In Ethyca, you can run reports to view all the information relating to your organization’s data flow map. This lets you carry out audits of the personal data that you’re currently processing or provide a paper trail for privacy law compliance.
A “Do Not Sell” (or “Do Not Sell My Personal Information”) request is an action that can be taken by a person whose data is being processed by your business. Put simply, it gives customers the right to opt-out of the sharing of their personal data. It places an obligation upon your business to not sell or otherwise transfer any of their personal information to another business for monetary or other valuable consideration.
That’s a mouthful, and there has been a lot of deliberation about what constitutes a “data sale”, particularly under the California Consumer Privacy Act (CCPA). The long and short is, if your customer says “Do Not Sell My Personal Information”, you need a way to make sure that none of their Personally Identifiable Information (PII) ends up in other hands or data systems. Fortunately with Ethyca, that tricky task is a piece of cake.
In this article, we’ll first take you through a step-by-step guide of how Ethyca handles consent, including “Do Not Sell” requests, which are effectively the removal of consent by users. Then, we’ll explore some of the Frequently Asked Questions around consent management, including the million dollar question – can “Do Not Sell” requests be managed with a cookie tool? (TLDR: No!) Let’s dive in…
The obligation to respect a customer’s right to not have their personal information sold is enforced by leading data privacy law. The California Consumer Privacy Act (CCPA) is explicit in its requirements. Businesses covered by the CCPA must create a mechanism for their customers to opt-out of the sharing of their information without requiring them to set up an account. It’s always good practice to apply data minimization principles in cases such as this i.e. only collect what you need to confirm the request.
Ethyca’s consent management system helps you build customer trust and leverage personal data with confidence. A combination of features help you implement a comprehensive yet customer-friendly consent management strategy for your business. These include:
Ethyca offers best-in-class consent management across multiple tiers of its product, including Ethyca CHOICE, a tier aimed specifically at managing “Do Not Sell My Personal Information”. Here’s how it works for you and your customers:
A lot of people wonder whether their existing cookie consent manager will suffice to make their business compliant with “Do Not Sell My Information” requests. The short answer is “no”. Not all personal information is captured by cookies. In reality, personal information comes from multiple sources and is passed between many hands within a modern business.
To begin with, cookies do not capture personal data that are generated from offline sources. For example, from an in-store purchase for a retailer or by your sales team capturing lead data at a real-world conference. Online data sources, on the other hand, are a lot more diverse than simply data captured via browser cookies. Customer data from online purchases or emails captured from a marketing campaign are just some of many examples that don’t rely on cookies.
A modern business needs to be able to enact a cascading flow of data suppression that goes into the very guts of multiple business systems containing things like account info, purchase history, and more. The idea that this could be accomplished by an accept/deny cookies box on a homepage is just not feasible.
If you have any questions about processing “Do Not Sell My Data” requests or about using Ethyca’s data privacy platform, please feel free to reach out and we’d be happy to help!
Ethyca’s CEO Cillian Kieran explains the significance of the team’s CIP certified patches.
Learn more about all of the updates on the Fides 2.20 release here.
Ethyca’s Principal Product Manager Rachel Silver takes you through the privacy intelligence dictionary Fides Compass, and shows how it makes data mapping, consent, and compliance faster and easier than ever.
Fides Compass provides deep intelligence about commonly used third-party vendors to automate data mapping and consent, getting you to a state of global privacy compliance quickly. Learn everything about what Fides Compass does, and how, in this blog post.
Our web developer, Suchi Natarajan, breaks down the Global Privacy Control (GPC) and how to comply with it.
Our VP of Sales, James Frey, breaks down how Ethyca’s privacy solutions bridge the silos between legal and engineering teams.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo