California Consumer Privacy Act (CCPA) FAQs

Purpose: 

The purpose of this article is to provide information to Outreach Users regarding California Consumer Privacy Act (CCPA) compliance. 

Notes: 

• This article discusses the frequently asked questions regarding the CCPA and the regulation’s impact on businesses using the Outreach product. Though Outreach provides support to comply with CCPA requests that your organization receives, it is recommended a thorough review of the CCPA be conducted and you address any legal questions with your company’s corporate lawyer as applicable. 

California Consumer Privacy Act (CCPA) FAQs: 

Q: What is CCPA?

A: The California Consumer Privacy Act is a consumer rights law that went into effect January 1, 2020. The new gives California residents consumer privacy rights such as what information of theirs is being used, how their information is sold and shared, and the right to have their information removed from an organization's systems.

The following table illustrates the rights that are most relevant to how organizations will be impacted by the CCPA in conjunction with use of Outreach’s product, what to expect from their consumers, and how Outreach, as a “service provider,” or “data processor” will comply with requests.   

Q: What does CCPA mean for my business?

A: If your business collects personal information on California residents, these individuals  can begin exercising their rights on January 1, 2020

Q: Does Outreach sell consumer data?

A: While Outreach doesn't sell consumer data, CCPA may consider the scenario wherein organizations connecting third party integrations to Outreach, where a subsequent "exchange" of data may be considered a "sale." Consult with your company's corporate lawyer to determine if this scenario meets yours and CCPA's definition of the sale of data. 

Organizations should also reach out to third party application integrations to inquire about their privacy policies and legal agreement as they relate to data sharing and use and make any CCPA requests to them directly.  

Q: Can I submit a Do Not Sell Request?

A: Outreach does not sell personal consumer information; however organizations should reach out to any applications integrated with Outreach.

Q: What Outreach data is in scope for CCPA?

A: All personal information held in your instance of Outreach.

Q: Can consumers make direct requests to Outreach?

A: No. Outreach is a “service provider”; therefore, organizations using the Outreach platform will receive requests from individuals and need to filter their requests to Outreach as applicable. 

In instances where Outreach is a data controller and Outreach has a relationship with an individual individual may make a privacy request directly to Outreach. 

Q: Who can Submit an Access Request to Outreach?

A: Outreach users with Admin permissions are able to Submit an Access Request. This is not self serve at this time. 

Q: Who can Submit a Delete Request to in the Outreach product?

A: Outreach users with Admin permissions are able to Submit a Delete Request in the Admin tools in the Outreach product, which is a self serve feature.

Q: How can I delete Prospect information to remain compliant with CCPA?

Note: Only users with Admin privileges in your Outreach instance have the ability to submit a Privacy Compliance Deletion.

1. Navigate to your Organization's Settings and click on Data & Privacy.
2. Enter the e-mail of the Prospect you would like to fully remove from your Outreach instance.
3. Click Submit Request.

Please note you may only submit one e-mail at a time when removing Prospect information this way. This process is permanent, and will fully purge their data from your Outreach instance.

Note: Outreach will reply with a receipt of confirmation. The process will take up to 30 calendar days, and Outreach will update the support ticket as Resolved when the request is completed. 

Q: How long does it take for a Delete/Access Request to be finalized?

A: Outreach may take up to 30 calendar days to complete a Delete/Access Request. Outreach will update the support ticket as Resolved when the request is completed.

Q: Why does a Delete Request take 30 calendar days?

A: When a Delete Request is submitted, Outreach will comprehensively delete a consumer’s personal information from all of it’s business systems which is a more complex process than the in-app or API deletion features. 

Note: Outreach requests organizations to submit their verified delete requests ASAP in order to complete the request in a timely manner. 

Q: Why do I need to use the Admin Compliance Delete instead of using Outreach's existing delete functionality?

A: Outreach's in-app and API delete functions will delete most but not all personal data in Outreach. Use of the Compliance Delete feature ensures that  Outreach comprehensively scrubs personal information related to an individual from all of Outreach's systems. 

Example: Data from Data Science and Voice recordings are not part of the existing in-app delete function, but will be accounted for in the compliance delete process.  

Q: In what way is personal information deleted?

A: Data is either completely and fully deleted, de-identified, or aggregated. 

Q: How will I know when my request is complete?

A:  Once the Compliance Deletion request has finished, you will see it listed as "Done" on the status page for Data & Privacy section within your organization's settings.

Q: What if a previously deleted Prospect re-subscribes to my organization and is re-added to Outreach?

A: The prospect will start fresh with a new history of activity, communications and new profile and personal data.

Additional Resources: 

California Consumer Privacy Act

Outreach Blog: CCPA

Outreach Support Portal

Privacy Compliance