California Consumer Privacy Act

Clarabridge is pleased to announce that it has completed it preparations to be compliant with all California Consumer Privacy Act (“CCPA”) requirements well ahead of January 1, 2020, the date this new law comes into effect. At Clarabridge, we are fully committed to privacy, security and data protection for all our customer’s data.

CCPA is the new California privacy legislation passed in 2018 and becomes effective January 1, 2020. This new legislation affords consumers in California with certain rights, with regard to companies doing business in California (regardless of whether they are in California or not) relating to their personal information that is collected by such Businesses. Among other things, it requires these Businesses upon receiving a verified request from a California consumer to (i) provide a copy of such consumer’s personal information that has been collected by such Business, (ii) provide details regarding information the Business shared about the consumer with any third parties, and/or (iii) remove any personal information about such consumer from their databases.

Clarabridge is prepared to support its customers (or “Businesses”) with direct relationships to customers in California (i.e., California consumers) in their efforts to comply with CCPA. Clarabridge, as the processor, will assist our customers with the removal of data from our Subscription Service platform when they receive a verified request. We will also promptly inform our customers if we receive any requests from individuals claiming to be a consumer of our customers. Of course, we will not take any action with regard to any such requests, until receiving direction from our customer.

This year, we have been working to ensure our compliance with all CCPA requirements so as to be ready when this new law comes into effect. Among other things, in anticipation of CCPA, we are reviewing and updating our Privacy Policies (Clarabridge and Engage) where needed.

The following information outlines certain key principles of CCPA and what we have done to meet the CCPA requirements applicable to us as a processor. Please note that the below does not provide legal advice and should not be used as such.

CALIFORNIA CONSUMER PRIVACY ACT

The California Consumer Privacy Act of 2018 (or CCPA), becomes law in California January 1, 2020. It is the first of its kind in the United States and affords consumers with rights from Businesses regarding what information is collected and which third parties they may share the consumer’s data, and it has provisions for the consumer to request the deletion of his or her personal information. CCPA applies to all companies doing business in California.

Companies around the world are subject to following CCPA if they receive personal information from residents (consumers) in California and if they surpass one of the following three factors:

  • An annual gross revenue of $25 million;
  • Acquire personal information for residences of California, households, or devices of 50,000 or more annually; or
  • Revenue earnings are based on 50% or more from selling personal information of California residents.

GDPR VERSUS CCPA

GPDR CCPA
Regulation
Effective
May 25, 2018 Jan 1, 2020
Basis for
consent
Opt in Opt out
Applies to Any organization holding personal
data on EU citizens
Companies that process personal information of California residents with one of three factors:

  1. Annual gross revenue of $25M
  2. Hold personal information of 50,000 people, households, or devices, or
  3. Do 50% of their revenue in the sale of personal information
Rights for
Individuals
Access to data being held, right to erasure, correction, object to
automated processing. Right to notification if there is a data breach.
Right to disclosure and objection relating to who data is being sold to, no discrimination if individual objects to data sold. Right of access to data being held. Right to know how personal information is being used. Right to know who data has been provided to.
Penalties 4% of turnover or €20m
(whichever is greater)
$7,500 per violation. $750 or actual damages for each individual
(whichever is greater)
Time to respond
to a request
1 month 45 days

DEFINITIONS
Capitalized words not otherwise defined below have the meanings attributed to them by the CCPA.

CCPA KEY CHANGES
Below are some of the material rights and obligations associated with CCPA when the law becomes effective:

2.1. Expanded rights for individuals: CCPA expands the rights of individuals (consumers) that reside in California. It allows the consumer to opt-out and have any personal information that was collected on the consumer removed once a company receives a verified request. Clarabridge is ready to address any such requests that come in from our customers.

2.2. Security and compliance: Under CCPA, organizations are responsible for handling consumer inquiries about privacy practices or compliance. Clarabridge can aid our customers who collect data on California consumers with responding to verified requests and/or to remove data from our Subscription Services platform.

PENALTIES
With the CCPA, a violation is $7,500 (A) To recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.

CLARABRIDGE CCPA ROADMAP STATUS

  • Assign the Clarabridge compliance and legal teams to review processes (i.e., CCPA) to identify any gaps in processes (DONE)
  • Review and modify our Subscription Services Agreement, including seeking expert consultation on CCPA (DONE)
  • Identify changes or improvements to our Services considering CCPA, thoroughly test, and document (DONE)
  • Revise our Privacy Policy (In Process)
  • Update our Data Processing Agreements to address the requirements of CCPA (In Process)
  • Complete a responsibilities matrix detailing the responsibilities of our customers as the business relative to our responsibilities as their data processor (DONE)

GUIDELINES
5.1. Clarabridge will work with our customers and shall process personal information in a manner that is designed to ensure privacy, security and confidentiality, as well as in a fashion that provides fairness and transparency.

5.2. Clarabridge is committed to working with our customers regarding data retention policies and processes for data retention, specifically ensuring we can aid the customer with identifying and removing data when needed, including the personal information of any person (the consumer) requesting such removal once the customer alerts Clarabridge of such requirements.

FREQUENTLY ASKED QUESTIONS

  • Where is data stored, processed or accessed? – Please refer to our Data Processing Annex, section 7.1.3.
  • Will Clarabridge use personal information for any purpose other than providing your Services? – No, Clarabridge only processes data as directed by the customer and does not use personal information for any other purpose.

CONTACT INFORMATION
Clarabridge welcomes your comments regarding CCPA. Please contact Clarabridge at privacy@clarabridge.com, or write to us via postal mail at the following address:

Clarabridge, Inc.
11400 Commerce Park Dr.
Suite 500
Reston, VA 20191
Corporate Headquarters – USA
ATTN: Privacy