What is CCPA?

Who is Impacted?

Learn About CCPA Compliance

CCPA Compliance and Your Customer Identity Program

Principally, all California residents are protected under the California Consumer Privacy Act with respect to any information that relates to them. This means that companies around the world will have to comply with the California Consumer Privacy Act if they receive personal data from California residents and if they — or their parent company or a subsidiary — exceed one of three thresholds:

  1. Annual gross revenues of $25 million;
  2. Obtains personal information of 50,000 or more California residents, households or devices annually; or
  3. 50% or more annual revenue from selling California residents’ personal information.

Because many forms of identity verification collect personal information including information on government-issued IDs, biometric information, and/or pictures of consumers, these solutions are bound to comply with CCPA.

CCPA broadly defines personal information to cover types of information not traditionally considered personal information in the United States, including:

  • IP addresses
  • Email addresses
  • Records of purchasing or consuming histories or tendencies
  • Browsing history and search history
  • Geolocation data
  • Audio, visual, or thermal information
  • Professional or employment information
  • Education information

What to Look for in a CCPA Compliant Identity Verification Solution

CCPA-compliant solutions should be transparent about the types of personal data collected as part of the identity verification process. Your chosen identity verification solution must:

  • Be able to equip their business customers with a complete list of the personal data collected confidential.
  • Be able to manage consumer requests for deletion of personal data after the identity verification has been performed.
  • Have a policy against re-selling consumer data without prior acknowledgment (businesses should seek written confirmation that consumer data is kept strictly confidential).
  • Store PII data securely and have predetermined data retention policies in place to assure the timely deletion of that data.
  • Have the ability to manually override retention policies and have consumer data deleted upon written request.

Identity verification solutions that are already PCI-DSS compliant have a significant head start because of the security and data protection mandates they must meet and vet with independent auditors. Likewise, any solution that is already GDPR compliant should be able to tick most, if not all, of the compliance mandates of CCPA.

How Jumio Can Help

Jumio enables any business that captures data from California residents with the requisite data security, transparency and retention policies to comply with CCPA.

Jumio will never sell consumer data to third parties. Just as importantly, Jumio stores and protects consumer data, captured during the identity verification process, under PCI-DSS’s strict data security requirements.

Jumio has the ability to delete any data captured during the online identity verification process, including information captured from government-issued IDs, biometric information, and selfie images. Business customers can enforce strict data retention periods or have the identity information deleted automatically after a verification decision has been rendered.

image of smart phone showing drivers licenses with cup of coffee to the right. Image is in black and white.

Get Started

Let a Jumio expert show you how easy it can be to integrate our automated solutions into your existing processes.
image of man with facial hair smiling wearing a suit.