CCPA

California Consumer Privacy Act

The California Consumer Privacy Act (amended by the California Privacy Rights Act) is regarded as the most stringent of a range state-level privacy laws across the US, both enacted and incoming.

Where CCPA applies

CCPA requires that businesses implement and maintain ‘reasonable security procedures and protections’ over the private data of California resident, wherever that business is based.

It is a CCPA breach to send an email containing personal information to a typical webmail account (such as Gmail, Hotmail, Yahoo etc.)

Free webmail accounts are free for a reason: the webmail provider gets access to the data. To comply with CCPA, businesses should not send emails containing any private data to free webmail accounts. Since the CCPA definition of private data is very broad, this means in practice that most emails containing any personal content are likely to be included in the scope.

The problem may be the client's doing, but the company is on the hook

The data breach only arises because the client is using a free webmail account. If the client had their own private email account (as companies do) the problem would not arise. It might seem a little unfair that the company, not the client, is the one liable, but those are the rules.

Companies can avoid the problem by asking their clients to use a private email account, such as StayPrivate, or by using StayPrivate themselves.

All StayPrivate services are compliant with CCPA and other privacy laws

The good news is that you can fix this problem quickly and easily by using solutions such as StayPrivate Secure Delivery, Secure Delivery Plus or TLS Ensure.