The California Consumer Privacy Act: Implications for Biopharma


Diligent Health Solutions devotes time and attention to staying current on legislation affecting the Life Sciences industry. As a provider of Communications Center services for biopharma companies, we are keenly aware of how new or revised legislation can impact the work we perform on behalf of our clients.

We recently sponsored a webinar on a significant piece of legislation—the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020. We’d like to share the highlights with you.

The CCPA provides California consumers the ability to control how certain businesses collect, retain, and share consumers’ personal information. It is considered to be one of the strictest privacy laws in the United States.

The two consumer rights in the CCPA relevant to biopharma companies are:

• The right to know what personal information is collected, used, and shared.
• The right to delete personal information held by the company and, by extension, the company’s service providers (such as Diligent Health Solutions).

There are other rights in the CCPA that address practices already prohibited by biopharma companies:

• The right to opt-out of sale of personal information. Consumers can direct a business that sells personal information to stop selling that information.
• The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

We view the CCPA’s directives as best practices that should be enacted to protect the privacy of all U.S. biopharma company consumers—not just those residing in California. To that end, we provide our clients with support in a number of ways, including:

• Defining the process to notify consumers what personal information may be collected in the
handling of their inquiry or request, and taking the appropriate action based on their response.
• Ensuring there are at least two methods (including a toll-free number) that allow consumers to submit requests for the deletion of any previously-collected data.
• Responding to requests from consumers to delete, within defined timeframes, personal information held in company-owned or Diligent-owned databases.
• Conducting due diligence audits of outside vendors that handle the company’s consumer data.
• Providing a periodic review of company websites and mobile apps to ensure the regulatory language is current, directions are clear, and there are no “broken” links.

In working with our clients to ensure compliance with the CCPA, we take into account a number of factors about the consumer contacts; a few of which are:

• Their direction (inbound/outbound)
• Their channel (phone, email, text, chat)
• Their nature (e.g. inquiry, engagement, adverse event report)
• What data is collected (and where that data is documented)

Another important factor, especially for inbound contacts, is what (if any) standard messaging is conveyed to the consumer when contact is made, as that type of messaging provides an opportunity to state the company’s commitment to consumer privacy.

Our thanks to Alena Galante of Galante Compliance Services, LLC ( for creating and presenting the webinar content, and for sharing her valuable insights about how the CCPA affects our work and that of our clients.

Additional information on the CCPA can be found at

Diligent Health Solutions provides biopharma companies with a broad range of solutions and services.
For more information, please contact us at, or call Susan Beach @ (267) 252 7619.