Do Not Sell or Share Overview
CPRA gives data subjects the Right to Opt-Out of the Sale of their Personal Information to third parties. DataGrail customers have the ability to handle Do Not Sell or Share (DNSS) requests through an intake form, verify those requests, and maintain a record log for compliance.
DataGrail User Roles
Only the following User Roles will have access to the Do Not Sell or Share tab:
- Super Admin
- Request Admin
- Request Approver
- Request Agent
Combining any user roles that do not have access to this UI with any of the above user roles that do have access to this functionality will grant a user access to these updates. e.g. If a user had a Request Admin Role, adding a Super Admin role to their user record would then allow them access to the Do Not Sell or Share page.
Request Creation Methods
Intake Form
The Intake Form provides the ability to have an immediate understanding of location and enables Authorized Agent.
Request policies are now tied to opt-outs. This is not a required field, and the older form version will remain compatible even if a location is NOT tied to the opt-out. If your DNSS form has any customizations (including text), reach out to your CSM about when these changes will be reflected for you.
Manually
Requests can also be created manually within the Do Not Sell or Share tab in DataGrail. To do so, click Add Request in the upper right corner of the Opt Out Queue.
The following information is required during creation:
- First Name
- Last Name
- Email - Requestor email; used for verification process
Optional fields:
- Country - Location of the requestor
- Subregion - Appears when a country has been specified and a subregion is available (e.g. State)
- Additional Info - Used for notes
Opt Out Queue
Click on the individual request to view more information, including:
- User Information (first name, last name, email, and location)
- Verification Status
- Date Submitted
- Due Date
- Request Policy
You have the ability to take the following actions on the request
- Complete Request (after all configured integrations have completed)
- Deny Request
- Request Extension
Filtering Requests
Do Not Sell or Share requests can be filtered by the following:
- Verification Status
- Ticket Status
- Location
Verification status filters: Verified and Unverified. Verified means the requestor or authorized agent has verified the request.
Ticket status filters: Complete, Not Started, In Progress, Canceled and Incomplete.
The Location filter lists all available countries and states (subregion), not just those associated with request policies. You can search for the country or state (subregion) to filter by that single location.
Request States
A request can have the following states:
| Status | Definition |
|---|---|
| Not Started | Request has been submitted to the queue. No verification has occurred on this request |
| In Progress | Integrations for DNSS request have started |
| Complete | Integrations have completed for the request, the request has been verified and the user has completed the request |
| Cancelled | A user has denied the request |
Bulk Management
To manage multiple requests, select the requests and then use one of the following actions:
- Mark as Complete
- Request Deadline Extension
Users are not able to bulk deny requests.
Exporting Requests
Privacy teams can export a copy of all DNSS requests to a .tsv file by clicking the Download .tsv button in the top right
Automation Rules
Users have the ability to configure automation rules for Do Not Sell or Share requests by going to the Settings tab in the navigation menu, then under Request Manager click Automation.
Once a Do Not Sell or Share request has been completed
| Option | Description |
|---|---|
| Send the Do Not Sell or Share confirmation email | Confirmation email sent to the requestor. The confirmation email template can be updated. |
| Do not send the Do Not Sell or Share confirmation email | No confirmation email is sent. |
Once a Do Not Sell or Share request is submitted
| Option | Description |
|---|---|
| Don't send a verification email | Verification will be skipped, and the request will automatically start processing. |
| Send a verification email | Request will start processing after the requestor has verified their email. |
When all integrations have finished processing a Do Not Sell or Share request
| Option | Description |
|---|---|
| Automatically mark the request complete | Request status updated to Complete. No further action required. |
| Manually mark the request complete | You will need to manually update the request status. |
Integrations
Integrations that support Do Not Sell or Share:
- Facebook Marketing
- SparkPost
- Braze
- Picsart
- Sailthru
- mParticle
Integration States
Do Not Sell or Share Integrations return a True or False signal when the integration is processed. If a False signal is returned, you can retry the integration or contact support if there are issues with the integration can be retried.
Users cannot cancel the processing of a DNSS integration.
Tag Managers
Tag managers -- most commonly, Google Tag Manager (GTM) -- are a tool that allow you to manage and deploy tags (snippets of code or tracking pixels) on your website without changing the code. Common uses include inserting JavaScript for analytics tools like Google Analytics or Amplitude, retargeting solutions like AdRoll, and trackers like Marketo or HubSpot. Moz has a more in-depth explanation.
GTM consists of three components:
- Tag - the JavaScript or tracking code that is inserted
- Trigger - a rule for when to insert a tag
- Variable - contains a value
For example, if you want to log all pageviews to Google Analytics, you would use a Google Analytics tag and tell it to trigger on all page views.
To learn more about setting up GTM for Do Not Sell or share, click here.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.