Do Not Sell Link
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 41 minutes
welcome everyone to lessen 8.5. As we will be discussing, we do not sell link, which is required under the C c. P. A.
You probably have already noticed these do not sell links on the Web sites that you visit.
This is a relatively straightforward subsection, but we do need to cover it separately.
We will be doing that here now.
The learning objectives and goals for less than 8.5.
We will review specifically the compliance obligations that apply to the Do not sell link their specified under the C c p. A.
We will cover those
number two. There are some special considerations for how cookies and other ad technology solutions apply to the Do not sell link.
We will cover those as well,
I will give you some helpful tips on how to integrate the Do not sell link with the rest of your company's consumer Request channel.
Please make a note off in particular objective number three there because this lesson does not exist in a vacuum, either.
It ties back to the items we have been discussing previously in Module eight.
I will point that out for you when that comes.
First off the general rule
that do not sell my personal information link
obligation Number one.
I'm taking this directly from the wording of the law itself.
Business must provide. And here's the term clear and conspicuous link on the business is Internet homepage titled Do Not Sell my Personal Information.
If you are ensuring right now that your company complies with the CCP A. You actually need to make sure that the link actually says those words as they are written there.
You can't rephrase it.
That, in and of itself would be a CCP a noncompliance problem.
Please don't try to get cute or original.
Take a look at CNN's footer.
They use the wording as is required right there on the left side of your screen.
Okay, moving on
second general rule.
The link has to ensure that a customer can opt out of the sale of their personal information.
That is the point of it.
If you think back to module three. When I was describing all of the various consumer rights,
this link must actually work.
If you only click on the link and nothing actually happens after the fact. If information continues to be sold to third parties thing that will also be a CCP a noncompliance problem.
Please make sure, in real world context that the link, in fact, does work.
All right, item number three.
I strongly encourage you to at some point have an internal stakeholder meeting to determine whether or not your company. Because I assure you there are third party data transfers that are already a current.
You need to identify whether or not those go to the level of actual selling,
and you can think back to Module three and when we reviewed the definition of selling.
But again, a quick reminder that's valuable consideration or other types of monetary exchanges when information is going from one party to the other.
If that type of arrangement is occurring, you definitely need to have the do not selling.
I recommend contacting outside attorneys or consulting firms even for example, like mine that could help you guide through that conversation.
There's a decision to be made here for item number three.
You've got to pick one.
I recommend you make that decision either now, while watching this video or some time here in the near future,
all right, so moving on
something else that we need to keep in mind here,
the Do not sell link needs to route back to your consumer Request channel.
I strongly recommend that everything run back to whatever system you are using to keep track of the consumer requests that your company is receiving
that Do Not Selling should go back to your consumer request channel, because that's the only way you're going to be able to keep track of the various requests that your company is receiving.
By the way,
do not sell requests also fall within the 45 day requirement.
same with the 1 800 number.
Whoever is on the phone that could be a customer service agent or a privacy professional. Whoever you have trained to receive those phone calls needs to input the nature of the consumer request back into the Consumer Request Channel back into that ticketing system or whatever methodology you are using.
Because if you have a different set of consumer requests, depending upon how your company received it,
your company is not going to be able to keep track of all those requests simultaneously.
You're absolutely going to suffer a non compliance issue.
I personally witnessed this last summer, where a company was not keeping track of the request that came from one office versus the other, versus those coming in over the phone versus those that are coming in the email versus those that were coming in from a do not sell link request.
There were six different potential sources of a consumer request, and none of them were falling back into a centralized hub.
You absolutely need to make sure that everything falls back
moving forward from that. I need to also point out for a quick note on cookies
if someone submits a do not sell my personal information request.
Then you must stand down there cookie experience as their surfing through the Internet and on your Web page.
If someone has clicked, please don't sell my information, and they submitted their request. But the cookies are still working, and they are still being subject to whatever advertisement because of the cookie being on their page
again, that is a CCP, a noncompliance problem.
There's different solutions out there that can resolve this. I've mentioned to you some of the cookie blockers or automated big tech solutions that exist.
Please make sure that you have either purchased some sort of software or leverage some internal tool to make sure that these two worlds the cookie world and they do not sell my personal information world are speaking to one another, and that request flow from one to the other
that covers everything about cookies
in summary. For this lesson, what you need to stress again the importance of integrating your do not sell requests with the consumer Request channel.
This is a fantastic issue that a company will likely run into. If your company is to siloed into segregated,
you need to make sure that everything is being centralized, ideally in a privacy center, much like we saw with the CNN Time Warner example, or in some centralized page like we saw with the Hilton Hotels example.
Please make sure to take a moment to look at your employer now and see if they are complying with the requirements of the CCP A. By ensuring that the link is actually present on the footer or that at a minimum, you have declared that you do not sell personal information.
That sums up less than 8.5, and I'll see you in the next lesson.