CCPA Compliance & Frequently Asked Questions
The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. In June 2018, California enacted the original body of the CCPA, which constitutes the broadest and most comprehensive privacy law in the United States to date. The draft regulations, issued by the California Attorney General in October of 2019, are expected to be finalized and enforceable by July 1, 2020.
Jornaya has always been committed to safeguarding the privacy of our service users and website visitors. In order to ensure continued support to our clients and consumers, we have been working directly with outside privacy counsel specializing in privacy regulatory requirements with a focus on the CCPA to properly align our practices and policies with the CCPA requirements.
We have implemented a comprehensive plan which includes the following key items:
- Exercise Your Rights: Options for submitting requests are available to our clients and consumers. You can find the notice on our main website at jornaya.com, as well as on our Privacy Page.
- Privacy Policies: Updates have been made to reflect the applicable requirements of the CCPA, including more details on the categories of consumer information collected and the avenues through which they are made available to us.
- Privacy Updates: A central resource page is on our website outlining proper notices for our clients and consumers for information on exercising their rights.
- Questions: Please refer to our FAQ below for additional information about Jornaya’s services and the CCPA. Contact us at email@example.com if you have any questions.
Last Updated Date: August 25, 2020
This FAQ is for informational purposes only. It is intended to provide information on Jornaya’s approach to addressing the potential obligations imposed by the CCPA on Jornaya’s business model. It is not intended to provide legal or business advice to any other company or individual. The obligations imposed by the CCPA depend on how your company collects and uses personal information and you are solely responsible for seeking your own advice as needed for your company’s compliance needs under the CCPA or otherwise.
1. What is the CCPA?
The California Consumer Privacy Act (CCPA) is a comprehensive privacy law that went into effect on January 1, 2020. The law is enforced by the California Attorney General (AG), who is also tasked with issuing regulations under the CCPA. The AG submitted the final regulations for final approval on June 2, 2020, and enforcement is expected to begin on July 1, 2020.
The CCPA applies across all industry sectors, imposing obligations on companies that handle personal information. The CCPA’s requirements include:
- Providing privacy notices
- Implementing processes for individuals to access and delete their personal information
- Allowing individuals to opt-out from “sales” of their personal information
The “sale” opt-out right impacts more than just traditional sales of data for money. The CCPA defines “sale” broadly to include many commonplace data sharing arrangements, even where no money is exchanged. However, data sharing with a business’s service provider is not considered a “sale,” as long as certain contractual terms are in place between a business and its service provider.
2. How has Jornaya prepared for the CCPA?
Jornaya has actively assessed its obligations under the CCPA and has a core team focused on leading CCPA efforts, as well as privacy and regulatory in general. This core team has worked, and continues to work, closely with outside privacy counsel who focuses on CCPA compliance and the changing privacy regulatory environment. Among other activities, Jornaya has implemented a process for receiving and responding to consumer rights requests we may receive, revised applicable privacy policies, and reviewing and modifying contracts to align with applicable CCPA requirements.
3. How can our Clients continue to use Jornaya’s services consistent with the CCPA?
As currently defined under the CCPA, a “service provider” processes California consumers’ personal information on behalf of another business. To be a service provider, the entity must receive the personal information under a written contract that limits the service provider’s processing to purposes specified in the contract or otherwise permitted by the CCPA. A “business” is a for-profit entity that determines the purposes and means of processing California consumers’ personal information and that meets certain thresholds around revenue and similar factors.
Because Jornaya does not directly interact with consumers, but gains access to certain data automatically as part of the services we provide to our Clients, to help our Clients facilitate consumer “sale opt-out” requests if you choose to flow down any requests, Jornaya has set up a process for you to send along consumer “sale opt-out” requests you receive. To help consumers receive appropriate notice about the use of their information at collection, those who provide us access to certain data will need to provide consumers with the appropriate notice within your sites or avenues where you collect consumer data prior to any collection.
4. How can our Clients or consumers submit a request?
We have set up a central Privacy Page on our main website at jornaya.com where a request form can be submitted for exercising applicable rights under the CCPA. The “DO NOT SELL MY PERSONAL INFORMATION” button is also available on the footer section of our website at all times for easy access.
We will continue to work closely with our outside privacy counsel to address any obligations arising out of updates or changes to the CCPA regulations and will notify you of material changes, which may affect the processes in place.
Please visit our Privacy Page on our main website at jornaya.com for more information and resources.