CCPA Compliance

The California Consumer Privacy Act (CCPA) is California’s equivalent to the EU’s General Data Protection Regulation (GDPR). Though the two aren’t exactly the same, they do share similar goals and include similar components.

The CCPA was enacted in 2020 to give California consumers greater rights over the way businesses collect and store personal details about them.

Anybody who’s a resident of California, even if they’re temporarily living outside of the State, has the right to:

• Know about the personal information a business collects about them and how it’s used and shared
• Delete personal information that’s been collected about them (there are some exceptions to this – details below)
• Opt-out of the sale of personal information
• Not be discriminated against for exercising their CCPA rights

The CCPA applies to all for-profit businesses operating in California that:

• Have a gross annual revenue greater than $25 million
• Buy, receive or sell the personal information of 50,000 or more California residents, households or devices
• Generate 50% or more of their annual revenue from selling California residents’ personal information

Non-profit organizations and government agencies are the only exceptions to the CCPA rules—their activity isn’t classed as falling under the CCPA.

Ultimately, candidates can now request information about the personal data you have about them on your systems.

They can ask you to tell them the personal information you’ve collected, used, shared or sold about them and why you’ve collected, used, shared or sold it.

The requested information applies to the previous 12 months and must be provided free of charge within 45 days. It is possible to extend the deadline by another 45 days, providing you notify the candidate that you are doing this.

Following the CCPA regulations is a clear indicator that you take data protection and privacy seriously. In turn, this helps build trust among candidates and encourages more people to apply for your vacancies.

To comply with the CCPA, recruiters (and other businesses) have to tell people when they’re collecting their personal data. They need to do this by issuing candidates with a Notice at Collection which, as the name suggests, is at the time the information’s being gathered or just before this point. These notices should:

• List the categories of personal information that’s being collected
• Explain what the details are being used for
• Link to the business’s privacy policy, which must set out consumers’/candidates’:
  • Right to know
  • Right to delete
  • Right to opt out of sale
  • Right to non-discrimination

Most of the time, they can ask you to delete it. The only time this can’t happen is if/when:

• You can’t verify their request
• The details relate to certain medical information, consumer credit reporting information or other types of information that’s not covered by the CCPA
• The information is required:
  • To complete a transaction, provide a reasonably anticipated product or service or for certain warranty and product recall purposes
  • For certain business security practices
  • For some internal uses that are compatible with reasonable expectations or the context in which the information was provided
  • To comply with legal obligations, exercise legal claims or rights or defend legal claims

Pinpoint is considered a Service Provider for the purposes of the CCPA, which means that we are responsible for complying with the CCPA and helping our customers comply as well.

Customers that choose Pinpoint as their ATS get access to enterprise-grade security and privacy for their recruitment teams.

Here are a few ways we help customers comply with CCPA:

1. You can protect access to your Pinpoint account with two-factor authentication and single sign on.
2. You can easily respond to candidate requests to disclose their data, by using Pinpoint as a central location to store candidate data and the sources of that data.
3. You can embed a customisable “Notice at Collection” and “cookie notice” as part of your job applications and careers site.
4. You can allow candidates to self-manage their own data, and even delete it if they choose, with no admin needed from your team.

See more details about how we help our customers comply with CCPA in this article: https://www.pinpointhq.com/insights/pinpoint-ats-ccpa-compliance/