Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I use third-party email marketing tools that collect personal information in California? What are the requirements?

Requirements for Using Third-Party Email Marketing Tools in California

If you are using third-party email marketing tools that collect personal information in California, you must comply with the California Consumer Privacy Act (CCPA) [1.1]. The CCPA requires businesses to provide consumers with notice of the categories of personal information that will be collected and the purposes for which the information will be used [1.1].

To comply with the CCPA, you must ensure that the collection, use, retention, and/or sharing of a consumer’s personal information is reasonably necessary and proportionate to achieve the purpose(s) for which the personal information was collected or processed [1.1]. You must also obtain the consumer’s consent before collecting or processing personal information for any purpose that does not meet the requirements set forth in the CCPA [1.1].

Additionally, you must provide a Notice at Collection that discloses the categories of personal information that will be collected and the purposes for which the information will be used [1.1]. If you intend to collect additional categories of personal information or use the personal information for additional purposes that are incompatible with the disclosed purpose for which the personal information was collected, you must provide a new Notice at Collection [1.1].

If you are transferring personal information to another agency or person, you must ensure that the transfer is necessary for the transferee agency to perform its constitutional or statutory duties, and the use is compatible with a purpose for which the information was collected [2.2].

Additional Requirements for Sensitive Personal Information

If the personal information collected by the third-party email marketing tool includes sensitive personal information, you must comply with additional requirements under the California Consumer Privacy Act (CCPA) [1.2]. Sensitive personal information includes information such as social security numbers, driver’s license numbers, financial account numbers, precise geolocation information, and information about a consumer’s race, ethnicity, religion, or health [1.2].

To comply with the CCPA, you must provide consumers with the ability to limit the business’s use of sensitive personal information to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, with some narrowly tailored exceptions [1.2]. You must also provide two or more designated methods for submitting requests to limit, such as a toll-free phone number, a designated email address, or a form submitted in person or through the mail [1.2].

In summary, to use third-party email marketing tools that collect personal information in California, you must comply with the CCPA and provide consumers with notice of the categories of personal information that will be collected and the purposes for which the information will be used. You must also ensure that the collection, use, retention, and/or sharing of a consumer’s personal information is reasonably necessary and proportionate to achieve the purpose(s) for which the personal information was collected or processed, and obtain the consumer’s consent before collecting or processing personal information for any purpose that does not meet the requirements set forth in the CCPA. If the personal information collected includes sensitive personal information, you must also comply with additional requirements under the CCPA, such as providing consumers with the ability to limit the business’s use of sensitive personal information and providing designated methods for submitting requests to limit.

Source(s):
Jurisdiction

California