How we help you comply: CCPA

How Egress helps you comply with CCPA

What is the CCPA?

The California Consumer Privacy Act (CCPA) regulates how certain businesses are allowed to handle personal information of Californian residents.  It is seen as the leading privacy law in the United States and came into force on January 1, 2020. 

It provides Californian residents with detailed rights in their personal information, such as: what is being collected; how it is collected; who it is sold to or shared with; opting out of the sale of their information (if any); the right to request access to their information; and, the right to request that it is deleted.

Personal information is information that describes, or is capable of being associated with or linked to, a particular consumer or household.

Why is it important to us?

We have obligations both in respect of the data that we control and process ourselves, and in respect of the activities we carry out on behalf of our customers and users.  We are mindful of our obligations to the companies and people using our services where their own products, services and activities may be caught by the requirements of the CCPA.

We can provide further information to you about how the compliance measures that we take in respect of our own software and services can help you to meet your own obligations under the CCPA.  We can provide this information either under a non-disclosure agreement or through any secure portal functionality that we may provide on our website from time to time.

Why is it important to you?

If you use our software and services to process personal information of Californian residents then this activity may (depending on your financial size or the volume of your processing) will be subject to the requirements of the CCPA.  You will need to make sure that you comply with your obligations and we can help you meet these.

Do you need to be in California for it to apply?

No you do not need a physical presence in California to be caught by the CCPA’s requirements.

Compliance tools

Software and services focussed on compliance

Our software and services are firmly focussed on ensuring regulatory compliance – not just with the CCPA, but with other privacy regulations around the globe.  You can find out more information on each of these using the links above or the Products and Solutions tabs at the top of the page.

Protect your Content

Our communication and file sharing services provide security and encryption to protect your Content and help to ensure that it remains confidential and secure.

User controls and access permissions

Our software and services can provide you with tools to ensure that only those who you want to access your Content (and any personal information in it) can do so.  These editable and auditable permission controls provide key regulatory compliance when sharing secure information and personal data with colleagues and third parties, and ensure that you remain in control of your Content (and any personal information in it).

Taking steps to prevent breaches before they happen

Through our Prevent tool we also provide tools that guide user behaviour to help prevent incidents before they arise.

Secure hosting

Where you subscribe to a service that we host on your behalf, we use market leading providers to ensure that your Content (and any personal information in it) remains safe and secure.  You can find our more information here and here.

Taking steps to prevent breaches before they happen

Through our Prevent tool we also provide tools that guide user behaviour to help prevent incidents before they arise.

Transparency and information

We provide a wide range of information and resources on our Legal and Compliance hubs to enable you to conduct your own risk assessments on us to ensure that you are able to meet your own obligations under the CCPA.  

Some of these may be subject to controls to ensure the confidentiality of any information that we provide to you, so please bear with us if we ask you to sign up to user terms or non-disclosure obligations prior to giving you access.

 

Key CCPA requirements

Do we sell personal information?

We will not, and do not, sell or rent your personal information to third-parties for valuable consideration (as defined in the CCPA) or for their direct marketing purposes.  We may share your Content (and any personal information in it) with third-parties for our business purposes – including the provision of services to you and/or your organisation or employer. 

Which third-parties do we share personal information with for business purposes?

We may share your personal information with certain third-parties for our business purposes (such as the provision of services to you and/or your organisation or employer). You can find out details of these third-parties in our Privacy Policy and here.

Do we respect individuals’ rights under the CCPA?

Yes.  You can find out more information on individual rights, how we respect them and how individuals’ can exercise them here.

Where do we disclose the personal information that we collect, store and process?

We provide comprehensive information around our privacy activities on our Legal Hub here. We provide this using a ‘layered approach’ so that details on what we collect and what we use it for is provided in separate policies based upon how and when we interact with you. 

You can find out more under the ‘Privacy, data protection & policies’ tab of our Legal Hub.

Disclosure requests

How we respond to a data subject request

Under the CCPA, individuals may have the right to make certain requests of organisations involved in processing their personal information. 

If we receive an individual request in respect of personal information in the Content we process on behalf of you, we will notify you and in our role as a processor or sub-processor confirm to the individual that their request relates to you.  We will attempt to re-direct the individual making the request to make their request to you directly (and may provide your basic contact information to enable them to do this this).

How we respond to a disclosure request from law enforcement

From time to time, we may receive requests or orders from a governmental body (e.g. a court order, law enforcement demand or other local equivalent) relating to Content that we process on behalf of you.

If we receive one of these we will attempt to re-direct the requestor to seek disclosure directly from you (and may provide your basic contact information to enable them to do this this).  If, despite our best efforts, we are compelled to disclose the Content then, provided we are allowed to do so, we will provide notice to you so that you may seek a protective order or other remedy. 

You can find more information on our approach here.

Try Egress for your email security today

Start your free trial Book demo