Paubox Marketing and CCPA Compliance

Electric trax train in a city with big buildings in the background


  • A pharmacy startup recently asked about our stance on CCPA compliance as it relates to data deletion requests within Paubox Marketing.
  • The California Consumer Privacy Act (CCPA) is California’s relatively new privacy law that went into effect on 1 January 2020.
  • The CCPA gives consumers more control over the personal information that businesses collect about them.

This post is about CCPA compliance (including data deletion requests) and Paubox Marketing, our HIPAA compliant email marketing solution.

See Related: CCPA: How California’s new privacy law impacts healthcare

See Related: HIPAA Compliant Email: The Definitive Guide

CCPA Compliance and Data Deletion Requests

According to the State of California Department of Justice Office of the Attorney General, CCPA secures the following new privacy rights for California consumers:

  • The right to know about the personal information a business collects about them (including how it’s used and shared)
  • The right to delete personal information collected from them
  • The right to opt-out of the sale of their personal information
  • The right to not being discriminated against for exercising their CCPA rights

As it relates to data deletion requests, consumers may request that businesses delete personal information they collected from them. These businesses are also required to tell their service providers to do the same. In the aforementioned case of the pharmacy startup, the service provider would be us (Paubox).

It should be noted however, there are exceptions that allow businesses to keep consumers’ personal information.

Paubox Marketing and CCPA Compliance

Upon request, Paubox will sign a Data Processing Addendum (DPA) with paid customers.

Section 6 (Data Subject Rights) of the Paubox DPA states:

Customer is responsible for responding to any Data Subject requests relating to Customer Personal Data (“Requests”). If Paubox receives any Requests during the term, Paubox will advise the Data Subject to submit the request directly to Customer or the appropriate Controller. Paubox will provide Customer with self-service functionality or other reasonable assistance to permit Customer to respond to Requests.

In a nutshell, this means Paubox will provide paid customers with the appropriate level of support to help them comply with data deletion requests from their consumers (end users).

Paubox Marketing

Prior to its launch, healthcare providers were stuck with generic messaging because it was impossible to personalize email with patient information without violating HIPAA regulations.

Now you can send your patients personalized messages that include PHI using our HIPAA compliant email marketing service, Paubox Marketing.

  • Grow your business. Send targeted, personalized messages that resonate with your audience.
  • Increase patient engagement. Drive engagement by including PHI in your HIPAA compliant email campaigns to create personalized and relevant messaging.
  • Track results. Access real-time analytics to track marketing campaign performance.
  • Improve patient outcomes. Ensure that patients don’t miss vital treatment by sending email reminders and recommendations for additional services.

Paubox Marketing is HITRUST CSF certified and is free to use for up to 100 contacts.

The free plan also includes a business associate agreement.

Kickstart your HIPAA compliant email marketing with Paubox Marketing

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport