Transport Layer Security (TLS) 1.2 needs to be used for your outbound connections. This change is in recognition of website security best practices, and you likely have already implemented these capabilities. We are requiring all merchants to upgrade before January 31, 2020.
Q: Why are we deprecating TLS 1.0 and 1.1?
A: TLS 1.0 and 1.1 are both dated versions of the TLS protocol. TLS 1.0 was published in 1999 as RFC 2246 while TLS 1.1 was published in 2006 as RFC 4346. Improvements have been made to both since the release of the original versions. Upgrading to the current standard (TLS 1.2) is now considered the safest and most reliable method of delivering encrypted content over the Internet.
Q: What steps has Pitney Bowes taken to ensure compliance with the California Consumer Privacy Act (CCPA)?
A: As a global company, Pitney Bowes currently complies with privacy laws around the world, including the European Union General Data Protection Regulation (GDPR). Pitney Bowes also participates in and has certified its compliance with the EU-US Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the United States Department of Commerce regarding the collection, use, processing and retention of Personal Information transferred from the European Union and Switzerland to the United States. Just as we were ready with GDPR by the effective date, Pitney Bowes intends to comply with the provisions of the California Consumer Privacy Act (CCPA) on or before January 1, 2020, the effective date of the law.
Our global privacy and data protection team is leading the initiative to prepare for CCPA, both for our internal processes and for our commercial offerings, where applicable. The team is working with Pitney Bowes’ lines of business to review practices, documentation and processes and revise as required. This includes the following actions:
- Assess and adapt our existing privacy program, policies and procedures to ensure processes are in line with the CCPA and build off of our previous work to comply with the EU GDPR.
- Expand of our existing privacy impact assessment process, used to document the personal data collected, processed and stored and related controls, to include specific requirements of the CCPA, including the identification of any personal information sales as defined by the statute.
- Review of our vendor and service provider relationships and relevant agreements and addendums, as necessary.
- Expand of our current data subject request processes to receive, track, verify and respond to requests in alignment with the requirements of the CCPA, where applicable.
- Review and updates to our privacy statements and notices in alignment with the CCPA, including methods for submitting consumer requests, and other information required by the statute.