- A pharmacy startup recently asked about our stance on CCPA compliance as it relates to data deletion requests within Paubox Marketing.
- The California Consumer Privacy Act (CCPA) is California’s relatively new privacy law that went into effect on 1 January 2020.
- The CCPA gives consumers more control over the personal information that businesses collect about them.
This post is about CCPA compliance (including data deletion requests) and Paubox Marketing, our HIPAA compliant email marketing solution.
See Related: HIPAA Compliant Email: The Definitive Guide
CCPA Compliance and Data Deletion Requests
According to the State of California Department of Justice Office of the Attorney General, CCPA secures the following new privacy rights for California consumers:
- The right to know about the personal information a business collects about them (including how it’s used and shared)
- The right to delete personal information collected from them
- The right to opt-out of the sale of their personal information
- The right to not being discriminated against for exercising their CCPA rights
As it relates to data deletion requests, consumers may request that businesses delete personal information they collected from them. These businesses are also required to tell their service providers to do the same. In the aforementioned case of the pharmacy startup, the service provider would be us (Paubox).
It should be noted however, there are exceptions that allow businesses to keep consumers’ personal information.
Paubox Marketing and CCPA Compliance
Upon request, Paubox will sign a Data Processing Addendum (DPA) with paid customers.
Section 6 (Data Subject Rights) of the Paubox DPA states:
Customer is responsible for responding to any Data Subject requests relating to Customer Personal Data (“Requests”). If Paubox receives any Requests during the term, Paubox will advise the Data Subject to submit the request directly to Customer or the appropriate Controller. Paubox will provide Customer with self-service functionality or other reasonable assistance to permit Customer to respond to Requests.
In a nutshell, this means Paubox will provide paid customers with the appropriate level of support to help them comply with data deletion requests from their consumers (end users).
Prior to its launch, healthcare providers were stuck with generic messaging because it was impossible to personalize email with patient information without violating HIPAA regulations.
Now you can send your patients personalized messages that include PHI using our HIPAA compliant email marketing service, Paubox Marketing.
- Grow your business. Send targeted, personalized messages that resonate with your audience.
- Increase patient engagement. Drive engagement by including PHI in your HIPAA compliant email campaigns to create personalized and relevant messaging.
- Track results. Access real-time analytics to track marketing campaign performance.
- Improve patient outcomes. Ensure that patients don’t miss vital treatment by sending email reminders and recommendations for additional services.
Paubox Marketing is HITRUST CSF certified and is free to use for up to 100 contacts.
The free plan also includes a business associate agreement.