for SMBs and Data Compilers/Brokers, Agencies & Marketing Services companies who maintain databases and/or rent prospect data.
Consult with an attorney regarding your specific situation. There are some instances in which a services provider who doesn’t store or maintain consumer data will not be required to comply.
mydataprivacy.com provides a cost effective, easy-to-implement solution for List Owners and Mailers subject to the CCPA, providing comprehensive data access and disclosure compliance. The site offers central repository for List Owners and Mailers to maintain CCPA-related data points and transactions, relieving them of the burden of managing compliance in-house.
Each list used or sold is uploaded to your account within mydataprivacy.com. Easy click navigation and drop-down menus guide you through the order creation and data upload process. Compliance details such as categories of personal information, specific pieces of information, data sources and categories are captured. File layouts are easily mapped within the system and drag & drop file uploads allow for quick and easy workflows. Suppression and Deletion files are continuously updated and available for download at any time.
All data is hosted at Digital Ocean (www.digitalocean.com) data centers and stored in a private clould environment with automatic backups and infrastructure redundancies, allowing guaranteed 99.99% uptime. Certifications include ISO/IEC 27001:2013, EU-U and Swiss-US Privacy Shield Certification - https://www.digitalocean.com/legal/certifications/ .
mydataprivacy.com’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points, which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. Our proprietary architecture permits only single, encrypted queries from our web-facing portal to your database. Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only users who require access to a system are able to login.
Personally Identifiable Information (PII) is not stored by mydataprivacy.com. As data is uploaded to the system, it is converted to masked data (using asterisks) except for the final digit. The original version of the data with full PII is immediately deleted and not stored on our servers.
No, there are nine (9) exceptions regarding deletion requests included in CCPA. As always, consult your attorney to ensure your specific use case is excluded under CCPA. Following are the nine exceptions found within the Act:
1798.105 (d) A business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:
mydataprivacy.com can be used for residents throughout the USA, and we recommend doing so. You’ll be prepared for pending Privacy legislation that has been introduced in multiple state legislatures and which, we believe, will eventually lead to the passing of nationwide Privacy legislation.
We verify each consumer request utilizing a third-party verification service which leverages a large ID verification database to identify and reduce potential fraud. In order to verify a given individual, the system receives consumer-input information such as name, address, email and last 4-digits of Social Security Number and confirms that information with data in the ID verification database.
We recommend listing each source.
We recommend that you upload all information. Consult with a privacy attorney before doing otherwise. The platform allows you to mask all sensitive Personally Identifiable Information (i.e. -Social Security Number becomes ***-**-***2 and discards the original data provided to ensure sensitive information isn’t compromised).
Yes! We are currently developing API functionality along with a wide range of platform improvements.
For legal and insurance purposes, no. However, we do have a lead referral program available only to current clients. Call your salesperson to learn more.