Last Modified: January 1, 2020
On January 1, 2020, the California Consumer Privacy Act (“CCPA” or the “Act”) will go into effect. Although CCPA applies to Personal Information (“PI”) for California residents (“Consumers”) only, in practicality it raises the standard for domestic privacy across the board.
Neustar sees CCPA as an opportunity to reinforce trust in data-rich ecosystems by empowering consumers to understand and control how and why their PI is collected, used and shared. That is why Neustar is extending the CCPA rights of access, deletion and opting-out of sale to consumers across the nation.
As you may know, the CCPA includes provisions for the California Attorney General (the “AG”) to promulgate Regulations (“Regs”) to “...operationalize and provide clarity with regard to certain provisions and, specifically, to assist in the implementation of the CCPA.” While the AG has issued a draft of his proposed Regs and comments on those have been submitted by the public, they are not yet final and, accordingly, exactly what the final requirements are, and what the appropriate means are to fulfill those requirements, are still developing. Neustar will continue to monitor the status of the AG Regs along with data privacy legislation in consideration at the Federal and State level and will make the adjustments when and as needed to make sure that we continue to provide effective data privacy transparency and control to consumers and help our clients do the same with regard to the PI that they have entrusted to us.
Regardless of the current unsettled state of the AG Regs, Neustar has taken action to comply with CCPA’s core rights and, where uncertainty is left by the lack of AG Regs, Neustar will interpret and implement the relevant provisions with the intent to maintain our position as a steward of consumer data making trusted connections between people and companies without sacrificing personal privacy. Some of the steps Neustar has taken are as follows:
The tools Neustar provides to further Consumer’s access and control over their personal data, are based on whether the requestor is an individual consumer acting on his or her own behalf (or their verified agent) or a Neustar client acting on behalf of a business to who Neustar is a Service Provider.
As a business that solely provides products and services to other businesses (i.e., a B2B business), if you are an individual consumer, you and Neustar may have not interacted directly. In the vast majority of cases, Neustar processes PI on behalf of our clients, some of which you can find here. Where Neustar processes PI solely on behalf of its clients it acts as those clients’ Service Provider and can only take action regarding such PI (including actions regarding a Consumer request) on the direction of the client for whom we process such PI.
However, in those cases where Neustar process PI for our own business use, Neustar is directly subject to the CCPA as a Business and treats your PI and your requests regarding such accordingly.
Neustar’s processing of PI as a Service Provider to clients is governed by our agreement with those clients. The CCPA provides that when our clients are processing PI as a “Business” under the Act they have certain obligations with regard to any PI provided to their Service Provider. More specifically, with regard to a Consumer’s effectuation of his/her deletion right, Neustar clients, as Businesses, are required to direct their Service Providers to delete any PI that the Service Provider is holding on the client’s behalf. Regardless of whether Neustar is contractually obligated to assist a client with its deletion obligations; Neustar will assist our clients as further described below.
In some circumstances, Neustar’s clients have the ability to directly control the deletion of PI Neustar is holding on the client’s behalf (i.e., Neustar is acting as the client’s Service Provider) and, therefore, can ensure that the appropriate deletions are made from Neustar’s systems without any assistance from Neustar.
Where this is not the case, Neustar has made APIs available through which our clients can submit verified Consumer requests for deletion and Neustar will delete the applicable PI in its records to the extent that no exception to deletion set forth in the CCPA is applicable and/or Neustar is not legally restricted from doing so. Client’s should contact their Neustar Account Manager to obtain documentation for the APIs.
There may also be certain client implements with which the APIs are unable to or inappropriate for the transmission of a deletion request. In such cases, Neustar will make an alternative mechanism available to the applicable client(s). Again, our client’s should reach out to their designated Account Manager to determine and implement the appropriate deletion. We ask our clients to not utilize the Privacy Choices Portal or Neustar’s Privacy email address as those are reserved exclusively for use by individual Consumers and their verified agents.
Neustar is proud of our commitment to consumer privacy and data protection and welcome the opportunity to deepen our already rigorous and long-standing privacy and compliance principles. Although the legislative and regulatory impacts of CCPA remain fluid, Neustar remains confident in our ability to meet and exceed the increasing consumer demands for privacy protections and security.
For more information on Neustar’s commitment to consumer privacy, please visit our Neustar Privacy Center.