With the ongoing COVID-19 pandemic in the headlines every day for most of this past year, it may seem that the California Consumer Privacy Act (CCPA) has taken a back seat. However, that is not the case: the CCPA’s regulations became final and effective as of August 14, 2020. Now that it has taken effect, MDR continues our commitment to being compliant with the CCPA. We strive to make our customers feel safe working with us and to assure them our data is in compliance.
As a division of Dun & Bradstreet, MDR works with multiple departments who focus on CCPA and other compliance and security measures. We are deeply committed not just to complying with all applicable laws and requests, but also to sharing our CCPA knowledge with our partners along with the steps we have taken to ensure CCPA compliance.
A Look at Consumer Rights under the CCPA
The California Consumer Privacy Act (CCPA) was passed by the California legislature in June 2018, went into effect on January 1, 2020. CCPA gives California consumers (defined as any resident of California) certain rights over their personal information, review my previous blog post to better understand these five rights.
Who is covered by the CCPA?
The CCPA defines “consumer” as a California resident. That would include consumers as traditionally defined (people purchasing goods and services for personal, household, and family use) but also includes individuals acting in their business capacity (sole proprietorships, officers, directors and shareholders, and employees). The CCPA defines personal information very broadly. Here is a look at:
- What’s covered: Any information that identifies, relates to, describes, is capable of being associated with or could be reasonably linked, directly or indirectly, with a particular consumer or household.
- What’s excluded: Publicly available information from government sources.
MDR and the CCPA
The CCPA applies to MDR to the extent we collect or sell personal information on California residents. Our main focus is to provide commercial data on business entities. However, business-related personal information may be found in our products and this type of information is covered by the CCPA. The CCPA also applies to Dun & Bradstreet when we collect personal information on our employees, customers, and vendors.
Steps MDR Has Taken to Ensure CCPA Compliance
Our CCPA program has been a natural and evolutionary progression of the program we put into place as part of our General Data Protection Regulation (GDPR) and China Cyber Security Law (CSL) compliance efforts. We built on our experience with those efforts and leveraged the practices already in place and expanded them to put new measures in place for full CCPA compliance, including:
- Performing a comprehensive review of our systems to identify where personal information is processed and stored.
- Updating our Privacy Notice to cover CCPA requirements.
- Requiring global training for all employees.
- Updating our contractual terms and policies for CCPA compliance.
- Performing due diligence on our data sources and providers and providing thought leadership to our data providers in the area of CCPA compliance.
- Creating FAQs specific to the CCPA.
- Having our CCPA compliance program tested and reviewed by both internal and external audits.
If you have not thought through how you might address CCPA, if an educator reaches out to you, now is the time to do so. And, the steps above can help you think about what may work for your organization. View this quick reference list of FAQs from my previous blog, to understand how CCPA may affect your business.
MDR has watched CCPA closely with our customers’ interests foremost in mind. As a division of Dun & Bradstreet, we operate with higher-than-industry standards for data collection, data management, and fulfillment. Rest assured, when you partner with MDR, we are following regulations and guidelines. We’ve got customers covered by providing the right data, curated the right way, every day and we enable customers to ingest this data with a variety of tools. Contact us to talk more about data hygiene and enhancement, data update cycles, and contact attributes to round out your customer profile.