Introduction
The California Consumer Privacy Act, (Cal. Civ. Code § 1789.100 et seq.) gives California residents certain data rights, such as the right to know and access the personal information collected from the resident, the right to object to the sale of personal information to unaffiliated third parties, a very limited right to delete personal information, and some limited restrictions on how the personal information may be used.
Starting January 1, 2020, California residents can request access to and a copy of personal information, and under some circumstances, and deletion of personal information from Dynamic Signal’s production environment. The sections below describe the process Dynamic Signal will follow for these requests.
CCPA §1798.100 (a), (d) – Provide personal information file
Dynamic Signal will support this capability as follows:
- Dynamic Signal will, either directly or via a customer request, determine the identity of the requesting individual via a “verified consumer request” as specified by applicable regulations.
- Once the verified consumer request has been evaluated and approved, the Dynamic Signal customer service team will execute a script to extract that member’s personal information which was collected from the member, and will send the file to the member upon a valid request.
- The CCPA defines how members should be made aware of this right, how they can make requests, what information needs to be provided, and how the file should be formatted. Dynamic Signal will comply with all of these requirements.
CCPA §1798.105 (a) – Delete personal information
Dynamic Signal will support this capability as follows:
- Dynamic Signal will, either directly or via a client request, determine the identity of the requesting individual via a “verified consumer request” as specified by applicable regulations.
- Dynamic Signal will evaluate the deletion request to determine if there is any data which is subject to an exception to the right to delete. Such data will not be deleted. Note that this can be a result of Dynamic Signal’s own record retention policies, or contractual requirements with the client.
- Upon validation of the verified consumer request, which has been approved by [legal], the Dynamic Signal customer service team will execute a script to delete the relevant personal information. Note that not all personal information of an individual is subject to a deletion request.
- Where Dynamic Signal determines that it will not comply with the verified consumer request to delete data, it will communicate to the individual directly, or to the client who has the primary relationship with the individual (whichever is most appropriate), in order to explain why the deletion request was rejected.
- The CCPA defines how members should be made aware of this right, how they can make requests, and what information needs to be deleted. Dynamic Signal will comply with all of these requirements.
Other Areas of the CCPA
In addition to the two items listed above, Dynamic Signal complies with all other aspects of the CCPA and has the following policies:
- Dynamic Signal does not sell personal data to third parties as contemplated by the CCPA. As such, Dynamic Signal does not provide an opt-out mechanism.
- Dynamic Signal does not distinguish different levels of service or cost based on an individual’s exercise of their right to opt-out or delete data.
- Dynamic Signal generally collects, uses, and discloses personal information at the instruction of either the client or the individual themselves. All other exceptional collection, use, and disclosure is pursuant to what is permitted under the law.