California Consumer Privacy Act (CCPA)
The below information on CCPA is provided solely for information purposes. We recommend that all companies that use (or sell) personal information of consumers research and rely on their own legal counsel to learn more about the CCPA and determine how it affects their business, including how they use information and make disclosures to consumers.
What is the California Consumer Privacy Act CCPA?
The California Consumer Privacy Act (CCPA) was created to protect the privacy and data of consumers. It was passed (according to the ballot initiative that initially proposed the law) to “give Californians the ‘who, what, where, and when’ of how businesses handle consumers’ personal information”. The act also promotes data transparency -- requiring businesses to tell consumers what data has been collected on them and giving consumers rights to delete their personal information as maintained by these businesses.
When did CCPA go into effect?
While CCPA was implemented on January 1st, 2020, enforcement action did not begin until July 1st, 2020.
What role does Mailers Haven play in CCPA?
We are a service provider to and distribution platform for data companies and compilers who make their lists available for marketing purposes. We are not ourselves a compiler of data, or a “business” under the CCPA. Likewise, we do not take on obligations that “businesses” have – such as handling consumer requests and “opt outs.” Instead, our count systems download data directly from servers that reside with the compilers, which helps us ensure that our clients always receive the freshest data available.
I’m a Printer/Mailer/Marketing Company: How would I be classified?
As noted, we always recommend you talk to your own lawyers before making any decisions. We have heard from a number of printers, mailers and marketing companies that they categorize themselves as “service providers” under the CCPA, but this often depends on each party’s use case and contractual requirements and restrictions.
Definition of a Service Provider according to CCPA:
Under the CCPA, service providers handle data simply to perform services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
What are the responsibilities of a Service Provider?
If you are a service provider to a “business” (such as to your clients), those businesses may direct you to remove consumers who have contacted them from their database, or request help in fulfilling other obligations they may have under the CCPA. It is your responsibility to do so. They may also ask you to sign an agreement saying that you will remove anyone they request, or that you will not keep their data on your servers for over a certain length of time.
What should I do if a consumer calls my company directly, but we are only maintaining databases on behalf of our clients?
CCPA is about navigating the privacy between an End User and a “Business” (usually your client). Consumers should be contacting the business that is using their personal information, not the Service Provider that is facilitating a direct mail campaign. However, in some cases, such as where a consumer contacts you directly and makes a specific request about a specific client’s data, you may have an obligation (where feasible) to contact the client – and some clients may contractually require you to do this.
When should I send a consumer to Mailers Haven?
There is never a reason to send a consumer to Mailers Haven. We cannot remove consumers from any database. We do not keep or compile data of any kind.
So how else can I help a consumer who calls in?
If you are speaking with someone who you feel would make a good candidate to be removed from all types of marketing, you can suggest they go to https://oag.ca.gov/data-brokers. That page provides a list of all “data brokers” registered in California, along with instructions on how to “opt out” from each. Another option is to add themselves to the DMA’s Do Not Mail registry (https://dmachoice.thedma.org/register.php).