Note: This article discusses frequently asked questions regarding the CCPA and its potential impact on businesses. Though Outreach provides support to comply with CCPA requests that your organization receives, it is recommended a thorough review of the CCPA be conducted and address any legal questions with your company’s corporate lawyer as applicable.
Q: What is CCPA?
A: The California Consumer Privacy Act is a new consumer rights law going into effect January 1, 2020. The new law gives California residents new consumer privacy rights such as what information of theirs is being used, how their information is sold, and the right to have their information removed from an organization's systems.
The following table illustrates the rights that are most relevant to how organizations will be impacted by the CCPA, what to expect from their consumers, and how Outreach, as a “service provider,” or “data processor” will comply with requests.
|Consumer Right||Description||What Outreach Does|
|Request to Delete||Consumers may request that a business delete their personal information from their systems.||Outreach accepts an organization's delete requests (i.e. Request to Delete) via a support ticketing process, and completes the request.|
|Request to Know||Consumers may request a report detailing the personal information a business collects on them.||Outreach accepts an organization’s export requests (i.e. Request to Access) via a support ticketing process, and returns a full report upon completion.|
|Request to Opt-Out||Consumers may opt out of the sale of their personal information.||Outreach doesn’t sell personal information. However, organizations should consider reaching out to any applications integrated with Outreach to inquire about their privacy policies.|
Q: What does CCPA mean for my business?
A: If your business collects personal information on California consumers, these consumers can begin exercising their rights on January 1, 2020
Q: Does Outreach sell consumer data?
A: While Outreach doesn't sell consumer data, CCPA may consider the scenario wherein organizations connecting third party integrations to Outreach, where a subsequent "exchange" of data is considered a "sale." Consult with your company's corporate lawyer to determine if this scenario meets yours and CCPA's definition of the sale of data.
Organizations should also reach out to third party application integrations to inquire about their privacy policies and make any CCPA requests to them directly.
Q: Can I submit a Do Not Sell Request?
Q: What Outreach data is in scope for CCPA?
A: Outreach’s “Prospect” information, such as a Prospect’s Profile, Communications, and Activities.
Q: Can consumers make direct requests to Outreach?
A: Typically, no. Outreach is a “service provider”; therefore, organizations using the Outreach platform will receive requests from consumers and need to filter their requests to Outreach as applicable. However, if a consumer is being contacted directly by Outreach vs by one of our customers using our platform an individual consumer may make a request.
Q: Who should Submit an Access/Delete Request to Outreach?
A: Outreach users with Admin permissions are able to Submit an Access/Delete Request.
Note: Organizations may also extend permissions to fully delete and export Prospect data to all users if they choose.
Q: How can I Submit an Access/Delete Request?
Submit an Access/Delete Request (CCPA)
Note: Only users with Admin privileges in your Outreach instance should Submit an Access/Delete Request of consumer data.
- Access the Outreach Support Portal.
- Click Submit a Request.
- Select General Question from the Form dropdown menu.
- Select Other from the Feature Topic dropdown menu.
- Specify the request type in the Subject field.
Example Subject Line: Full Prospect Delete or Full Prospect Export.
- Input the Prospect’s email address in the Description field.
Note: If the request is for multiple prospects, list them in the description field.
Example Description: The UFoP is requesting the deletion of the following prospect’s data:
Tasha.firstname.lastname@example.org; email@example.com; and Wesley.firstname.lastname@example.org.
- Click Submit.
Note: Outreach will reply with a receipt of confirmation. The process will take up to 90 calendar days, and Outreach will update the support ticket as Resolved when the request is completed.
Q: How long does it take for a Delete Request to be finalized?
A: Outreach may take up to 90 calendar days to complete a Delete Request. Outreach will update the support ticket as Resolved when the request is completed.
Q: Why does a Delete Request take 90 calendar days?
A: When a Delete Request is submitted, Outreach will comprehensively delete a consumer’s personal information from all of it’s business systems which is a more complex process than the in-app or API deletion features.
Note: Outreach requests organizations to submit their verified delete requests ASAP in order to complete the request in a timely manner.
Q: Why do I need to submit a Delete Request, instead of using Outreach's existing delete functionality?
A: Outreach's in-app and API delete functions will delete most but not all personal data. A support ticket instructs Outreach to comprehensively scrub personal information related to a Prospect from all of Outreach's systems.
Example: Data from Data Science and Voice recordings are not part of the existing in-app delete function, but will be accounted for in the support ticket.
Q: In what way is personal information deleted?
A: Data is either completely and fully deleted, de-identified, or aggregated. The method used for a consumer’s request to delete will be detailed in final support ticket message, when confirming that the request to delete is complete.
Q: How will I know when my request is complete?
A: Outreach will update the support ticket as Resolved and provide the requester with a confirmation message indicating completion as applicable.
Q: What if a previously deleted Prospect re-subscribes to my organization and is re-added to Outreach?
A: The prospect will start fresh with a new history of activity, communications and new profile and personal data.