Welcome to the Global Privacy and Data Security micro-site for TCWGlobal. We are a global contingent workforce management company. To find out more about our services please go to: www.tcwglobal.com
For our Social Distancing Policy, please click here.
2019 Data Breach Industry Forecast
Today’s organizations face a cybersecurity landscape more difficult to navigate than ever before. As our world grows more interconnected and technology-dependent, cybercriminals are becoming more sophisticated in their attacks and are keeping pace with our efforts to thwart them. The motivations behind cyberattacks have also expanded, making it increasingly difficult to predict and identify potential threats. With large-scale data breaches making the headlines in 2017, organizations must be proactive, not reactive, in the face of looming cyber threats. Download the report.
What You Need To Know About CCPA
California is now in line with the high level of data protection that can be found globally; the new law, commonly referred to as AB 375, was inspired by legislation brought out by the European Union for the purpose of providing data protection to its citizens (the General Data Protection Regulations or GDPR). By incorporating the basic premise of the GDPR the Californian legislature was able to pull this law out much faster than the GDPR took to be created. AB 375 marks the first law in the USA which creates an ownership over a person’s data by themselves, giving individuals the right to determine how their shared information is used.
The law requires all Californian companies who use personal data to comply by 2020; this will include any individual’s request to reveal what data a company has collected on them and give the user the ability to have their information deleted in full or in part, allowing the individual to decide if the data can be exchanged further.
Included in AB 375 is:
The right to know what data has been collected on yourself, free of charge up to twice per year.
The right to refuse a company’s ability to sell the personal data, including;
The right to have that data completely deleted.
An ability to know ahead of time what type of data will be collected and for what purpose the collecting is being done.
The right to know if the data collection practice and procedures change.
A requirement for the individual to opt-in to the company’s sharing of their personal data for individuals under 16 years of age.
A right to know which categories a third party falls into who might receive your data.
A right to bring private legal action against any company that experiences a data breach which includes an individual’s data.
The new changes are a positive note for individuals who have had concerns about how their names and addresses end up on mailing lists for companies that they have never previously heard of and didn’t sign up to receive any information from. For businesses, the new law creates more work and a higher level of obligation which they will have to learn to provide to all of their customers and clients.
Although it was created after the GDPR and with the protections listed in the GDPR in mind, it is not as inclusive as the GDPR is and does not provide the same level of protection to US residents as the GDPR gives to EU residents over the same type of information procuring and sharing. Some provisions that the CCPA did not cover include the right to be forgotten, right to privacy as a default, encryption requirements on stored data or data portability. Given the vast differences it would be unwise to consider the new California law as being the same as the GDPR. Even so, on a national standard, the law will be an example to other states as to the minimum protections which should be incorporated in contemporary business due to the rise and constant evolution of technology.
1. Notice to Consumers
When a business is collecting information directly from consumers, that business must provide a notice to the consumer at the point of collection. That notice must inform the consumer what personal information is being collected, what the purpose of collection is, and whether there is any financial incentive being offered in exchange for the business using that data. This notice needs to be visible or accessible before any personal information is collected. The proposed regulations note that if a business collects personal information from a consumer online, the notice at collection may be given to the consumer by providing a link to the applicable section of the business’ privacy policy.
2. Notice of Right to Opt-Out
If your business sells its consumers’ personal data, it’s time to read the proposed regulations thoroughly. There is some great guidance on how to comply with the “opt-out” requirements. Specifically, it is noted that a business shall post the notice of right to opt-out on the webpage the consumer is directed to after clicking on the “Do Not Sell My Personal Information” or “Do Not Sell My Info” link on the website homepage or landing page on a mobile app. The proposed regulations even go so far as to give an example of what the opt-out button or logo should look like. This opt-out option needs to be addressed for offline methods of collection as well.
3. Request to Delete
For those of us already GDPR compliant, we are all too familiar with the “right to be forgotten.” With CCPA, consumers have a similar option which is entitled “request to delete.” This allows a consumer the right to request any personal information collected about the consumer be erased. The business needs to have two methods for placing these types of requests – whether it be email, telephone, interactive webform, or US mail. The proposed regulations indicate that when a
business receives a “request to delete,” they must confirm receipt of request in 10 days and respond within 45 days. The company must also log any “requests to delete.” There are exceptions which allow a business to not delete information in certain situations. Those include when the information is necessary to:
Complete a transaction.
Provide a good/service the consumer has requested.
Perform a contract.
Detect security incidents.
Protect against “malicious, deceptive, fraudulent, or illegal” activities.
Prosecute people responsible for “malicious, deceptive, fraudulent, or illegal” activities.
“Debug to identify and repair errors that impair existing intended functionality.”
Ensure the exercise of free speech.
Ensure the business can exercise “another right provided for by law.”
Comply with a legal obligation.
4. Service Provider Contracts
Businesses may also need to update service-level agreements with any third-party provider where data processing is an issue. CCPA defines the term “sell” in a broad manner that does implicate arrangements where there is an exchange of value between the business and another party for the consumer’s personal information. The Proposed Regulations indicate that Service Providers should not use personal information collected from one business to provide services to another business. Specifically, it is indicated “A Service Provider shall not use personal information received either from a person or entity it services or from a consumer’s direct interaction with the Service Provider for the purpose of providing services to another person or entity. A Service Provider may, however, combine personal information received from one or more entities to which it is a Service Provider, on behalf of such businesses, to the extent necessary to detect data security incidents, or protect against fraudulent or illegal activity.” It also becomes critical that businesses utilizing service providers are contractually addressing the data processing relationship and providing clear instructions on how to respond to a consumer request that is received by a Service Provider on behalf of a business it services.
5. Employees Excluded from the Definition of Consumer until 1/1/2021
AB 25 has modified the definition of “consumer” under the CCPA to exclude for one year “a natural person whose personal information has been collected by a business in the course of a person acting as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business, to the extent the person’s personal information is collected and used solely within the context of the person’s role as a job applicant to, an employee of, a contractor of that business.” As long as an employer is collecting the data of its candidates and employees for purposes solely relating to employment, the CCPA generally does not apply to the collection of that personal information. This exemption will remain in effect only until January 1, 2021. It is anticipated that we will see a separate employee privacy bill proposed prior to the one-year deadline.
TCWGlobal takes data privacy seriously and believes it is best to take a transparent approach to how we handle personal information. Check out our policies at https://www.tcwprivacy.com/policies.
GDPR in the Workplace: 11 Things you need to know!!
LOCATION
3545 Aero Ct. San Diego, CA 92123
☎ CONTACT
privacy@tcwglobal.com
858.810.3000
EU & PRivacy Dispute Resolution
Role Based Information & Policies
Workers
Our global workforce is our main concern. Our team of security, compliance and privacy professionals work around the clock to protect and minimize the amount of data from our workers. Click Here for Your Privacy and Rights.
Vendors
Our global vendors and partners are strategic to the success of TCWGlobal. Our ability to collaborate on projects allows consolidation and ensures compliance for our clients. Data export and onward data transfer are critical to this success. Click Here for Our Vendor Center.
Clients & Prospects
Clients and Prospects can rest assured that we are protecting the data of workers and contractors. Onward data may subject clients to GDPR regulations. We have you covered. Click here for our policy snapshots. Full policies are available by request only.
“Protection and Security need to be simple for our workers and uncompromisingly robust for our clients.”
Further Discussion
Use the form below to contact us regarding your privacy or security questions. Please be as detailed as possible. Often times, we can provide you with resources to help you prior to our conversation. You may also email or call us. We're here to provide "old fashioned customer service."
Job opportunities can be found on our home page at www.tcwglobal.com