With the California Consumer Privacy Act (CCPA) coming into effect, 2020 brings important changes to data privacy in the US, from the definition of personal data and our perception of privacy to responsibilities of businesses that collect and share personal information. CCPA introduces basic rights to consumers to help guard their personal information while requiring businesses to respond to consumer requests in a timely and feasible way, free of charge.
California residents can now request from covered businesses that they disclose categories of personal information they are collecting, the sources and the purpose of data collection, as well as categories of 3rd parties whom they share these data with. Adult consumers have the right to opt-out of the sale of their data, and for children under 16, opt-in consent is required whenever their data is sold (consent from the parent/guardian is required for children under 13). Consumers can also request access to their data, or ask for the deletion of their personal information. Businesses cannot discriminate against customers who exercise their new rights under the CCPA. They may, however, offer incentives for the collection, sale, or deletion of personal data, including payments to consumers as compensation, related to the value the business gains by the consumer’s data. This incentive requires specific opt-in consent from the consumer and needs a special notice that clearly describes the terms and a statement that the consumer can revoke consent at any time.
The CCPA is not yet in its final shape and some questions remain. A ballot initiative for an amendment was already filed at the end of 2019, proposing additional rights to consumers, among other things, such as the right to correct inaccurate information or to opt-out of sharing of personal information. Whatever amendments will be made to the CCPA, a couple of things are clear: its impacts will reach far beyond California and the changes to data privacy are here to stay. Other states have already introduced new bills to protect personal information or are in the process of doing so.
CCPA prompts companies to adopt best practices, to be aware and in control of their data sources, data flow, and mapping practices, and to keep up-to-date auditable records of activities, including those documenting customer requests and business responses based on the CCPA. Responding to CCPA requirements may seem cumbersome at first. But when done properly with the right automated tools, businesses that adapt to CCPA will position themselves in the best spot for the new era of privacy.
ConsentGrid™ provides a secure privacy dashboard where companies can communicate with their customers, accept and respond to requests, keep track of all activities, compile metrics, and analyze trends. It automates DSR intake, manages request workflow, integrates with case management systems and facilitates the response to the consumers.
Below is a summary of how ConsentGrid™ can help companies respond to CCPA requirements:
Secure Privacy Dashboard: ConsentGrid™ offers companies their own secure privacy dashboard to communicate with customers, receive and respond to customer requests. Companies can manage interactions with all of their customers, including known customers who already have an account and current or potential customers unknown to the company.
Automated workflow support: ConsentGrid™ offers automated workflow support for all aspects of responding to CCPA. Companies can configure, control and audit every step of the request processing workflow. ConsentGrid™ easily integrates with internal tools and case management systems, such as JIRA, using webhooks and open APIs.
Convenient 3rd party integration: ConsentGrid™ effortlessly integrates with preferred 3rd party vendors, such as identity validators.
Automated data mapping at the data subject level: Data mapping is at the center of CCPA. ConsentGrid™ acts as a filter intercepting data flow between applications or organizations. It tracks the flow of personal data between data collection and processing locations and uses consent and policies to govern data in-flight. While tracking data flow, ConsentGrid™ builds an automated data map at data subject level. Organizations can respond to DSRs quickly and accurately using ConsentGrid™ data maps.
Audit trail: ConsentGrid™ stores a history of DSRs, what was requested for what kind of data, when, why, and what response was provided.
Granular opt-in consent: ConsentGrid™ has unlimited granular and context-aware consent options to choose what data can be shared or sold with whom and for what purpose. Consent from a parent or guardian can easily be obtained to manage children’s data. ConsentGrid™ also supports multiple consenters, in cases where more than one consenter is involved (e.g., in cases where consent from both parents is required).
Financial incentives opt-in: For companies considering to offer financial incentives to their customers as described by the CCPA, ConsentGrid™ can help obtain opt-in consent, as granular as the company needs it to be.
Give customers control: With ConsentGrid™ customers have the freedom to change their consent options at any time.
Automated privacy controlled data flow: A unique feature of ConsentGrid™ is the automated integration of privacy controls, including consent options and privacy policies, into data flow while in-flight. Companies using ConsentGrid™ can rest assured that their data flow reflects active user preferences at any time, without having to spend additional resources to adapt.
Suitable for a wide range of industries: ConsentGrid™ is data agnostic and consent and privacy conditions can be applied to control data flow in many verticals.
Increasing transparency and granting users control over their data provides many benefits that go beyond compliance, such as improved data governance and closer relationships with customers. As research shows, empowered customers are more willing to share data that is clean and more relevant to business goals, they feel respected, and thus, are more trusting and more likely to stay loyal.
Is your company ready for the CCPA? Contact us at firstname.lastname@example.org and learn how you can use ConsentGrid™ to make privacy your distinctive strength!