JumpCloud and the CCPA

Written by Zach DeMeyer on September 10, 2020

Share This Article

Privacy continues to be a hot topic worldwide; one most government agencies take seriously. The European Union’s General Data Privacy Regulation (GDPR) laws triggered a wave of similar legislation abroad. For instance, in 2018, California passed the California Consumer Privacy Act (CCPA). It’s a comprehensive law aimed at businesses that have and process personal information about California residents. In this post, we will discuss CCPA further and how it impacts JumpCloud® and our customers.

What is CCPA?

Although it’s unclear if CCPA was modeled after GDPR, it does share some of its attributes. Any organization that meets a revenue or data collection threshold and processes personal information of California residents — name, address, social security number, browsing history, geolocation information, and more — is subject to the law. There are, however, some exceptions to this law that are critical to understand, which we will discuss shortly.

California residents can request that an organization provide any personal information the organization has that is associated with them, provide security for such data, delete such data, and not sell their data, among other things. 

CCPA and JumpCloud

Many customers of JumpCloud have asked whether the platform is CCPA compliant. Certainly, customers can maintain CCPA compliance using JumpCloud.  However, the type of personal information (i.e., customer employee and contractor information) that is collected as part of the JumpCloud service is subject to an exemption in the CCPA at this time.

The CCPA was amended in 2019 by Assembly Bill No. 25 (AB 25) to state that internal employee and contractor data was subject to an exemption, until January 1, 2021. In essence, an organization’s storage of a California employee’s or contractor’s information within JumpCloud is not subject to CCPA. Organizations with California employees or contractors do not at this time need to consider this data subject to CCPA. That exemption will be extended to January 1, 2022, if Assembly Bill 1281 is signed into law, as it is currently expected to be. 

More importantly, because the customer is the data controller, even if the customer’s data is subject to CCPA, the customer will have the tools within the JumpCloud console to provide information to the data subject (California resident) or delete their data as appropriate. JumpCloud does not control or manage an organization’s data. As JumpCloud itself is not subject to CCPA, an organization and individual’s privacy rights with respect to JumpCloud’s website, sales activities, and platform are detailed in our Privacy Policy.

If at any point an organization’s admins would like to delete any of the organization’s personal information in the JumpCloud service, they may delete such information, or they can request that the organization’s account be deleted altogether. JumpCloud will comply with this request once it has been verified and authenticated to be a valid request from the owner of the JumpCloud account to be deleted. This procedure is similar to a GDPR right-to-be-forgotten request.

Learn More

In summary, JumpCloud and its customers are not currently subject to CCPA due to AB 25. If you have any further questions about JumpCloud and CCPA legislation, please email us at privacy@jumpcloud.com.

Continue Learning with our Newsletter