At Salesforce, trust is our #1 value. Privacy compliance is paramount. The California Consumer Privacy Act ("CCPA") is a comprehensive privacy law that takes effect on January 1, 2020. While we believe a federal privacy law is necessary so that an individual’s privacy does not depend on their ZIP code, we welcome the CCPA as a step forward in shaping data protection requirements in the United States and as an opportunity for Salesforce to continue to strengthen its commitment to privacy and data protection.
The CCPA creates several new rights so individuals may control access and use of their personal information. These include the right to access or delete personal information collected by a business and the right to opt out of a "sale" of their personal information. The opt-out right is particularly significant because the CCPA defines "sale" in very broad terms that encompass many commonplace data sharing arrangements, even where no money is exchanged. However, transfers to "service providers" are not considered "sales."
Salesforce businesses and organizations subject to our Privacy Statement do not sell personal information.1 While we do share some data with trusted "service providers" to improve and market our services and to operate our websites, we do not allow any third parties to use the personal information we share with them for their own purposes.