Last Modified: December 1, 2021
On January 1, 2020, the California Consumer Privacy Act ("CCPA" or the "Act") went into effect, with final regulations ("Regs") under CCPA approved by the California Office of Administrative Law (OAL) on August 14, 2020.
Although CCPA applies to Personal Information ("PI") for California residents ("Consumers") only, in practicality it raises the standard for domestic privacy across the board.
Neustar sees CCPA as an opportunity to reinforce trust in data-rich ecosystems by empowering consumers to understand and control how and why their PI is collected, used and shared. That is why Neustar has extended the CCPA rights of access, deletion and opting out of sale to consumers across the nation.
The CCPA included provisions for the California Attorney General (the "AG") to promulgate Regulations ("Regs") to "...operationalize and provide clarity with regard to certain provisions and, specifically, to assist in the implementation of the CCPA." Neustar has monitored the California AG’s Regs since the beginning, to guide our efforts to be compliant. Neustar will continue to monitor any changes to the CCPA along with other data privacy legislation in consideration at the Federal and State level and will make the adjustments when and as needed to make sure that we continue to provide effective data privacy transparency and control to consumers while helping our clients do the same with regard to the PI that they have entrusted to us.
Throughout the AG Regs process, Neustar took action to comply with CCPA’s core rights and implemented the relevant provisions with the intent to maintain our position as a steward of consumer data making trusted connections between people and companies without sacrificing personal privacy. Now with the final AG Regs approved by the California OAL, Neustar has reviewed and determined any gaps and are implementing solutions to fill them.
Some of the steps Neustar has taken are as follows:
- Launched a CCPA readiness program last year, using GDPR infrastructure.
- Updated Privacy Impact Assessments and identified compliance needs and risk mitigation strategies for all products/services.
- Expanded GDPR privacy portal to cover all consumer rights under CCPA (the "Privacy Choices Portal").
- Developed APIs to facilitate our client’s fulfillment of its obligations (as a "Business") to direct Neustar (as its "Service Provider") to delete PI held by Neustar in this capacity.
- Updated internal privacy, security, and data governance policies and our external facing privacy notices, to reflect the rights accorded Consumers under the CCPA.
- Updated vendor agreements, already upgraded to cover GDPR requirements, to address any CCPA-required controls and flow downs.
The tools Neustar provides to further Consumer’s access and control over their personal data, are based on whether the requestor is an individual consumer acting on his or her own behalf (or their verified agent) or a Neustar client acting on behalf of a business to who Neustar is a Service Provider.
As a business that solely provides products and services to other businesses (i.e., a B2B business), if you are an individual consumer, you and Neustar may have not interacted directly. In the vast majority of cases, Neustar processes PI on behalf of our clients, some of which you can find here. Where Neustar processes PI solely on behalf of its clients it acts as those clients’ Service Provider and can only take action regarding such PI (including actions regarding a Consumer request) on the direction of the client for whom we process such PI.
However, in those cases where Neustar process PI for our own business use, Neustar is directly subject to the CCPA as a Business and treats your PI and your requests regarding such accordingly.
- As an individual consumer, you can learn more about Neustar’s data privacy practices here
- To initiate a request to access, delete and/or opt-out of the sale of any of your Personal Information that Neustar controls, please go to our Privacy Choices Portal.
Neustar’s processing of PI as a Service Provider to clients is governed by our agreement with those clients. The CCPA provides that when our clients are processing PI as a "Business" under the Act they have certain obligations with regard to any PI provided to their Service Provider. More specifically, with regard to a Consumer’s effectuation of his/her deletion right, Neustar clients, as Businesses, are required to direct their Service Providers to delete any PI that the Service Provider is holding on the client’s behalf. Regardless of whether Neustar is contractually obligated to assist a client with its deletion obligations; Neustar will assist our clients as further described below.
In some circumstances, Neustar’s clients have the ability to directly control the deletion of PI Neustar is holding on the client’s behalf (i.e., Neustar is acting as the client’s Service Provider) and, therefore, can ensure that the appropriate deletions are made from Neustar’s systems without any assistance from Neustar.
Where this is not the case, Neustar has made APIs available through which our clients can submit verified Consumer requests for deletion and Neustar will delete the applicable PI in its records to the extent that no exception to deletion set forth in the CCPA is applicable and/or Neustar is not legally restricted from doing so. Client’s should contact their Neustar Account Manager to obtain documentation for the APIs.
There may also be certain client implements with which the APIs are unable to or inappropriate for the transmission of a deletion request. In such cases, Neustar will make an alternative mechanism available to the applicable client(s). Again, our clients should reach out to their designated Account Manager to determine and implement the appropriate deletion. We ask our clients to not utilize the Privacy Choices Portal or Neustar’s Privacy email address as those are reserved exclusively for use by individual Consumers and their verified agents.
Neustar is proud of our commitment to consumer privacy and data protection and welcome the opportunity to deepen our already rigorous and long-standing privacy and compliance principles. Although the legislative and regulatory impacts of CCPA remain fluid, Neustar remains confident in our ability to meet and exceed the increasing consumer demands for privacy protections and security.
For more information on Neustar’s commitment to consumer privacy, please visit our Neustar Privacy Center.