High Volume Consumer Request Channel
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 41 minutes
Welcome everyone to lessen 8.4,
as promised. In the last lesson,
we will now be reviewing the methodologies. You can use it. Your company. If you already know you're going to be receiving more than five requests a month.
This is one of my favorite lessons because we're going to be looking at Riel World examples of real companies and how they dress the high volumes of requests that they receive
and sometimes on a daily basis
before we jump into it. Open up a new tab on your browser because we're going to be visiting the websites off specific companies and following along as we go in real time.
Take a moment to open up a new tab.
We will start first by looking at Hilton
Hilton has one of the best in my personal opinion. Native Consumer Request Landing pages.
Goto Hilton Com
Pause the video if you need to.
Once you're at the Hilton website, you'll see at the bottom of the page there is a footer.
I'm looking at item number one here, where the cookie statement, the site usage agreement etcetera are all available for a website visitor to review
The third item down is an interactive link named Personal Data Requests.
This link allows visitors to the website to exercise their consumer right. Should they choose to do so
Now, I just use the word consumer right, because that's a terminology that is established under the C C p. A.
You might be asking yourself, Well,
why does Hilton use the phrase personal data request?
The reason for that
Hilton is a global company, and it is subject to global privacy laws including, for example, Europe's GDP are
Brazil's L G. P. D.
These are all acronyms
Canada has. A law called Pippa
Hilton knows that they have to build a solution that can field requests that will differ depending upon where an individual lives.
I encourage you in real time.
Click on the third Link, their personal data request.
It will bring you to item number two here,
where you can see where you can select which country you reside in.
pause the video if you need to.
If you select the United States, you'll be able to after that select the state of your residency.
if you were to go into a different direction and select, for example, France. You will notice that if you continue playing with their website that there will be different rights that you can exercise on the Hilton Native Consumer Request landing page.
Because there's different rights available to you if you live in Europe, because the GDP are is more expansive and broader than the C C. P. A.
For the purpose of this course,
let's select together the United States in the state of residence. California
Again, remember, residents of California are the Onley ones that are able to enjoy the rights established under the C C. P A.
It will bring you to this third page here where it asks you to tell us about your requests.
Items three and four should be appearing on the same page on your screen.
We split them up to identify the differences in the potential rights that are available to you. If you do live in California,
the first one is a do not sell my personal information to the third Parties request
that is taken directly from the language of the C C p. A.
If you do not want your information to be sold to a third party, and your information already sits in the Hilton Network.
You just click that link
later in time, they're going to ask you for your first name and last name so they know who you are.
This is the methodology that Hilton has used to determine which rights and individual is going to be exercising.
You'll see an item number four, their request to know requested elite.
I love this language here because it explains in common sense language what an individual is trying to communicate with Hilton.
Let's just read this together.
Please tell me what personal information you have about me.
They could phrase it that way, which I think is the best way to phrase it.
They could have also if they wanted to phrased it. As
I would like to exercise my access requests,
they're both communicating the same thing. But
we all know that people aren't lawyers.
People don't understand the jargon that the CCP was written in.
I think Hilton is one of the class, a examples of how to field a variety of consumer requests in a variety of markets, all in a way that identifies which request is being triggered, versus which one that isn't
if your company has any sort of market presence or business model that mimics Hilton. I strongly recommend following their model.
That's example. Number two
example. Number one was nothing more than that interactive email address.
Example. Number three.
Let's check out CNN.
They have a section they're called How to Exercise Your California writes.
Remember going back to the notice and Transparency model In this cyber recourse, CNN has an obligation to its inform its users
inform the visitors of its websites of the rights that exist under California law.
It is going to do so in number two.
You should do this in real time. If you'd like.
Click on Privacy Center.
You'll be brought to this interactive privacy center that applies to all of Warner Media.
Feel free to play through the website,
but you'll eventually be redirected to Item number four here.
there's four different rights here,
three of which Onley apply to the C c. P. A.
If we're looking at item number four, the top right one.
Learn how to stop information from being sold.
That's the same thing. Is opting out of a third party sale of data? It's the same thing.
I love CNN as well. In this regard, they're using plain language
Item number four here,
the bottom left corner.
See the information we have about you
That's an access request.
for those of you wondering, learn how to stop receiving marketing emails. That's another right that was established under a law called Can Spam.
Feel free to look it up?
C a N
S p a. M
different law, but CNN is subject is subject to that law as well.
They're trying to in their privacy center, integrate the laws that establish the CCP A as well as can span simultaneously.
This does not apply to 18 t, which partly own CNN.
I think it's a very nice way of differentiating which rights are going to apply to which sub components of the company.
If you work for a company that has a lot of sister organizations or joint ventures, I would take a strong look at how CNN slash Time Warner is addressing this hot button issue.
Example. Number four
there are third party vendors that can help our your consumer request change.
A great example of this is all state. The insurance company.
Goto Allstate dot com
Item number one Here
you will see there are multiple interactive links that users can play with if they so choose.
Let's click on a moment at the all state Privacy statement.
Let me click out of this box here for a second.
It will bring you to item number two,
which is the specific California writes that exist thanks to the ccps.
If we look at the third paragraph to submit an access or deletion request,
please click here.
If you click on that link, feel free to do this in real time. It will redirect you to the landing page that is powered by one trust.
Now, one trust is a software company.
I have no connection with them.
You're more than welcome to purchase their software.
They are more or less a ticketing system on steroids.
You can identify which rights are being exercised under which privacy law
feel free to check him out.
The reason I'm bringing them up and bringing them to your attention
is to inform you that there are software solutions out there that exist in the market.
I've done some webinars with one trust, but beyond that, I don't want to endorse any software vendor.
If you think that's a potential solution for you, I just wanna let you know that exists.
In summary item number one. Don't forget that was just using the interactive email address.
If that is not going to work for you because you're going to be having too many requests,
you can use a native consumer requesting landing page.
It's great for a company with large resource is
again, that's Hilton.
Feel free to also use a privacy center. That's CNN.
Check that model out if you are a company that is owned by a lot of other companies
or example. Number three,
a SAS third party vendor.
Feel free to check out one trust dot com.
They offer a software solution to this issue
that summarizes the Consumer Request Channel.
I'll see you in the next module as we review the do not selling.
I'll see you there