Five9 CCPA Readiness
Five9 CCPA Readiness
At Five9, privacy is a top priority. To that end, we are dedicated to handling the personal information with which our customers entrust us in an open and transparent manner. In 2020,California voters supported Proposition 24, commonly known as the California Privacy Rights Act (“CPRA”). The CPRA made significant amendments to California’s existing privacy law, the California Consumer Privacy Act of 2018 (“CCPA”).
Since the final CPRA regulations came into effect March 30, 2023, we understand that you - our customers and resellers - may have additional questions regarding how we safeguard your personal data. To support you in meeting your due diligence obligations, we have highlighted below the efforts we’ve made to ensure that our customers and resellers can continue to utilize Five9’s product offerings in a manner that is compliant with California’s privacy laws.
CCPA and Our Commitment
As a Five9 customer, you are always in control of the personal information that you provide or make available to us, and we have developed product features and functionality designed to help you remain in control of such information. We also want you to understand how we are complying with CCPA.
We have taken the following steps to satisfy applicable requirements under the CCPA:
- We’ve updated our customer and reseller Data Processing Addendums. We have updated our Data Processing Addendums (DPAs) to reflect our role and responsibilities in relation to the processing of customer personal information and to comply with the CCPA’s contracting requirements. As a “service provider” to our customers and resellers, our DPAs contractually commit us to undertake the processing of customer personal information in compliance with the CCPA.
- We’ve updated our Privacy Policy. We are committed to protecting the privacy of customer data, and we care about maintaining transparency and the trust of our customers. As part of this commitment, we’ve updated our privacy policy to further explain how we collect, use and share your personal information. Specifically, we've updated the California section of our Regional Information Notice to include, among other things, an updated list of the categories of personal information Five9 may have collected, along with how CA consumers may exercise their privacy rights.
- We enforce data protection obligations with our service providers and contractors. We require all service providers to go through a rigorous review and due diligence process. Five9’s compliance team assesses each service provider and contractor on its adherence with security, privacy, and compliance regulations and industry standards. Five9 requires all service providers and contractors to maintain contractual, organizational, and technical safeguards for the duration of their engagement with Five9. Our written agreements enforce compliance with applicable data protection laws, security controls, confidentiality, and international data transfer requirements. Five9’s subprocessors that support the Five9 service are expressly prohibited from:
- selling or sharing personal information
- combining personal information received from Five9 with personal information received from other sources
- retaining, using, or disclosing personal information for any purpose other than the business purpose specified in the contract
- retaining, using, or disclosing personal information outside of the direct relationship between the service provider and Five9
- We maintain and continue to pursue best-in-class compliance certifications. At Five9, we make the security of our customers’ data our top priority. As part of our commitment to protecting our customers’ personal information, we implement and maintain appropriately robust technical, organizational, and administrative measures, and we manage data in a manner that meets business, legal, security, and regulatory needs and requirements. By maintaining the compliance certifications below, our customers can rely on Five9 to support them in meeting their due diligence obligations.
- PCI-DSS
- HIPAA/HITECH Act
Moving Forward
As we wait to see whether a federal privacy law will be passed, we will continue to prepare for the many U.S. state privacy laws that have been and continue to be passed across the U.S. As the U.S. privacy landscape continues to evolve, we are closely monitoring legal and regulatory developments and remaining vigilant in our commitment to support our customers’ data privacy protection needs.
While we maintain our commitment to offering products and services with robust privacy protection, security, and compliance, the information provided above does not constitute legal advice. We encourage our customers to perform their own due diligence when assessing any service providers’ compliance with relevant privacy and data security laws.
If you have any questions about our CCPA compliance efforts, please contact us at privacy@five9.com.