• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

CCPA "sharing Data" clarification

Brad Burlingham

Skate Alert
May 28, 2009
52
17
Awards
3
First Name
Brad
One of the options for the new CCPA requirement is to make the following request "Opt-Out of Personal Information Sharing and Selling Rights request"

Its my understanding that the customer is just trying to prevent us for selling their data to another company, something we would never do. However, the "sharing" part is much more grey. We do "share" our data with our database mining vendor (autoalert), occasionally to a Direct Mail vendor and with facebook to create audiences to target with ads. However, those vendors aren't allowed to do anything with that data but market on our behalf.

Does anyone have any insight on this. I'd hate to stop marketing to our customers when they just wanted to make sure we weren't selling their data.
 
Hello Brad, that's a really common question we get (the other one is how do you verify someone's identity before complying with their request)

The CCPA page lists definitions including how they define a third party here, under (w):
.

If your vendor has a written contract and:
  • Is not selling the consumer's information
  • The contract protects the consumer's information, which includes a statement saying they won't sell the consumer's information.
  • The contract only allows the vendor to do what you contracted them to do with the consumer's information and nothing else.
Then you should be ok.

This is usually one of the biggest problems dealerships we've been working with run into. They either don't have contracts or the contracts with their vendors don't have the written stipulations to protect the consumer's data so they are having to go back and work out new contracts.

Note: this is not legal advise and I am not an attorney. You should consult an attorney for a legal opinion.

-Carl
 
Hello Brad, that's a really common question we get (the other one is how do you verify someone's identity before complying with their request)

The CCPA page lists definitions including how they define a third party here, under (w):
.

If your vendor has a written contract and:
  • Is not selling the consumer's information
  • The contract protects the consumer's information, which includes a statement saying they won't sell the consumer's information.
  • The contract only allows the vendor to do what you contracted them to do with the consumer's information and nothing else.
Then you should be ok.

This is usually one of the biggest problems dealerships we've been working with run into. They either don't have contracts or the contracts with their vendors don't have the written stipulations to protect the consumer's data so they are having to go back and work out new contracts.

Note: this is not legal advise and I am not an attorney. You should consult an attorney for a legal opinion.

-Carl
do you have the actual section you pulled this from? i looked at "w" but didnt seem to be in context?