On June 28, 2018, California enacted a comprehensive consumer privacy law known as the California Consumer Privacy Act of 2018 (“CCPA”) (Cal. Civ. Code §§ 1798.100-1798.199). The CCPA takes effect January 1, 2020. The CCPA grants California resident’s new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California.
Steps Pegasus has taken to become CCPA compliant:
- Changed systems, contracts, privacy policies, and processes to comply with the CCPA.
- Trained employees on details and obligations of the regulations.
- Built communication channels to inform clients of all updates and recommendations related to the CCPA.
- Rewrote our Data Processing Addendum and Privacy Policies to comply with the CCPA.
CCPA Customer FAQ
Does my hotel need to be compliant with the CCPA?
Under the CCPA, hotels that collect and manage personal information (including, but not limited to, names, email addresses, credit card numbers, and IP addresses) from California residents are defined as a “Business” and subject to these regulations. As your CRS, website, or digital marketing provider, Pegasus is defined as a “Service Provider” and is also subject to these regulations.
My hotel is GDPR compliant, do we have to do anything for the CCPA?
While the CCPA incorporates several GDPR concepts, such as the rights of access, portability, and data deletion, there are several areas where the CCPA requirements are more specific than those of the GDPR or where the GDPR goes beyond the CCPA requirements. Given their comprehensiveness and broad reaches, each law may have significant impact on entities that collect and process personal data.
What steps should I take to become compliant with the CCPA?
We recommend that all hotels consider the following actions as part of their data protection efforts. Please note that the list is not exhaustive and that Pegasus cannot provide any legal advice on what specific actions are required of your hotel or organization to become compliant with the CCPA.
- Consult with your legal counsel to determine the extent of applicability of the CCPA to your business. Larger organizations may require the appointment of a data protection officer to oversee compliance regulations.
- If you are a Pegasus customer, review and agree to Data Processing Addendum as part of the Master Services Agreement. This addendum names Pegasus as a Service Provider and is required for CCPA compliance.
- If you are using Pegasus products or services, please review the documentation on what changes will be made to our platforms and processes in order to be compliant with the CCPA. If you have not yet received documentation, please reach out to us at firstname.lastname@example.org for more information.