With an ever-changing legal landscape, it’s only expected that new legislations are introduced along the way. First, it was the CAN-SPAM Act (December 2003), then, it was GDPR (May 2018), and now (July 2020), it’s CCPA, the California Consumer Privacy Act. In the world of email and email deliverability, these new regulations come strongly into play and you’d be a fool to ignore them! Before sending that email, have a quick think about whether that person opted-in to receive it, you might be surprised…
CCPA is the first major privacy law to be introduced in the US. Similar to GDPR, consumers finally have control over their private data and how it is used.
CCPA only applies to certain types of businesses, please see here for further details. In general, it’s said that if you comply with GDPR, then you most likely comply with CCPA. However, it’s worth getting professional legal advice to highlight any additional obligations. Penalties are pretty steep so it’s best not to assume you’re covered.
Possible penalties for breaching CCPA
- $100 to $750 per consumer per incident, or actual damages, whichever is greater
- Injunctive or declaratory relief
- Any other relief the court deems proper
What rights do Californian consumers have with CCPA?
Taken from this CCPA Fact Sheet, Californian consumers will have the following rights (see Fact Sheet for full details):
• The right to know what personal information is collected, used, shared or sold…
• The right to delete personal information held by businesses and by extension…
• The right to opt-out of sale of personal information…
• The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
What obligations will you have as a business if CCPA applies to you?
Taken from this CCPA Fact Sheet, your business will have the following obligations (see Fact Sheet for full details):
• Businesses subject to the CCPA must provide notice to consumers at or before data collection.
• Businesses must create procedures to respond to requests from consumers to opt-out, know, and delete.
> For requests to opt-out, businesses must provide a “Do Not Sell My Info” link on their website or mobile app.
• Businesses must respond to requests from consumers to know, delete, and opt-out within specific time frames.
> As proposed by the draft regulations, businesses must treat user-enabled privacy settings that signal a consumer’s choice to opt-out as a validly submitted opt-out request.
• Businesses must verify the identity of consumers who make requests to know and to delete, whether or not the consumer maintains a password-protected account with the business…
• As proposed by the draft regulations, businesses must disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information…
• As proposed by the draft regulations, businesses must maintain records of requests and how they responded for 24 months in order to demonstrate their compliance…
Is my business CCPA compliant if I use SMTP2GO?
SMTP2GO is fully GDPR compliant. When it comes to CCPA, you will need to ensure that you are sending and archiving (check out our privacy page to see what kind of data we store to confirm that it’s to your satisfactory) via our US servers/data centers. Now, due to special routing technology, if you are based in the US, your SMTP2GO account will automatically be set to send and archive via our US servers. However, if you requested to send via EU specific servers in order to comply with GDPR, you may want to get in contact with us to see what your options are.
Happy emailing, folks – and remember, don’t hide the unsubscribe! 👌