Updated California Consumer Privacy Act (CCPA) regulations provide businesses a new, optional Privacy Options icon to communicate opt-out options to California residents.
In a March 15, 2021 press release, California’s Attorney General Xavier Becerra announced new CCPA regulations. The additional regulations support California residents’ right to opt out of the sale of their personal information by preventing websites from making the opt-out process difficult. To facilitate streamlined consumer opt outs, the new regulations offer an optional Privacy Options icon for businesses to use on their websites and apps.
A PNG file of the icon is available on the Office of the Attorney General’s website.
The blue icon was designed and tested in a year-long process by researchers from Carnegie Mellon University’s CyLab and the University of Michigan’s School of Information.
In addition to the phrase, “Do not sell my personal information,“ the icon is designed to help consumers quickly identify information about their privacy choices on a website or app, including the company’s opt-out process. The official regulation states:
(f) Opt-Out Icon. (1) The following opt-out icon may be used in addition to posting the notice of right to opt out, but not in lieu of any requirement to post the notice of right to opt-out or a “Do Not Sell My Personal Information” link as required by Civil Code section 1798.135 and these regulations. Page 3 of 5 (2) The icon shall be approximately the same size as any other icons used by the business on its webpage.
For businesses that need help with crafting their privacy policies in compliance with CCPA and other data privacy laws, privacy policy generator software is available to assist. Privacy policy generator software helps companies generate and maintain privacy policies that are compliant with regulatory standards, such as the EU’s General Data Protection Regulation (GDPR), CCPA, and other jurisdictional requirements.
To honor a user’s consent choices, businesses often employ consent management platform (CMP) software to legally document and manage a user’s consent choices prior to collecting, sharing, or selling user data from online sources such as websites and apps that use cookies, embedded videos, and other tracking technologies.
Businesses also use data subject access request (DSAR) software to process a consumer’s request to access, port, or delete the data a company holds on them. DSAR solutions ensure requests are fulfilled within the mandated response timeframes, provide workflows to help employees across an organization collaborate on locating consumer data, and ultimately provide the data to the requesting user.
For more comprehensive privacy program management, businesses may opt to use data privacy management software.
These tools include a centralized dashboard and have modules related to consumer request management, sensitive data discovery, and data mapping. Many data privacy management software also have additional functionalities of identity verification software, privacy impact assessment (PIA) software, privacy policy generation tools, cookie and website tracking compliance, and data breach notification functions.
G2 scores products and sellers based on reviews gathered from our user community, as well as data aggregated from online sources and social networks, and presents these rankings on our G2 GridⓇ. The G2 GridⓇ shows up-to-date, live rankings for data privacy management solutions based on user reviews.
Further information on the methodology for G2’s GridⓇ rankings, is available on the G2’s scoring methodology page.
Products in G2’s Data Privacy Management software category often specialize in the specific country or region-specific data privacy regulation it supports, such as the EU’s GDPR, the CCPA, Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), and others. At present, the site hosts 10 products specifically designed for LGPD, 26 products for CCPA, and 52 products for GDPR.
On the Data Privacy Management software page on G2.com, users can filter software solutions that will meet the specific regulation they seek to comply with.
Disclaimer: I am not a lawyer and am not offering legal advice. If you have legal questions, consult a licensed attorney.
A massive Capital One data breach has released sensitive information impacting more than 100...
by Aaron Walker
On October 20, 2020, it was announced that FinancialForce, a provider of ERP and professional...
by Nathan Calabrese
As expected, generative AI seemed to be the main topic discussed at SAP TechEd last week, but...
by Gabriel Gheorghiu
