California Residents may submit a Do Not Sell My Personal Information request and exercise other rights on our California Consumer Privacy Act Homepage as described in our U.S. Consumer Privacy Notice.
CCPA and CPRA Compliance Planning
The California Consumer Privacy Act of 2018 (CCPA) is effective as of January 1, 2020. LexisNexis Risk Solutions has diligently worked to implement the requirements of the law and is following a detailed compliance plan. We also have a suite of data governance capabilities and industry-leading identity authentication services that can be used for your own CCPA compliance efforts. The CCPA created significant new privacy rights for California consumers as well as new obligations for companies that collect or sell personal information. In order to comply with the CCPA, LexisNexis Risk Solutions has reviewed its data sets and has implemented plans by data and product. We are also using our proprietary linking process to verify identities and process consumer rights under the CCPA. The CCPA includes exemptions for certain data subject to the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Driver’s Privacy Protection Act (DPPA). It also exempts data from government agency records. As a result of these exemptions, many LexisNexis Risk Solutions products are either not subject to the law or are minimally impacted.
On November 3, 2020, California citizens voted to pass the California Privacy Rights Act of 2020 (CPRA) which will be fully effective as of January 1, 2023. The CPRA builds on and adds new requirements to the California Consumer Privacy Act of 2018 (CCPA). LexisNexis Risk Solutions has been following the CPRA closely and we are making the necessary adjustments to our current CCPA program prior to January 1, 2023.
For customers of LexisNexis Risk Solutions who have questions, please contact us at ccpa@lexisnexisrisk.com.
Using LexisNexis Risk Solutions LexID and Authentication Services for CCPA Compliance
LexID Service
Our customers face CCPA compliance challenges due to the fact that much of the personal data they currently hold about California residents is unstructured. For example, businesses with direct consumer relationships often have an account number for each consumer. That account number is a useful tool for organizing data about customers. However, these same businesses usually have additional data such as email addresses that are not associated with a given account.
The LexisNexis Risk Solutions LexID service can help a business structure its personal data and associate it with a specific consumer identity. It is created using our unparalleled US consumer data set coupled with advanced artificial intelligence-driven linking techniques.
For customers of LexisNexis Risk Solutions who have questions about using our LexID services for CCPA compliance, please contact us at ccpa@lexisnexisrisk.com.
Identity Verification and Authentication Services
A number of our customers use LexisNexis Risk Solutions identity verification and authentication services when they receive requests from consumers seeking to exercise their CCPA rights. Authentication is particularly important when a consumer requests to be informed about what data a business holds about them.
The challenge is to ensure the individual who is submitting a CCPA request isn’t a fraudster — without sacrificing a legitimate consumer’s experience or generating high authentication costs. The multiplicity of consumer touchpoints and devices makes doing this more complex, but also more critical. Our identity verification and authentication solutions help you find balance, mitigate fraud, improve end user satisfaction and easily adapt to emerging channels and trends. We have the tools to help your organization create a comprehensive, layered approach or easily plug into your existing identity management framework. Our capabilities and offerings include:
- Out of Band solutions to help support higher levels of assurance.
- Advanced analytics that yield perceptive insights that allow for a more tailored approach to authentication.
- One of the largest compilations of consumer and business identity intelligence including those individuals with limited or no credit histories.
- Administration through a single, streamlined platform.
For customers of LexisNexis Risk Solutions who have questions about using our authentication services for CCPA compliance, please contact us at ccpa@lexisnexisrisk.com.
Frequently Asked Questions about the CCPA
What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act is a consumer privacy law that grants California residents certain rights regarding personal information that has been collected, sold, or disclosed by businesses subject to the law. The CCPA was signed into law on June 28, 2018 and became effective on January 1, 2020.
What rights does it grant?
The CCPA grants California residents various rights including:
When does the CCPA take effect?
The CCPA was signed into law on June 28, 2018, and became effective on January 1, 2020.
Who has rights under the CCPA?
The CCPA grants protections and rights to California residents.
What is “personal information” under the CCPA?
“Personal information” is broadly defined under the CCPA and specifically includes the following:
At the same time, the CCPA does not apply to “publicly available” information that is lawfully made available from a government source, data that is subject to the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), or the Driver’s Privacy Protection Act (DPPA), and data that is deidentified or aggregate consumer data.
What businesses are subject to the CCPA?
The CCPA applies to for-profit entities conducting business in California that meet certain statutory thresholds.
Is LexisNexis Risk Solutions impacted by CCPA? If yes, then how?
LexisNexis Risk Solutions qualifies as a business subject to the CCPA. However, because of the exemptions currently in the law many LexisNexis Risk Solutions products are either not subject to the law or are minimally impacted.
Frequently Asked Questions about the CPRA
What is the CPRA?
The CPRA builds on and adds new requirements to the California Consumer Privacy Act of 2018 (CCPA). The CCPA is already law and currently in effect, whereas the California Privacy Rights Act of 2020 (CRPA) is a passed ballot initiative that expands the requirements of the CCPA and will soon be effective.
When will it become effective?
Operationally, the CRPA will be fully effective as of January 1, 2023. It can be enforced beginning July 1, 2023.
What does it do?
The basic structure and underlying requirements of the CCPA do not change under the CPRA. However, the CPRA creates additional requirements including new notice obligations to inform consumers how their personal information is used, a right to correction, a right to restrict sharing of personal information for cross-context behavioral advertising, and an expanded exemption for publicly available data. In addition, it enables the creation of a new agency, the California Privacy Protection Agency, specifically dedicated to enforcing the CCPA and CPRA.
The California Privacy Rights Act established a new agency, the California Privacy Protection Agency (CPPA) to implement and enforce the law. The CPPA has full administrative power, authority, and jurisdiction to implement and enforce the California Consumer Privacy Act and the California Privacy Rights Act. The CPPA is governed by a board that consists of experts in privacy, technology, and consumer rights. The Board appoints the agency’s executive director, officers, counsel and employees. The CPPA may bring enforcement actions related to the CCPA or CPRA. The California Attorney General will retain civil enforcement authority over the CCPA and the CPRA
What is LexisNexis Risk Solutions doing to determine the scope of CPRA?
LexisNexis Risk Solutions has been following the CPRA closely and we are making the necessary adjustments prior to January 1, 2023. We are also continuing to monitor the developments regarding CPRA regulations.
Where do I go for more information?
California Residents may submit a Do Not Sell My Personal Information request and exercise other rights on our California Consumer Privacy Act Homepage as described in our California Consumer Privacy Act Notice.
For customers of LexisNexis Risk Solutions who have questions, please contact us at ccpa@lexisnexisrisk.com.
Frequently Asked Questions about the Virginia Consumer Data Protection Act (VCDPA)
What is the Virginia Consumer Data Protection Act (VCDPA)?The Virginia Consumer Data Protection Act is a consumer privacy law that grants Virginia residents certain rights regarding personal information that has been collected, sold, or disclosed by businesses subject to the law. The VCDPA was signed into law on March 2, 2021 and is effective as of January 1, 2023.
What rights does it grant?
The VCDPA grants Virginia residents various privacy rights similar to those available under CCPA and CPRA including:
Operationally, the VCDPA will be fully effective as of January 1, 2023.
Is LexisNexis Risk Solutions impacted by VCDPA? If yes, then how?
LexisNexis Risk Solutions is subject to the VCDPA. The VCDPA includes exemptions for certain data subject to the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Driver’s Privacy Protection Act (DPPA). It also exempts data from publicly available records. As a result of these exemptions, many LexisNexis Risk Solutions products are either not subject to the law or are minimally impacted.