In Ethyca, you can run reports to view all the information relating to your organization’s data flow map. This lets you carry out audits of the personal data that you’re currently processing or provide a paper trail for privacy law compliance.
A “Do Not Sell” (or “Do Not Sell My Personal Information”) request is an action that can be taken by a person whose data is being processed by your business. Put simply, it gives customers the right to opt-out of the sharing of their personal data. It places an obligation upon your business to not sell or otherwise transfer any of their personal information to another business for monetary or other valuable consideration.
That’s a mouthful, and there has been a lot of deliberation about what constitutes a “data sale”, particularly under the California Consumer Privacy Act (CCPA). The long and short is, if your customer says “Do Not Sell My Personal Information”, you need a way to make sure that none of their Personally Identifiable Information (PII) ends up in other hands or data systems. Fortunately with Ethyca, that tricky task is a piece of cake.
In this article, we’ll first take you through a step-by-step guide of how Ethyca handles consent, including “Do Not Sell” requests, which are effectively the removal of consent by users. Then, we’ll explore some of the Frequently Asked Questions around consent management, including the million dollar question – can “Do Not Sell” requests be managed with a cookie tool? (TLDR: No!) Let’s dive in…
The obligation to respect a customer’s right to not have their personal information sold is enforced by leading data privacy law. The California Consumer Privacy Act (CCPA) is explicit in its requirements. Businesses covered by the CCPA must create a mechanism for their customers to opt-out of the sharing of their information without requiring them to set up an account. It’s always good practice to apply data minimization principles in cases such as this i.e. only collect what you need to confirm the request.
Ethyca’s consent management system helps you build customer trust and leverage personal data with confidence. A combination of features help you implement a comprehensive yet customer-friendly consent management strategy for your business. These include:
Ethyca offers best-in-class consent management across multiple tiers of its product, including Ethyca CHOICE, a tier aimed specifically at managing “Do Not Sell My Personal Information”. Here’s how it works for you and your customers:
A lot of people wonder whether their existing cookie consent manager will suffice to make their business compliant with “Do Not Sell My Information” requests. The short answer is “no”. Not all personal information is captured by cookies. In reality, personal information comes from multiple sources and is passed between many hands within a modern business.
To begin with, cookies do not capture personal data that are generated from offline sources. For example, from an in-store purchase for a retailer or by your sales team capturing lead data at a real-world conference. Online data sources, on the other hand, are a lot more diverse than simply data captured via browser cookies. Customer data from online purchases or emails captured from a marketing campaign are just some of many examples that don’t rely on cookies.
A modern business needs to be able to enact a cascading flow of data suppression that goes into the very guts of multiple business systems containing things like account info, purchase history, and more. The idea that this could be accomplished by an accept/deny cookies box on a homepage is just not feasible.
If you have any questions about processing “Do Not Sell My Data” requests or about using Ethyca’s data privacy platform, please feel free to reach out and we’d be happy to help!
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
For privacy engineers to build privacy directly into the codebase, they need agreed-upon definitions for translating policy into code. Ethyca CEO Cillian unveils an open source system to standardize definitions for personal data living in the tech stack.
Masking data is an essential part of modern privacy engineering. We highlight a handful of masking strategies made possible with the Fides open-source platform, and we explain the difference between key terms: pseudonymization and anonymization.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Book a Demo