The California Consumer Privacy Act

When data governance & transparency is a good thing.

Do not sell my personal information

With the (strict) new California Consumer Privacy Act (CCPA) that took effect on 1st of January 2020, big tech companies have been swiftly positioning themselves around a newer operating environment. As for Microsoft, abiding by the new digital privacy law all through the U.S. is a “fundamental human right”, stressed by Microsoft Chief Privacy Officer, Julie Brill. Considering a sea of change in privacy regulations, Americans will be able to demand that companies disclose what personal data they have collected about them, and also ask companies to delete that data. It may seem that CCPA will only affect operations in California, but it is applicable to all businesses operating in the golden state – including all enterprises and a large proportion of small and medium-sized enterprises (SME).

The (non-exhaustive) specifics
Here’s a quick glance on some of the wider specifics:
– Right of Access for Consumers: this ensures that customers will ask for information about all the information collected about them and that information needs to be given.
– Right to Delete for Consumers: consumers must be able to order the deletion of their data by statute. The legislation, however, also includes a number of exceptions, such as protection, internal use, study and enforcement.
– Opt-in for Children: Anyone under the age of 16 must opt-in to collect data. Your parent (or guardian) must opt-in for any child under thirteen.
– Right to Opt-out for Consumers: CCPA allows consumers only to opt out of their data being sold. A fundamental component of the CCPA is that every organization must put an opt-out on its homepage as well as on its privacy settings. You must have access to this opt-out without any passwords, logins or other similar information.

Microsoft & the CCPA

Microsoft will be acting as a “service provider” for commercial clients doing business in California with regard to their online services. The terms of the Online Services Terms (OST) and the Data Protection Addendum (MSDPA) of Microsoft Professional Services already fulfill CCPA service provider requirements and are generally sufficient to allow clients to transfer information on their online service to continue to do so. As such, customers are unable to rely on Microsoft as a Service Provider under the CCPA if they need additional contractual changes. More resources here…

Schedule your free assessment

Designing, implementing and supporting Modern Workplace technology is what FSi Strategies specializes in. We’ve helped hundreds of businesses implement modern security strategies in support of their missions. We invite you to discover how together, we can leverage the intelligent Cloud for the security and privacy needs of your business.