Do Not Sell or Share Overview
CPRA gives data subjects the Right to Opt-Out of the Sale of their Personal Information to third parties. DataGrail customers have the ability to handle Do Not Sell or Share (DNSS) requests through an intake form, verify those requests, and maintain a record log for compliance.
DataGrail User Roles
Only the following User Roles will have access to the Do Not Sell or Share tab :
- Super Admin
- Request Admin
- Request Approver
- Request Agent
NOTE : Combining any user roles that do not have access to this UI with any of the above user roles that do have access to this functionality will grant a user access to these updates. e.g. If a user had a Request Admin Role, adding a Super Admin role to their user record would then allow them access to the Do Not Sell or Share page.
Overview
Do Not Sell or Share requests can be created and focused on providing context to the progress of a Do Not Sell or Share request. Details have been added surrounding the requestor, the integrations connected to the request, and the progress of the request. Requestors have new actions they can take surrounding extending deadlines for requests and being able to see where requests are coming from.
Request Creation via Opt Out Form
The Opt-Out form provides the ability to have an immediate understanding of location and enables Authorized Agent.
NOTE: Request policies are also now tied to opt-outs. This is not a required field, and the older form version will remain compatible even if a location is NOT tied to the opt-out. If your DNSS form has any customizations (including text), reach out to your CSM about when these changes will be reflected for you._
Manually Create Do Not Sell or Share Requests
You can also manually generate Opt-Out Requests within the Do Not Sell or Share tab in DataGrail. Information required in order to create an Opt-Out request is as follows:
- First Name
- Last Name
Location (Country) and notes (Additional Info) are optional fields. You can add a country to specify a location, and if a subregion is available, the sub-region will appear in the drawer; this field is not required to add a request.
Do Not Sell or Share Requests Details View
Users can click on the individual request and view the data submitted through the form. Information included in the details view are as follows:
- User Information (first name, last name, email, and location)
- Verification Status
- Date Submitted
- Due Date
- Request Policy
In the Details view, there will also be actions to take. The actions that are available to a user are:
- Complete the Request (*note: requests can only be completed when all configured integrations have been completed.)
- Deny the Request
- Request an Extension
Do Not Sell or Share Status States
Statuses available Do Not Sell or Share have been updated to provide greater detail on where the submission is the process :
| Status | Definition |
|---|---|
| Not Started | Request has been submitted to the queue. No verification has occurred on this request |
| In Progress | Integrations for DNSS request has started |
| Complete | Integrations have completed for the request, the request has been verified and the user has completed the request |
| Cancelled | The user has denied the request |
Integration States for Do Not Sell or Share
Do Not Sell or Share requests being In Progress means the there are integrations enabled for Do Not Sell or Share. Do Not Sell or Share Integrations return a True or False signal if the integration is processed. If a false signal is returned, a user can retry the integration or will need to contact support if there are issues with the integration.
Integrations that support Do Not Sell or Share are as follows;
- Facebook Marketing
- SparkPost
- Braze
- Picsart
- Sailthru
- mParticle
*NOTE : Users cannot cancel the processing of a DNSS integration.
Do Not Sell or Share Filters
DNSS requests can now be filtered by the following:
- Verification status
- Ticket status
- Location
Verification status has two inputs: verified and unverified. Verified means the requestor or authorized agent has verified the request.
Do Not Sell or the ticket status can also update the DNSS request status. The available statuses are complete, not started, in progress, and canceled.
Location filters have all countries available (not just the countries or locations associated with request policies). Users can search for the country or state (subregion) to filter by that location. Users can only filter by a single location.
Bulk Managing Do Not Sell or Share Requests
You can now select multiple requests and manage those requests with the actions listed below:
- Mark as Complete
- Extend the Request
NOTE: Users will not be able to bulk deny requests.
Automation States
You will also see added automation rules for DNSS requests. The following table walks through each automation rule and the subsequent function. To set these rules, the user will need to access the Settings tab in the navigation menu, then under Request Manager click on Automations.
| Rule | Function when Enabled |
|---|---|
| Send the Do Not Sell or Share confirmation email | The automation rule sends a confirmation email to the requestor. Customers can update the do not sell or share confirmation email template. |
| Do not send the Do Not Sell or Share confirmation email | The automation rule does NOT send an email when a request is received. |
| Don't send a verification email | Once a request is created and the automation rule is to skip verification, it will automatically start processing the request and set the request in progress |
| Send a verification email | Once a request is created and the automation rule is set to send a verification, the request will start processing once the requestor has verified the email. |
| Automatically mark the request complete | The opt out request is automatically marked complete if the automation rule is set to automatically mark the request complete. |
| Manually mark the request complete | The opt out request is NOT automatically marked complete if the automation rule is set to manually mark the request complete |
Downloading Requests
Compliance Teams can download a copy of all requests at any time by clicking the Download button. DataGrail will download a .tsv file directly to the browser upon request.
Tag Managers
Tag managers -- most commonly, Google Tag Manager (GTM) -- are a tool that allow you to manage and deploy tags (snippets of code or tracking pixels) on your website without changing the code. Common uses include inserting javascript for analytics tools like Google Analytics or Amplitude, retargeting solutions like AdRoll, and trackers like Marketo or Hubspot. Moz has a more in-depth explanation.
GTM consists of three components: tags, triggers, and variables. Briefly, a tag is the javascript or tracking code that is inserted; a trigger is a rule for when to insert a tag; and a variable can hold values. For example, if you want to log all pageviews to Google Analytics, you would use a Google Analytics tag and tell it to trigger on all page views.
To learn more about setting up GTM for Do Not Sell, check out the article here.
Please reach out to support@datagrail.io with any questions!
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.