CCPA Opt-Out Requirement Solutions

January 1, 2020 is right around the corner, which puts pressure on for companies that do business in the state of California. At the beginning of the new year, the California Consumer Privacy Act (CCPA) will require companies to make structural changes to their privacy programs.  

The CCPA introduces new rights for California residents, like the right to access and delete personal information, as well as the right to opt-out of the sale of personal information. One of the more challenging requirements for companies to comply with is the opt out of the sale of personal information, which requires organizations to develop an efficient way to process and respond to consumer requests to exercise their new rights to opt out.

Do Not Sell Rule Challenges   

Organizations with websites face several challenges when it comes to complying with do not sell requirements. Some of these include:

• Knowing what data they are collecting and storing about each of their users
• Knowing what, if any, of this data they are selling to third parties. This can be particularly challenging if the business doesn’t know exactly what data its website collects about users.
• Providing a way for customers to request that the business does not sell the data it has collected about them. This can be done by implementing a do not sell button or link on the website’s cookie banner, preference center or on the homepage.
• Needing a way to ensure this request is fulfilled by providing a phone number and email address the user can contact if further action is needed to opt-out of other systems. This can be challenging if the website owner is unsure about what counts as selling personal information.
• Needing to maintain details of this process to show the governing bodies they are compliant.

How to Comply with the CCPA Do Not Sell Rule

At a high level, companies must follow the Opt-Out requirements by adding a “Do Not Sell My Personal Information” link or button on your website that allows users to exercise their rights. Here are the steps to take:

1. Create a branded request form where people can exercise their rights and opt out of the sale of personal information.
2. Add a “Do Not Sell My Personal Information” button or link that directs users to the web form by adding it to either a:
   1. Cookie Banner
   2. Preference Center
   3. Button/Link directly on website
3. Setup rules to route requests through different workflows based on data subject or request type
4. Customize built-in response templates to save time when you’re responding to multiple requests
5. Consolidate your requests and track them through the entire lifecycle to demonstrate compliance

CookiePro CCPA Opt-Out & Do Not Sell Solutions

Consumer Request Management: Intake and Respond to Do Not Sell Requests

• Display a “Do Not Sell My Personal Information” link on your company’s website
• Provide a custom toll-free number to automatically intake consumer requests via phone
• Request more details from the consumer using a CCPA-specific opt-out of sale webform
• Automate the workflow to verify identity, triage the request, and discover the data in business systems

Cookie Compliance: Update Cookie Banners for CCPA Opt-Out of Sale

• Update Cookie Banners for CCPA opt-out of sale requests
• Display a CCPA-specific banner using geolocation based on the visitor’s location
• Customize the banner with a different consent model, and include a “Do Not Sell” link to enable users to opt-out of advertising and data collection cookies on your website

Opt-Out Builder: Create a Do Not Sell notice to comply with CCPA Opt-Out requirements

Available now, the CookiePro Opt-Out builder is the first tool in the industry that enables organizations to create an opt-out mechanism by adding a “Do Not Sell My Personal Information” link to websites to comply with CCPA requirements and the IAB CCPA Compliance Framework.

• Add a “Do Not Sell My Personal Information” Notice to websites
• Develop an efficient way to process and respond to consumer requests to exercise their new rights to opt out  
• Maintain detailed, ongoing records for compliance 

Consumer Request Management: Maintain Central Consent Records

• Track verifiable consumer consent and sync across systems to avoid unauthorized sale of data
• Enable a method for consumers to opt-back-in to the sale of data after 12 months through a preference center or granular selection
• Maintain records of consent to demonstrate CCPA compliance

Regardless of the maturity of your privacy program, it’s never too soon to start planning for your CCPA readiness.