California Consumer Privacy Act

The California Consumer Privacy Act is probably the most well-known of a raft of incoming (and reasonably similar) state-level laws across the US.

Where CCPA applies

CCPA requires that businesses implement and maintain ‘reasonable security procedures and protections’ over the private data of California resident, wherever that business is based.

It is a CCPA breach to send an email containing personal information to a client with a free webmail account (such as Gmail, Hotmail, Yahoo etc.)

Free webmail accounts are free for a reason: the webmail provider gets access to the data. To comply with CCPA, businesses should not send emails containing any private data to free webmail accounts. Given that the CCPA definition of private data is very broad, this means in practice that most emails containing any content personal to the recipient are likely to be included in the scope.

The problem may be the client’s doing, but the company is on the hook

The data breach only arises because the client is using a free webmail account. If the client had their own private email account (as companies do) the problem would not arise. It might seem a little unfair that the company, not the client, is the one liable, but those are the rules. Companies can avoid the problem by either not using email or implementing a corporate email encryption solution, such as StayPrivate.

StayPrivate is a simple solution

The good news is that you can fix this problem quickly and easily. StayPrivate only takes a few minutes to configure across your entire organization, with no disruption or training required. And most importantly, StayPrivate ensures that your clients also get a great experience.