☰
How to comply with the CCPA opt-out requirement The California Consumer Privacy Act (CCPA) provides several new data privacy rights for California residents, including the right to opt-out of the sale of personal information. This mandated business to provide a “Do Not Sell My Personal Information” link on their homepage and other pages that collect data that informed customers of their rights and facilitated opt-out requests. The California Privacy Rights Act (CPRA), which comes into effect on Jan 1, 2023, updates this mandate to include the share of information as well. The opt-out of sale and share requirement under the CPRA again mandates business to have a clear “Do Not Sell or Share My Personal Information” link, allowing customers to exercise their right to opt-out while providing them with a CPRA-specific list of their rights. Along with other new requirements, the CPRA also introduces a 12-month period where companies must check with customers again to ensure they want to stick with the same preferences, or would prefer to change their opt-out decision. Download this white paper to learn how you can comply with the CPRA’s opt-out of sale or share requirement and ensure your organization is on the right track to CPRA compliance.
The California Consumer Privacy Act (CCPA) has impacted how businesses handle consumers’ personal information since it entered into effect at the start of 2020. On January 1, 2023, the California Privacy Rights Act (CPRA) will expand and amend several aspects of the CCPA including consumer rights. One such update is the “Do Not Sell My Personal Information” requirement, which gives consumers control over whom, how, and when businesses can sell their personal information. The CPRA amends this right to include the sharing of personal information. With the CPRA’s entry coming into effect soon, businesses must take note of the changes that 2023 will bring to their privacy compliance programs. Let’s unpack the implications of the new CPRA opt-out requirements and what steps you can take today to streamline your team’s response.
The CPRA defines sensitive personal information as personal information that reveals:
Sensitive personal information under the CPRA doesn’t include any publicly and lawfully available information through federal, state, or local records.
The CPRA ‘do not sell or share’ requirement introduces new complexities to businesses already managing opt-out requests. To start, organizations must pursue efficient intake methods that receive consent requests – and ideally activate those choices downstream through automation. Detailed consent and opt-out records are a must, as well as processes that honor consumer choices wherever personal information is sold or shared. This includes understanding your data and working with third parties to ensure your data-related activities are operating on a consent basis.
Publishers, businesses in the data industry, or blogs that rely on ad support must comply with the CPRA if they meet the application threshold of the law. If your company sells personal information, be clear with consumers about what information you sell and why you sell it. Being transparent about your selling practices could lead to fewer consumers exercising their opt-out rights.
The CPRA comes into effect on January 1, 2023. Is your compliance strategy ready to adapt to these changing consumer opt-out requirements? OneTrust makes it easy to achieve CPRA compliance by helping you understand the data you hold, how you use it, and what third parties have access to it. Our suite of privacy management and data governance tools automate consumer request intake and fulfillment. Use pre-configured Consent and Preferences templates and settings to get your opt-out pages up and running quickly across web, mobile, and CMP channels. With Privacy Rights Automation, you can automate opt-out compliance beyond targeted advertising and into other types of data sharing. OneTrust CPRA also helps you maintain the necessary recordkeeping and accountability required of covered organizations and keeps you up-to-date with the latest guidance. Find out how to accelerate your time to CPRA compliance – request a demo today.