Read this article to learn how Genesys Cloud addresses the California Consumer Privacy Act (CCPA) and what your organization needs to know about Genesys Cloud’s CCPA implementation. 

What is CCPA?

The California Consumer Privacy Act (CCPA) is an important change in data privacy regulation for organizations doing business in the United States. The CCPA becomes effective on January 1, 2020. The CCPA articulates the rights of consumers, related to access and use of their personal information. It also defines the responsibilities of businesses that collect and process personal information.

Is Genesys Cloud CCPA-compliant?

Genesys Cloud legal and technical professionals have reviewed the CCPA. In Genesys Cloud’s role as a service provider for entities covered under the CCPA, Genesys Cloud has taken measures to meet the requirements of the regulations.

Is Genesys Cloud CCPA-certified?

No CCPA certification exists for third party cloud services providers such as Genesys Cloud. However, Genesys Cloud has undergone multiple independent reviews of our administrative, physical, and technical controls for other data protection regulations, such as HIPAA.

As a third party service provider that may process personal information on behalf of your organization, Genesys Cloud implements appropriate technical and organizational measures. For details, see About security and compliance.

Where does Genesys Cloud support CCPA compliance?

Genesys Cloud supports CCPA compliance for all of the Genesys Cloud-deployed Amazon Web Services (AWS) regions.

Do I have to enable CCPA compliance?

No, you do not have to enable or configure anything within Genesys Cloud for CCPA compliance.

How should I respond to CCPA requests?

Consumer requests under the CCPA are similar to data subject requests under the GDPR. Genesys Cloud provides a GDPR API as the preferred self-service solution for Genesys Cloud customers to respond to GDPR and CCPA requests. The GDPR API enables responses to data subject requests under the CCPA to access, rectify, or delete their personal data in Genesys Cloud. For more information about the GDPR API, see Genesys Cloud and GDPR compliance.

Do I have any responsibilities for using Genesys Cloud in a CCPA-compliant manner?

Yes.  You can incorrectly configure certain services that store personal data. This prevents Genesys Cloud from searching, accessing, or removing that data.

When using Architect, do not store personal data in flow names, flow descriptions, state names, task names, action names, or prompt text to speech values.

When using Directory, do not store personal data in personal status.