The CCPA gives California residents new rights with respect to the collection and processing of their Personal Information (broadly defined to include information that, directly or indirectly, may lead to the identification of an individual or household). These new rights include:
It also places requirements on businesses that collect and process Personal Information, such as:
The CCPA applies to businesses that collect or process the Personal Information of California residents and meet any one of the following criteria:
As Splunk processes the Personal Information of California residents and has gross annual revenues in excess of $25 million, the CCPA applies to Splunk.
Customers that use Splunk Cloud services to process Personal Information are “Businesses” under the CCPA. They are responsible for ensuring the lawful collection and processing of the Personal Information they send to Splunk Cloud.
Splunk is a “Service Provider” for the Personal Information its customers send to Splunk Cloud, and under the CCPA, is responsible for upholding its contractual commitment to only use the Personal Information it receives from customers for the purpose of performing the Splunk Cloud services.