Privacy continues to be a hot topic worldwide; one most government agencies take seriously. The European Union’s General Data Privacy Regulation (GDPR) laws triggered a wave of similar legislation abroad. For instance, in 2018, California passed the California Consumer Privacy Act (CCPA). It’s a comprehensive law aimed at businesses that have and process personal information about California residents. In this post, we will discuss CCPA further and how it impacts JumpCloud® and our customers.
What is CCPA?
Although it’s unclear if CCPA was modeled after GDPR, it does share some of its attributes. Any organization that meets a revenue or data collection threshold and processes personal information of California residents — name, address, social security number, browsing history, geolocation information, and more — is subject to the law. There are, however, some exceptions to this law that are critical to understand, which we will discuss shortly.
California residents can request that an organization provide any personal information the organization has that is associated with them, provide security for such data, delete such data, and not sell their data, among other things.
CCPA and JumpCloud
Many customers of JumpCloud have asked whether the platform is CCPA compliant. Certainly, customers can maintain CCPA compliance using JumpCloud. However, the type of personal information (i.e., customer employee and contractor information) that is collected as part of the JumpCloud service is subject to an exemption in the CCPA at this time.
The CCPA was amended in 2019 by Assembly Bill No. 25 (AB 25) to state that internal employee and contractor data was subject to an exemption, until January 1, 2021. In essence, an organization’s storage of a California employee’s or contractor’s information within JumpCloud is not subject to CCPA. Organizations with California employees or contractors do not at this time need to consider this data subject to CCPA. That exemption will be extended to January 1, 2022, if Assembly Bill 1281 is signed into law, as it is currently expected to be.
If at any point an organization’s admins would like to delete any of the organization’s personal information in the JumpCloud service, they may delete such information, or they can request that the organization’s account be deleted altogether. JumpCloud will comply with this request once it has been verified and authenticated to be a valid request from the owner of the JumpCloud account to be deleted. This procedure is similar to a GDPR right-to-be-forgotten request.
In summary, JumpCloud and its customers are not currently subject to CCPA due to AB 25. If you have any further questions about JumpCloud and CCPA legislation, please email us at email@example.com.