How to allow customers to easily request data privacy under the California Consumer Privacy Act
Julie, who recently took up baking cupcakes as a hobby, is furious—and not about her culinary skills. She hadn’t realized how much of her personal information the company from which she bought her supplies had harvested and sold, without her express permission. She wants to know what they know about her, to whom they have sold that data, and that, once the harvesting is stopped, her information will be forgotten.
Until recently, companies took whatever information they could extract from consumers, who had little recourse, and used it however they wanted. But in California, as in much of Europe, laws have changed and strengthened. What obligation do companies that serve customers in California now have to people like Julie?
What the California Consumer Privacy Act requires
The California Consumer Privacy Act (CCPA), signed into law in June 2018, strengthened and unified data protection. California consumers now have the legal right to opt out of the sale of their personal data to third parties; companies that fail to comply face stiff penalties. Enforcement of the law begins in July. If you’re a business covered by the CCPA you must disclose the personal customer information you collect, share, and sell; you must also provide, on websites and mobile apps, a clear method for consumers to opt out of sharing their information and delete any personal data upon a consumer’s request.
Keeping customer data private engenders loyalty
To abide by the CCPA requires having systems and processes to ensure accurate personal information on consumers and current records of which third parties have purchased that data. To provide positive customer experiences and cement customer loyalty, the systems and processes need to allow customers to easily request that their data stay private.
Consider the typical journey that a customer like Julie will take with your business when she makes an opt-out request:
Under the CCPA, you’ll have 45 days to respond to the request. You’ll need to not only track how you fulfilled the request but also provide verification that you’ve reached out to third parties to request that they delete customer information.
The solution that makes following CCPA guidelines simple
These may be complex tasks on the back end, but your systems need to shield customers like Julie and make the process of handling their data-privacy requests as efficient as possible.
ServiceNow offers an out-of-the-box customer service portal that can be added to the ServiceNow Governance Risk and Compliance solution. This creates a seamless, self-service customer experience where a consumer will simply click on a button to make an opt-out request. The solution provides full visibility into a request and also tracks all efforts to reach out to third parties on the consumer’s behalf. It also provides data privacy case analytics to ensure cases are resolved and that service level agreements are met.
There’s still time to get ready for the CCPA—and keep your customers happy
CCPA enforcement begins on July 1, but there’s still time to implement the right solution to comply with the CCPA and make it painless for your customers to request to keep their data private.
Want to learn more about the CCPA and what it might mean for your business? Visit the first post in our series here.
Read more about the CCPA.
© 2020 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, and other ServiceNow marks are trademarks and /or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company and product names may be trademarks of the respective companies with which they are associated.