CCPA Compliance for California Cardrooms

This past week at the 2023 CGA (California Gaming Association) conference in South Lake Tahoe, the significance of the California Consumer Privacy Act (CCPA) was brought to the forefront of our industry’s discussions. While larger entities and cardroom websites often garner the most attention, a pressing question emerges: How are cardroom technology partners, like us at IT Casino Solutions, navigating and ensuring compliance with consumer privacy rights?

Decoding the CCPA: Are You Affected?

The CCPA is designed to protect the personal information of California residents. To determine if your business falls under its purview, consider the following criteria:

1. Does your business generate annual gross revenues exceeding $25 million?
2. Do you buy, receive, sell, or share the personal information of 50,000 or more consumers, households, or devices?
3. Do you derive 50% or more of your annual revenues from selling consumers’ personal information?

For cardrooms with expansive databases, it’s essential to recognize that the data collection isn’t limited to just your website. The data managed by your technology partners is equally crucial. Not only do you need to understand how they handle this data, but it’s also imperative for cardrooms to establish their own internal workflows. These workflows should be transparent and accessible, allowing consumers to submit individual requests to the cardroom and its technology vendors.

Our Approach at ITCS

At ITZ, we’ve meticulously crafted our processes to ensure CCPA compliance:

1. Contractual Agreements: Our contracts are the first line of defense. They clearly outline our data handling practices, ensuring transparency and adherence to CCPA / EU GDPR guidelines.
2. Privacy Policy & Security Statement: Beyond the contract, our privacy policy and security statement provide a comprehensive overview of our data practices. They detail how we process data, the reasons behind it, and the rights of our consumers.Our dedication to data privacy is unwavering. Here’s a snapshot of our practices:

A. Scope of Our Privacy Policy: Our policy is transparent and covers all our platforms, ensuring users understand their data management.

B. Regular Updates: It’s crucial to review and update your privacy policy at least once a year to reflect the latest practices and regulations. Our policy showcases this commitment with the “Last Updated” date, ensuring our users are always informed of the most recent changes.

C. Types of Information Collected: We gather both non-personal and personal information to enhance user experience.

D. Purpose of Data Collection: We use data to improve our services, communicate updates, and provide support.

E. Data Sharing: We prioritize user privacy and don’t rent or sell user data.

F. Security Measures: We employ industry-standard tools to safeguard user data.

G. User Rights: We believe in empowering our users, especially those based in California, in line with the CCPA.

H. Transparency in Data Usage: Our policy clearly outlines our practices, ensuring users are well-informed.

I. Commitment to CCPA: We’ve provided a detailed section dedicated to the CCPA, ensuring our California-based users are aware of their rights.

1. Consumer Data Management: We’ve streamlined the process for consumers to understand, request, or delete their data, ensuring they have a clear and simple route to exercise their rights under the CCPA.

Safeguarding Your Cardroom

While technology partners like us ensure our processes are CCPA-compliant, it’s equally essential for cardrooms to establish their own internal workflows. This collaborative approach ensures that both ends of the spectrum – the technology partner and the cardroom – are working in tandem to protect consumer data.

1. Distinct Privacy Policy and Communication Preferences:Your privacy policy should be tailored to your operations and should clearly indicate:
   • Whether you sell data.
   • What data you collect and how you use it.
   • A clear workflow for consumers and employees to request their data or its deletion.
   • Clear opt-in or communication preferences for players, especially during player sign-up or ingestion processes.
   It’s essential to ensure that you abide by these opt-in preferences. Furthermore, consumers should be aware of where and how to update or change these preferences. This not only ensures transparency but also empowers your consumers, giving them control over their data and how they wish to be communicated with. This policy serves as a transparent window for your consumers and employees, ensuring they have an easily understandable process to exercise their rights and preferences.

In Conclusion

In the evolving landscape of data privacy, understanding and adhering to regulations like the CCPA is paramount. While legal counsel is invaluable, it’s equally crucial to engage with your technology vendors, who have been navigating these waters for years. At IT Casino Solutions, we’re committed to ensuring compliance and building trust. We urge cardroom operators to consult with their technology partners, ensuring a holistic approach to data privacy.

---

Note: This article offers insights and does not replace legal counsel. Always engage with legal professionals for compliance advice.

---

Remember, while vendors like IT Casino Solutions can provide tools and guidance, cardrooms must also ensure they have their internal processes in place to fully comply with the CCPA.

By Caleb Rabadan, COO of IT Casino Solutions