PureCloud and CCPA compliance


Read this article to learn how PureCloud addresses the California Consumer Privacy Act (CCPA) and what your organization needs to know about PureCloud’s CCPA implementation. 

What is CCPA?

The California Consumer Privacy Act (CCPA) is an important change in data privacy regulation for organizations doing business in the United States. The CCPA becomes effective on January 1, 2020. The CCPA articulates the rights of consumers, related to access and use of their personal information. It also defines the responsibilities of businesses that collect and process personal information.

Is PureCloud CCPA-compliant?

PureCloud legal and technical professionals have reviewed the CCPA. In PureCloud’s role as a service provider for entities covered under the CCPA, PureCloud has taken measures to meet the requirements of the regulations.

Is PureCloud CCPA-certified?

No CCPA certification exists for third party cloud services providers such as PureCloud. However, PureCloud has undergone multiple independent reviews of our administrative, physical, and technical controls for other data protection regulations, such as HIPAA.

As a third party service provider that may process personal information on behalf of your organization, PureCloud implements appropriate technical and organizational measures. For details, see About security and compliance.

Where does PureCloud support CCPA compliance?

PureCloud supports CCPA compliance for all of the PureCloud-deployed Amazon Web Services (AWS) regions.

Do I have to enable CCPA compliance?

No, you do not have to enable or configure anything within PureCloud for CCPA compliance.

How should I respond to CCPA requests?

Consumer requests under the CCPA are similar to data subject requests under the GDPR. PureCloud provides a GDPR API as the preferred self-service solution for PureCloud customers to respond to GDPR and CCPA requests. The GDPR API enables responses to data subject requests under the CCPA to access, rectify, or delete their personal data in PureCloud. For more information about the GDPR API, see PureCloud and GDPR compliance.

Do I have any responsibilities for using PureCloud in a CCPA-compliant manner?

Yes.  You can incorrectly configure certain services that store personal data. This prevents PureCloud from searching, accessing, or removing that data.

When using Architect, do not store personal data in flow names, flow descriptions, state names, task names, action names, VXML operation or parameter names, or prompt text to speech values.

When using Directory, do not store personal data in personal status.