CCPA "sharing Data" clarification

Brad Burlingham · Feb 5, 2020

One of the options for the new CCPA requirement is to make the following request "Opt-Out of Personal Information Sharing and Selling Rights request"

Its my understanding that the customer is just trying to prevent us for selling their data to another company, something we would never do. However, the "sharing" part is much more grey. We do "share" our data with our database mining vendor (autoalert), occasionally to a Direct Mail vendor and with facebook to create audiences to target with ads. However, those vendors aren't allowed to do anything with that data but market on our behalf.

Does anyone have any insight on this. I'd hate to stop marketing to our customers when they just wanted to make sure we weren't selling their data.

CarlAutofusion · Feb 5, 2020

Hello Brad, that's a really common question we get (the other one is how do you verify someone's identity before complying with their request)

The CCPA page lists definitions including how they define a third party here, under (w):

Law section

.

If your vendor has a written contract and:

Is not selling the consumer's information
The contract protects the consumer's information, which includes a statement saying they won't sell the consumer's information.
The contract only allows the vendor to do what you contracted them to do with the consumer's information and nothing else.

Then you should be ok.

This is usually one of the biggest problems dealerships we've been working with run into. They either don't have contracts or the contracts with their vendors don't have the written stipulations to protect the consumer's data so they are having to go back and work out new contracts.

Note: this is not legal advise and I am not an attorney. You should consult an attorney for a legal opinion.

-Carl

Brad Burlingham · Feb 5, 2020

thank you!

Jeff Kershner · Feb 5, 2020

Whao - it's @Brad Burlingham - it's been awhile my friend!

Brad Burlingham · Feb 5, 2020

CarlAutofusion said:
Hello Brad, that's a really common question we get (the other one is how do you verify someone's identity before complying with their request)

The CCPA page lists definitions including how they define a third party here, under (w):

Law section
.

If your vendor has a written contract and:

Is not selling the consumer's information

The contract protects the consumer's information, which includes a statement saying they won't sell the consumer's information.

The contract only allows the vendor to do what you contracted them to do with the consumer's information and nothing else.

Then you should be ok.

This is usually one of the biggest problems dealerships we've been working with run into. They either don't have contracts or the contracts with their vendors don't have the written stipulations to protect the consumer's data so they are having to go back and work out new contracts.

Note: this is not legal advise and I am not an attorney. You should consult an attorney for a legal opinion.

-Carl

do you have the actual section you pulled this from? i looked at "w" but didnt seem to be in context?

CarlAutofusion · Feb 5, 2020

Sure. I took a look and its' in section 1798.140
Search for "(w)". Its' almost at the very bottom of the page.
It starts "Third party" means a person who is not any of the following.

It defines who a 3rd party is not.

Search

CCPA "sharing Data" clarification

Brad Burlingham

4 Pounder

CarlAutofusion

Over the Curb

Brad Burlingham

4 Pounder

Jeff Kershner

Founder

Brad Burlingham

4 Pounder

CarlAutofusion

Over the Curb

Need help?

✨ AI Highlights

Latest posts