One Privacy Framework
At TeleSign, privacy is in our DNA – it is embedded in everything that we do in service to our customers and taken very seriously by all TeleSign employees. Foundationally, the CCPA is very similar to the GDPR. TeleSign implemented GDPR globally, not only for EU operations. Consequently, the GDPR compliance program was leveraged to comply with the CCPA. We choose to follow “one privacy framework” rule for all regulations materially addressing the privacy matter, based on the strictest, but still allowing for specific differences to be addressed and implemented separately.
Our customers are Businesses covered by the CCPA in whose service TeleSign is acting as a Service Provider. Customers disclose personal information to TeleSign solely for a valid business purpose and for TeleSign to perform the services. TeleSign warrants that we shall not further sell, retain, use, or disclose personal information for a commercial purpose other than the defined business purpose. TeleSign will not abuse or in any way compromise the trust given to us by our customers and end users (consumers). We understand we have earned this trust by how we handle personal information and are determined to maintain full compliance with the CCPA.
In the delivery of our products and services, we are using personal information for approved business purposes, which are defined in relevant contracts. Personal information belongs to the end user (consumer). The owners of the personal information have given permission (consent) to use their personal information, either directly to us or to our customers, for purposes that have been transparently disclosed to them. In short, the consumer is giving a restricted license to use his/her personal information, and TeleSign conducts business strictly within those limitations.
Verifiable Consumer Requests
We established processes for responding to requests for access, deletion and opt-out of sale of personal information in a timely and effective manner. Most of our end users should be contacting our customers, CCPA covered Businesses, to exercise their consumer rights. As a Service Provider, we are committed to facilitating the consumer rights on behalf of our customers. If you are a CCPA covered Business, please reach out to your Technical Account Manager for additional details.
Transparency and Accountability
In our Privacy Notice we transparently disclose:
- WHO we are (as a CCPA covered Business and a Service Provider),
- WHAT categories of personal information we collect and/or sell,
- WHY we are processing personal information, including the lawful basis,
- WHERE we got personal information from and the categories of third parties, we are sharing it with,
- WHEN we will delete this personal information, and why we need to retain it until that time,
- WHICH other rights all consumers have, including the right to opt-out of sale (“Do Not Sell My Personal Information”), and
- HOW to exercise any of the consumer rights.
Third Party Risk Management
To avoid being characterized as “selling” personal information to third parties, that receive personal information from TeleSign, we identified and contacted all third parties to include appropriate contract terms to address CCPA requirements. Through our diligent vendor assessment process, any company that wants to do business with TeleSign is made aware of our privacy and security standards and their obligation to comply with them.
Reasonable Security Framework
TeleSign has an internal Global Information Security Policy (GISP) based on the ISO 27002:2013 standard for information security management. We employ various independent third parties to perform an ISO 27002-based Enterprise Risk Assessment (ERA) across the entire network on an annual basis to measure our compliance with the ISO-based standard and GISP. For more information, please visit: Security.
Mandatory employee training
Team of Privacy Experts
CCPA compliance efforts are led by our Privacy Office (PO), which is comprised of IAPP-certified members of the Legal, Privacy and Security teams, and complemented by IAPP-certified employees in the Sales and Engineering teams. They are available to answer any questions regarding privacy and the CCPA at email@example.com.
Verifying consumers through our services
Our SMS (two-factor authentication) product provides universal verification of identity using mobile phone numbers, thus ensuring that consumer’s identity is verified before he/she submits a request to exercise any of their rights. If you are a CCPA covered Business and need an identity verification method for consumer requests, please reach out to our Sales team to ask about our SMS 2FA solution.