High Volume Consumer Request Channel

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
4 hours 41 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Transcription
00:01
Okay.
00:02
Welcome everyone to lessen 8.4,
00:05
as promised. In the last lesson,
00:07
we will now be reviewing the methodologies. You can use it. Your company. If you already know you're going to be receiving more than five requests a month.
00:15
This is one of my favorite lessons because we're going to be looking at Riel World examples of real companies and how they dress the high volumes of requests that they receive
00:25
and sometimes on a daily basis
00:28
before we jump into it. Open up a new tab on your browser because we're going to be visiting the websites off specific companies and following along as we go in real time.
00:39
Take a moment to open up a new tab.
00:41
We will start first by looking at Hilton
00:47
Hilton has one of the best in my personal opinion. Native Consumer Request Landing pages.
00:53
Goto Hilton Com
00:55
Pause the video if you need to.
00:58
All right.
00:59
Once you're at the Hilton website, you'll see at the bottom of the page there is a footer.
01:03
I'm looking at item number one here, where the cookie statement, the site usage agreement etcetera are all available for a website visitor to review
01:12
The third item down is an interactive link named Personal Data Requests.
01:18
This link allows visitors to the website to exercise their consumer right. Should they choose to do so
01:23
Now, I just use the word consumer right, because that's a terminology that is established under the C C p. A.
01:30
You might be asking yourself, Well,
01:32
why does Hilton use the phrase personal data request?
01:36
The reason for that
01:37
Hilton is a global company, and it is subject to global privacy laws including, for example, Europe's GDP are
01:44
Brazil's L G. P. D.
01:47
These are all acronyms
01:49
Canada has. A law called Pippa
01:51
Hilton knows that they have to build a solution that can field requests that will differ depending upon where an individual lives.
01:57
I encourage you in real time.
02:00
Click on the third Link, their personal data request.
02:04
It will bring you to item number two here,
02:06
where you can see where you can select which country you reside in.
02:09
Now
02:10
pause the video if you need to.
02:13
If you select the United States, you'll be able to after that select the state of your residency.
02:20
However,
02:21
if you were to go into a different direction and select, for example, France. You will notice that if you continue playing with their website that there will be different rights that you can exercise on the Hilton Native Consumer Request landing page.
02:32
Why?
02:34
Because there's different rights available to you if you live in Europe, because the GDP are is more expansive and broader than the C C. P. A.
02:42
For the purpose of this course,
02:44
let's select together the United States in the state of residence. California
02:49
Again, remember, residents of California are the Onley ones that are able to enjoy the rights established under the C C. P A.
02:55
It will bring you to this third page here where it asks you to tell us about your requests.
03:00
Items three and four should be appearing on the same page on your screen.
03:06
We split them up to identify the differences in the potential rights that are available to you. If you do live in California,
03:15
the first one is a do not sell my personal information to the third Parties request
03:20
that is taken directly from the language of the C C p. A.
03:23
If you do not want your information to be sold to a third party, and your information already sits in the Hilton Network.
03:29
You just click that link
03:30
later in time, they're going to ask you for your first name and last name so they know who you are.
03:37
This is the methodology that Hilton has used to determine which rights and individual is going to be exercising.
03:43
You'll see an item number four, their request to know requested elite.
03:47
I love this language here because it explains in common sense language what an individual is trying to communicate with Hilton.
03:55
Let's just read this together.
03:59
Please tell me what personal information you have about me.
04:03
They could phrase it that way, which I think is the best way to phrase it.
04:06
They could have also if they wanted to phrased it. As
04:10
I would like to exercise my access requests,
04:14
they're both communicating the same thing. But
04:16
we all know that people aren't lawyers.
04:18
People don't understand the jargon that the CCP was written in.
04:23
I think Hilton is one of the class, a examples of how to field a variety of consumer requests in a variety of markets, all in a way that identifies which request is being triggered, versus which one that isn't
04:35
if your company has any sort of market presence or business model that mimics Hilton. I strongly recommend following their model.
04:43
That's example. Number two
04:45
Remember
04:46
example. Number one was nothing more than that interactive email address.
04:53
Example. Number three.
04:54
Let's check out CNN.
04:57
If you go to their footer click on privacy Policy,
05:00
you'll be redirected to their entire privacy policy.
05:03
They have a section they're called How to Exercise Your California writes.
05:08
Remember going back to the notice and Transparency model In this cyber recourse, CNN has an obligation to its inform its users
05:15
inform the visitors of its websites of the rights that exist under California law.
05:19
It is going to do so in number two.
05:24
You should do this in real time. If you'd like.
05:27
Click on Privacy Center.
05:29
You'll be brought to this interactive privacy center that applies to all of Warner Media.
05:33
Feel free to play through the website,
05:35
but you'll eventually be redirected to Item number four here.
05:41
Now
05:41
there's four different rights here,
05:43
three of which Onley apply to the C c. P. A.
05:46
If we're looking at item number four, the top right one.
05:48
Learn how to stop information from being sold.
05:51
That's the same thing. Is opting out of a third party sale of data? It's the same thing.
05:57
I love CNN as well. In this regard, they're using plain language
06:02
Item number four here,
06:03
the bottom left corner.
06:05
See the information we have about you
06:09
again?
06:10
That's an access request.
06:13
Now,
06:13
for those of you wondering, learn how to stop receiving marketing emails. That's another right that was established under a law called Can Spam.
06:20
Feel free to look it up?
06:23
C a N
06:25
S p a. M
06:27
different law, but CNN is subject is subject to that law as well.
06:30
They're trying to in their privacy center, integrate the laws that establish the CCP A as well as can span simultaneously.
06:39
Now notice.
06:41
This does not apply to 18 t, which partly own CNN.
06:45
I think it's a very nice way of differentiating which rights are going to apply to which sub components of the company.
06:51
If you work for a company that has a lot of sister organizations or joint ventures, I would take a strong look at how CNN slash Time Warner is addressing this hot button issue.
07:02
Example. Number four
07:04
there are third party vendors that can help our your consumer request change.
07:09
A great example of this is all state. The insurance company.
07:12
Goto Allstate dot com
07:14
Item number one Here
07:15
you will see there are multiple interactive links that users can play with if they so choose.
07:20
Let's click on a moment at the all state Privacy statement.
07:25
Let me click out of this box here for a second.
07:28
It will bring you to item number two,
07:30
which is the specific California writes that exist thanks to the ccps.
07:36
If we look at the third paragraph to submit an access or deletion request,
07:41
please click here.
07:45
If you click on that link, feel free to do this in real time. It will redirect you to the landing page that is powered by one trust.
07:51
Now, one trust is a software company.
07:55
I have no connection with them.
07:57
You're more than welcome to purchase their software.
07:59
They are more or less a ticketing system on steroids.
08:03
You can identify which rights are being exercised under which privacy law
08:07
feel free to check him out.
08:09
The reason I'm bringing them up and bringing them to your attention
08:11
is to inform you that there are software solutions out there that exist in the market.
08:16
I've done some webinars with one trust, but beyond that, I don't want to endorse any software vendor.
08:22
If you think that's a potential solution for you, I just wanna let you know that exists.
08:30
In summary item number one. Don't forget that was just using the interactive email address.
08:37
If that is not going to work for you because you're going to be having too many requests,
08:41
you can use a native consumer requesting landing page.
08:43
It's great for a company with large resource is
08:46
again, that's Hilton.
08:48
Feel free to also use a privacy center. That's CNN.
08:52
Check that model out if you are a company that is owned by a lot of other companies
08:56
or example. Number three,
08:58
a SAS third party vendor.
09:00
Feel free to check out one trust dot com.
09:03
They offer a software solution to this issue
09:07
that summarizes the Consumer Request Channel.
09:09
I'll see you in the next module as we review the do not selling.
09:13
I'll see you there
Up Next
California Consumer Privacy Act (CCPA)

This course examines the privacy obligations that are established by the California Consumer Privacy Act (CCPA) and how students can help their employers implement changes to their organizations to remain compliant with this new law.

Instructed By