Software Audit Defense Essentials - CCPA Privacy Law allows you to "access" information a company holds on you and allows you to request deletion. 

Introduction

California has recently signed the CCPA into law (California Consumer Privacy Act).  This is a new law that is set to go into effect on January 1, 2020.  Many companies in CALIFORNIA and outside of California (if they handle data of California residents or consumers) will have to comply with this new privacy rights law.  Some of the rights of the include:

1. The right to know what information a company has in their possession (what they have collected from you).

2.  You have a right to make 2 requests per year, and the data holder is required to provide a response within 45 days or risk a violation (the Attorney General will enforce, but there is also a provision for a private lawsuit.

3.  You have the right to access your information and request that it be deleted (the right to be forgotten)

4.  You have the right to opt-out of any information sharing

QUESTION:  Does this mean when you learn (either directly from a company like Microsoft, Adobe, or Autodesk), or through the BUSINESS SOFTWARE ALLIANCE ("BSA") their software trade association, that you are the target of an investigation (often claimed to be driven by certain "information" they have on you, for example an informant software piracy report - does this means you have a right under California law to request that information and to demand that it not be shared with any third party?  Meaning, you can opt out of Microsoft or Autodesk sharing piracy reports with the BSA?  This seems reasonable and perhaps a letter to Microsoft or the BSA is required when you find yourself in this position.  As this article shows - Microsoft intends to comply with the CCPA in ALL STATES, not just California.   So, wherever your architect, engineering, design firm,  or other type of company is located, Microsoft said they will comply.

PODCAST - Click here to learn more specifics about the CCPA - California Privacy Law and the Rights it Grants

The Software Alliance (BSA) represents many software companies

The Software Alliance represents many different software companies.  Some are located in CA and some are not.  The CCPA applies to any company that collects personal information from California consumers and residents.  Thus, it is good to know that Microsoft will comply with the CCPA in all fifty states.  That would appear to mean that any company that receives an audit demand letter (or email) no matter where they live, will be able to access the Microsoft data and see what information Microsoft already has, and what they know about your licensing information (which I would argue is a form or personal information especially for solo persons running a business).

What to do if you receive a demand letter from a Copyright Law Firm

 Here is a potential way this may play out. 

1. You are an individual who has purchased Microsoft Software.

2.  Microsoft collected your information on the date of purchase (they should have the "receipts" to prove valid software licensing)

3.  They also know what software you purchased, how much you paid, and when the software was activated (which might trigger the copyright infringement 3 year statute of limitations)

4.  Since they claim they will comply with the California CCPA in all 50 states, you can may a request to know what information they have accessed (ex. the "informant" piracy report), and proof of past licensing.  See if they will provide this information or not.  It remains to be seen.

5.  You might also wish to request that Microsoft not share any information with third parties, such as the Software Alliance. (opt-out of information sharing).

6.  See if they comply within 45 days

7.  Review your options with your Software Audit Defense counsel (us).

For more information call us at (877) 276-5084 or email us using the contact form.