Enacted on January 1, 2020, AB 375, the new privacy law more commonly known as the California Consumers Protection Act (CCPA) allows California residents to demand to see information a company has saved on them. This information includes a full list of all third parties that the customer's data has been shared with. When this information is demanded, the company has the legal obligation to provide it to the customer within 45 days. Any company that conducts business with California residents, in addition to making $25 million in annual revenue, gathering data on more than 50,000 users, or generating more than half its yearly revenue from selling user data is held to the standards of the CCPA.
The CCPA helps create stronger privacy for customers and provides Californians with six main rights:
- Access: Businesses must honor consumers’ request to obtain a copy of their PI, and to obtain certain details about how it has been collected and used/disclosed (subject to exceptions)
- Deletion: Businesses must honor consumers’ PI deletion requests (subject to exceptions)
- Opt-out: A business must allow consumers to opt-out of the “sale” of their PI, as that term is defined under the CCPA
- Opt-in (children): A business may not sell the PI of children under 16 without affirmative consent (can be from the child if child is 13-15, parent if under 13)
- Right to sue a business for experiencing a data breach of certain PI (like name+credit card number) due to failure to maintain reasonable security.
There are four main requests Invoice2go will abide by under the CCPA. They include:
- Right to know requests
- Customers have the right to request to know what information has been collected on them, as well as shared or sold to third-party companies.
- Requests may be made for the previous 12 months.
- Right to delete requests
- Customers have the right to request us to delete any personal information we have stored on them.
- Right to opt-out requests
- Customers have the right to request their personal information not be sold to third-party companies.
- Right to non-discriminate
- If a customer exercises any of their CCPA rights, they are protected from any discrimination such as pricing or service changes in response to a CCPA request.
Exceptions to CCPA Requests
There are some categories which do not fall under customer's CCPA rights. These include but are not limited to sensitive data such as:
- Social security number, Driver’s license number, or other government-issued ID number
- Financial account number
- Health insurance or medical identification number
- Account password
- Security questions and answers
Other exceptions to CCPA requests would include:
- LEGAL EXCEPTION: If the disclosure would conflict with a federal or state law or would create a substantial security risk
- MANIFESTLY UNFOUNDED/EXCESSIVE EXCEPTION: If honoring the request would require excessive or unreasonable steps.
- REPEATED REQUEST: If the requestor is making their 3rd or more request for specific pieces of information in a 12-month period.
- RIGHTS OR FREEDOMS OF OTHERS: If honoring the request would adversely affect the rights or freedoms of others, such as by inappropriately disclosing personal information about another person to the requestor.
Invoice2go and CCPA
Invoice2go is committed to obliging to the standards of the CCPA and ensuring our customers know that we have responsibly and securely handled their data. For more information regarding Invoice2go and the CCPA, please refer to our Privacy Notice or contact us.