California Consumer Privacy Act

The California Consumer Privacy Act is probably the most well-known of a raft of incoming (and reasonably similar) state-level laws across the US.

Where CCPA applies

CCPA requires that businesses implement and maintain ‘reasonable security procedures and protections’ over the private data of California resident, wherever that business is based.

It is a CCPA breach to send an email containing personal information to a typical webmail account (such as Gmail, Hotmail, Yahoo etc.)

Free webmail accounts are free for a reason: the webmail provider gets access to the data. To comply with CCPA, businesses should not send emails containing any private data to free webmail accounts. Since the CCPA definition of private data is very broad, this means in practice that most emails containing any personal content are likely to be included in the scope.

The problem may be the client's doing, but the company is on the hook

The data breach only arises because the client is using a free webmail account. If the client had their own private email account (as companies do) the problem would not arise. It might seem a little unfair that the company, not the client, is the one liable, but those are the rules.

Companies can avoid the problem by asking their clients to use a private email account, such as StayPrivate, or by using StayPrivate themselves.

StayPrivate is the simple solution

The good news is that you can fix this problem quickly and easily.

You can either ask your clients to sign up to StayPrivate. Or you can implement StayPrivate across your entire organization. It is easy to use for your employees - all they have to do is include a keyword anywhere in the email.

Whichever route you choose, StayPrivate will ensure that your clients get a great experience.