Do Not Sell Link

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 41 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Transcription
00:01
welcome everyone to lessen 8.5. As we will be discussing, we do not sell link, which is required under the C c. P. A.
00:09
You probably have already noticed these do not sell links on the Web sites that you visit.
00:13
This is a relatively straightforward subsection, but we do need to cover it separately.
00:18
We will be doing that here now.
00:21
The learning objectives and goals for less than 8.5.
00:25
Number one.
00:26
We will review specifically the compliance obligations that apply to the Do not sell link their specified under the C c p. A.
00:33
We will cover those
00:35
number two. There are some special considerations for how cookies and other ad technology solutions apply to the Do not sell link.
00:43
We will cover those as well,
00:45
then, third,
00:46
I will give you some helpful tips on how to integrate the Do not sell link with the rest of your company's consumer Request channel.
00:53
Please make a note off in particular objective number three there because this lesson does not exist in a vacuum, either.
01:00
It ties back to the items we have been discussing previously in Module eight.
01:03
I will point that out for you when that comes.
01:07
First off the general rule
01:11
that do not sell my personal information link
01:14
obligation Number one.
01:15
I'm taking this directly from the wording of the law itself.
01:19
Business must provide. And here's the term clear and conspicuous link on the business is Internet homepage titled Do Not Sell my Personal Information.
01:30
If you are ensuring right now that your company complies with the CCP A. You actually need to make sure that the link actually says those words as they are written there.
01:40
You can't rephrase it.
01:42
That, in and of itself would be a CCP a noncompliance problem.
01:46
Please don't try to get cute or original.
01:49
Take a look at CNN's footer.
01:51
They use the wording as is required right there on the left side of your screen.
01:57
Okay, moving on
01:59
second general rule.
02:00
The link has to ensure that a customer can opt out of the sale of their personal information.
02:06
That is the point of it.
02:07
If you think back to module three. When I was describing all of the various consumer rights,
02:12
this link must actually work.
02:14
If you only click on the link and nothing actually happens after the fact. If information continues to be sold to third parties thing that will also be a CCP a noncompliance problem.
02:23
Please make sure, in real world context that the link, in fact, does work.
02:30
All right, item number three.
02:32
If your business does not sell personal information, that fact has to actually be declared in your privacy policy.
02:39
I strongly encourage you to at some point have an internal stakeholder meeting to determine whether or not your company. Because I assure you there are third party data transfers that are already a current.
02:51
You need to identify whether or not those go to the level of actual selling,
02:57
and you can think back to Module three and when we reviewed the definition of selling.
03:00
But again, a quick reminder that's valuable consideration or other types of monetary exchanges when information is going from one party to the other.
03:08
If that type of arrangement is occurring, you definitely need to have the do not selling.
03:14
You can forego it if you don't believe that this applies to you, but you need to declare that in the privacy policy,
03:21
I recommend contacting outside attorneys or consulting firms even for example, like mine that could help you guide through that conversation.
03:30
There's a decision to be made here for item number three.
03:31
Either you're going to put the link in your footer of your Web page, or you're going to declare that you do not sell information in your privacy policy.
03:39
You've got to pick one.
03:40
I recommend you make that decision either now, while watching this video or some time here in the near future,
03:46
all right, so moving on
03:50
something else that we need to keep in mind here,
03:53
the Do not sell link needs to route back to your consumer Request channel.
03:57
I strongly recommend that everything run back to whatever system you are using to keep track of the consumer requests that your company is receiving
04:04
that Do Not Selling should go back to your consumer request channel, because that's the only way you're going to be able to keep track of the various requests that your company is receiving.
04:13
By the way,
04:15
do not sell requests also fall within the 45 day requirement.
04:20
Your privacy policy again, if someone is trying to submit a consumer request,
04:27
your privacy policy needs to be linked directly into your consumer request channel
04:30
same with the 1 800 number.
04:33
Whoever is on the phone that could be a customer service agent or a privacy professional. Whoever you have trained to receive those phone calls needs to input the nature of the consumer request back into the Consumer Request Channel back into that ticketing system or whatever methodology you are using.
04:49
Because if you have a different set of consumer requests, depending upon how your company received it,
04:55
your company is not going to be able to keep track of all those requests simultaneously.
04:59
You're absolutely going to suffer a non compliance issue.
05:02
I personally witnessed this last summer, where a company was not keeping track of the request that came from one office versus the other, versus those coming in over the phone versus those that are coming in the email versus those that were coming in from a do not sell link request.
05:17
There were six different potential sources of a consumer request, and none of them were falling back into a centralized hub.
05:25
You absolutely need to make sure that everything falls back
05:30
moving forward from that. I need to also point out for a quick note on cookies
05:34
if someone submits a do not sell my personal information request.
05:39
Then you must stand down there cookie experience as their surfing through the Internet and on your Web page.
05:45
Why?
05:46
Because cookies, especially in of course, marketing or other add technologies, are by definition a third party transfer for a valuable consideration.
05:55
If someone has clicked, please don't sell my information, and they submitted their request. But the cookies are still working, and they are still being subject to whatever advertisement because of the cookie being on their page
06:06
again, that is a CCP, a noncompliance problem.
06:11
There's different solutions out there that can resolve this. I've mentioned to you some of the cookie blockers or automated big tech solutions that exist.
06:18
Please make sure that you have either purchased some sort of software or leverage some internal tool to make sure that these two worlds the cookie world and they do not sell my personal information world are speaking to one another, and that request flow from one to the other
06:33
that covers everything about cookies
06:36
in summary. For this lesson, what you need to stress again the importance of integrating your do not sell requests with the consumer Request channel.
06:44
This is a fantastic issue that a company will likely run into. If your company is to siloed into segregated,
06:50
you need to make sure that everything is being centralized, ideally in a privacy center, much like we saw with the CNN Time Warner example, or in some centralized page like we saw with the Hilton Hotels example.
07:02
Please make sure to take a moment to look at your employer now and see if they are complying with the requirements of the CCP A. By ensuring that the link is actually present on the footer or that at a minimum, you have declared that you do not sell personal information.
07:16
That sums up less than 8.5, and I'll see you in the next lesson.
Up Next