Principally, all California residents are protected under the California Consumer Privacy Act with respect to any information that relates to them. This means that companies around the world will have to comply with the California Consumer Privacy Act if they receive personal data from California residents and if they — or their parent company or a subsidiary — exceed one of three thresholds:
Because many forms of identity verification collect personal information including information on government-issued IDs, biometric information, and/or pictures of consumers, these solutions are bound to comply with CCPA.
CCPA broadly defines personal information to cover types of information not traditionally considered personal information in the United States, including:
CCPA-compliant solutions should be transparent about the types of personal data collected as part of the identity verification process. Your chosen identity verification solution must:
Identity verification solutions that are already PCI-DSS compliant have a significant head start because of the security and data protection mandates they must meet and vet with independent auditors. Likewise, any solution that is already GDPR compliant should be able to tick most, if not all, of the compliance mandates of CCPA.
Jumio enables any business that captures data from California residents with the requisite data security, transparency and retention policies to comply with CCPA.
Jumio will never sell consumer data to third parties. Just as importantly, Jumio stores and protects consumer data, captured during the identity verification process, under PCI-DSS’s strict data security requirements.
Jumio has the ability to delete any data captured during the online identity verification process, including information captured from government-issued IDs, biometric information, and selfie images. Business customers can enforce strict data retention periods or have the identity information deleted automatically after a verification decision has been rendered.