From January 1, 2020, California is the frontier of establishing a new data privacy framework in the United States. California has its matchup to GDPR, a data privacy law called California Consumer Privacy Act (CCPA). The CCPA has the potential to become as consequential as the GDPR. In 2018, TeleSign developed a global GDPR compliance program that we are very proud of. In the world of ever rising threats to consumer liberties, TeleSign is committed to personal information privacy as one of the pillars of customer trust. As a company established in the sunny state of California, collecting and processing personal information of California residents, we worked passionately to comply with the CCPA. Here is what we did:
At TeleSign, privacy is in our DNA – it is embedded in everything that we do in service to our customers and taken very seriously by all TeleSign employees. Foundationally, the CCPA is very similar to the GDPR. TeleSign implemented GDPR globally, not only for EU operations. Consequently, the GDPR compliance program was leveraged to comply with the CCPA. We choose to follow “one privacy framework” rule for all regulations materially addressing the privacy matter, based on the strictest, but still allowing for specific differences to be addressed and implemented separately.
Our customers are Businesses covered by the CCPA in whose service TeleSign is acting as a Service Provider. Customers disclose personal information to TeleSign solely for a valid business purpose and for TeleSign to perform the services. TeleSign warrants that we shall not further sell, retain, use, or disclose personal information for a commercial purpose other than the defined business purpose. TeleSign will not abuse or in any way compromise the trust given to us by our customers and end users (consumers). We understand we have earned this trust by how we handle personal information and are determined to maintain full compliance with the CCPA.
In the delivery of our products and services, we are using personal information for approved business purposes, which are defined in relevant contracts. Personal information belongs to the end user (consumer). The owners of the personal information have given permission (consent) to use their personal information, either directly to us or to our customers, for purposes that have been transparently disclosed to them. In short, the consumer is giving a restricted license to use his/her personal information, and TeleSign conducts business strictly within those limitations.
We established processes for responding to requests for access, deletion and opt-out of sale of personal information in a timely and effective manner. Most of our end users should be contacting our customers, CCPA covered Businesses, to exercise their consumer rights. As a Service Provider, we are committed to facilitating the consumer rights on behalf of our customers. If you are a CCPA covered Business, please reach out to your Technical Account Manager for additional details.
In our Privacy Notice we transparently disclose:
To avoid being characterized as “selling” personal information to third parties, that receive personal information from TeleSign, we identified and contacted all third parties to include appropriate contract terms to address CCPA requirements. Through our diligent vendor assessment process, any company that wants to do business with TeleSign is made aware of our privacy and security standards and their obligation to comply with them.
TeleSign has an internal Global Information Security Policy (GISP) based on the ISO 27002:2013 standard for information security management. We employ various independent third parties to perform an ISO 27002-based Enterprise Risk Assessment (ERA) across the entire network on an annual basis to measure our compliance with the ISO-based standard and GISP. For more information, please visit: Security.
CCPA compliance efforts are led by our Privacy Office(PO), which is comprised of IAPP-certified members of the Legal, Privacy andSecurity teams, and complemented by IAPP-certified employees in the Sales andEngineering teams. They are available to answer any questions regarding privacyand the CCPA at our Contact Us page.
Our SMS (two-factor authentication) product provides universal verification of identity using mobile phone numbers, thus ensuring that consumer’s identity is verified before he/she submits a request to exercise any of their rights. If you are a CCPA covered Business and need an identity verification method for consumer requests, please reach out to our Sales team to ask about our SMS 2FA solution.