Bullhorn for Salesforce CCPA Compliance Configuration Guide

Note: To take advantage of the features mentioned in this documentation, your Org needs to be using (Undefined variable: bh4SFVersions.Latest Package Version) or newer. See Release Notes for more details about which features were introduced in each release. If you would like to upgrade to the current release, contact Bullhorn for Salesforce Support.

Overview

This article for System Administrators contains the configuration steps for the Bullhorn for Salesforce CCPA Compliance ConsentClosed In BH4SF , Consent is used in the context of GDPR or similar data privacy processes. Candidates or Clients are usually asked to consent to the storage or sharing of their personal data. Tool. Looking for the user guide? See Bullhorn for Salesforce CCPA Compliance User Guide for more information.

Prerequisites

Upgrade to release 2020.01.1 (version 4.1) or higher. Contact Bullhorn for Salesforce support to request an upgrade, if needed.

Configuration Steps

Update Endpoints/Remote Site Settings

Go to Setup > Custom Settings > Talent Rover Properties > TalentRover Nova APIClosed API, or Application Programming Interface, is used by customers to create custom career portals or to take advantage of Data Mirror/DataMart. Bullhorn prefers to use REST API. Host and enter:

Copy 
 https://alleo.talentrover.com/

Go to Setup > Remote Site Settings > New and create a Remote Site Setting record for Consent with the following URL value:

Copy 
https://alleo.talentrover.com/

 

If you are testing the Consent Tool in a SandboxClosed Non Production Environments are used by customers to test new features prior to them going live., use https://alleo-sandbox.talentrover.com/ instead.

Remote Site Settings For Salesforce Classic Only

  1. In Classic, go to any tab then to the URL bar.

  2. Add apex/apex after salesforce.com/

  3. Click enter to get a new URL that contains a Visualforce reference.

  4. Copy and paste the URL up to visualforce.com (without /apex/apex) into a Remote Site Record.

Enable Consent in Custom Settings

  1. Navigate to Setup > Custom Settings > Talent Rover Properties and click on Manage.
  2. Check Enable New Consent Model to activate this feature.
    • Optionally, also check Enable Log Module if you want the system to generate Log records when errors occur. The logs will be stored in the Debug Log object, and you may need to make the Tab visible at a profile level.

Configure Global Picklists

  1. Navigate to Setup > Objects and Fields > Picklist Value Sets.
  2. Add/remove values from the Privacy Laws Global Picklist as required. This picklist is used on Consent Type records to create an association between the Consent Type record and the type of law it is used for (GDPRClosed General Data Protection Regulation is a set of rule enacted by the EU to further protect candidate / contact informtion and provide them control over their own information. or CCPA).
  3. Add/remove values from the Privacy Law Answer Options Global Picklist as required. This picklist is used on Consent Type records to capture the answers selected by CandidatesClosed A person looking for a job. A candidate can also be referred to as a Job Seeker, Applicant, or Provider. on the Public Page.

Add a Logo for the Public Page

  1. Switch to Salesforce Classic for this step.
  2. Go to the Document tab and upload the logo that will be displayed on the public page form.
    • Make sure to tick the Externally Available Image checkbox.
  3. Note down the Record ID of this document as you will need to enter it in the Logo Document Id field in Step 7.

Add a FavIcon Logo for the Public Page

  1. Switch to Salesforce Classic for this step.
  2. Go to the Document tab and upload the small logo that will be displayed on the browser tab for the public page.
    • Make sure to tick the Externally Available Image checkbox.
  3. Note down the Record ID of this document as you will need to enter it in the FavIcon Document Id field in Step 7.

Add the Consent Page and Request Consent button

Lightning: Add the Consent Page

In Setup > Tabs, create a Lightning Page tab using the Consent Tool [TR__Consent_Tool] option. You might need to make it visible to user profiles as required.

If your Org uses or has used the GDPR Consent Tool v1, you will see a second Consent link in App launcher. Make sure to rename or hide the tab to avoid confusion.

Lightning: Add the Request Consent button on Contact Records

  1. Go to Setup > Object Manager > ContactsClosed A contact (or client contact) is the person who the recruiter is working with at a Company. In Talent Rover a Contact can be either a Client Contact or a Candidate Contact. Both types of Contacts are stored in the same object (Contact). > Page Layouts.
  2. Choose the relevant Contact page layout then click Edit.
  3. Select Mobile & Lightning Actions in the top panel.
  4. Drag and drop the Request Consent button onto the Salesforce Mobile and Lightning Experience Actions area of the page detail and Save.

Classic: Add the Consent Page

  1. Go to Setup > Build > Create > Tabs > Visualforce Tabs.
  2. Click on New.
  3. In the Visualforce Page dropdown select CT_ConsentClassic.page.
  4. Enter Consent for the tab label and name, then select a tab style.
  5. Complete the steps by choosing the profile visibility and to which apps this should be added.
  6. Click Save.

If your Org uses or has used the GDPR Consent Tool v1, you will see a second Consent link in App launcher. Make sure to rename or hide the tab to avoid confusion.

Classic: Add the Request Consent Button on Contact Records

  1. Go to Setup > Object Manager > Contacts > Page Layouts.
  2. Choose the relevant Contact page layout then click Edit.
  3. Select Buttons in the top panel.
  4. Drag and drop the Request Consent button onto the Custom Buttons area of the page detail.
  5. Click Save.

Configure the Consent Configuration Custom Metadata Type

  1. Go to Setup > Custom Metadata Types > Consent Configuration (API Name: TR1__CT_ConsentV2Configuration__mdt) and click on Manage Records.
  2. Click on New.

This Configuration Guide focuses on configuring this setting for CCPACompliance. If you are configuring for multiple laws you will need to create a separate .mdt record for each law (one for CCPA, one for GDPR, etc.)

This table provides the list of fields and how to configure them:

Section Field Name Explanation
Detail

Label

Name of the .mdt record  (For example: CCPA Compliance)

Consent Configuration Name

API Name. IMPORTANT: The API Name must match the Law name used in the Privacy Laws Global Picklist.
General

Law Enabled

Switches on the Consent Module. It's referenced in various backend actions so it needs to be selected if you use Consent Tool v2.

Default

When this checkbox is selected, the Privacy Law configured in the .mdt record will be the default value in the Select the Law dropdown on the Consent Page. Only one default value is supported. If you have multiple privacy law .mdt records, even if you select this checkbox on all of them, the code will only consider the one selected first.
Email

Consent Email TemplateClosed In BH4SF, this mainly refers to email templates Name

You can use the package CCPA email template (Consentv2) or you can use your own template. In either scenario, the template must contain the public page link in this format: a href="NODEJSURL/v2/gdpr/consent?cId={!Contact.Id}&orgId=ORGANIZATIONID&lId=LAWID#googtrans(en|Language)"

From Email Address

You can specify a "From" email address here. If left blank the logged-in user’s email address will be used.

Add BCC in Email

Enable if you want to add a BCC in Email.

BCC Email Address

You can specify a BCC email address here. If left blank the logged-in user’s email address will be used.

Contact Email Field Name

Contact email field referenced when sending the CCPA email.

Consent Page Language

Not enabled.
Contact Creation Filter Criteria

Send Consent Email on Contact Creation

Enable if you want the CCPA email to be sent every time a new Contact is created, provided the criteria in New Contact Rule Filter is met. Dependent on Law Enabled being selected.

New Contact Rule Filter

If both Law Enabled and Send Consent Email on Contact Creation are enabled, then the criteria in this field will be checked every time a new Contact is created and the CCPA email sent if criteria are met.
Public Page

Show Response Text

When enabled, a free-text box is added under the main section of the public page. If the candidateClosed A person looking for a job. A candidate can also be referred to as a Job Seeker, Applicant, or Provider. enters text there it will be captured on the Candidate Consent record in the Response Text field (TR1__Response_Text__c).

Success Message

Message shown to Candidates after they submit their responses.

Candidate Not Found Error Message

In rare cases, such as if the Candidate record in the Org was deleted after the CCPA email was sent, when the Candidate tries to submit their request, the text entered in this field will be shown on the public page (for example: “Sorry, we are unable to process your response”).

Link Active Duration

Number of days the email template link will remain active.

Logo Document Id

Enter the Document Record ID of the image you uploaded in Step 4. The logo will be shown on the public page.

FavIcon Document Id

Enter the Document Record ID of the image you uploaded in Step 5. This will be used as FavIcon on the public page.

Consent Form Information

The text entered here will be used as the Page Title on the public page.

Document Public URL

To get this URL go to the Document tab and locate the Logo Document you are using in the public page then right click on the image to copy the address.
Consent Page

List ViewClosed One of the three user Interfaces in ATS v2 (the others being Kanban View and Table View) Prefix

Use the same Privacy Law name as in the Privacy Laws Global Picklist as a prefix to the List View name. The value selected in the Select the Law picklist on the Consent page will determine which List Views are shown on that page.

Create CCPA Consent Type

  1. Go to App Launcher > Consent Types.
    • If it is the first time using this in your Org, you might need to create a tab and enable it for User Profiles.
  2. In the Consent Types tab, click on New. On the record page layout, you should see the following fields:

    Consent Type

    Name of the Consent Type (for example “CCPA Compliance”).

    Consent Behavior

    Explicit: a response is needed - the public page shows response options (radio buttons or checkboxes).

    Implicit: no response required, only text is shown on the public page.

    Default Consent Type

    If you are configuring an automated action to fire the Consent Email every time certain conditions are met, the Consent Type that has this checkbox ticked will be used.

    Consent Email Body Request

    The text that you enter here will be shown to the Candidate on the public page (for example, your CompanyClosed A Company is the organization where the contact works. This can also be called the Client.’s Privacy Policy).

    Answer Options*

    This picklist value leverages the Privacy Law Answer Options global picklist. You can add/remove values from there.

    Privacy Law Name*

    This picklist value leverages the Privacy Laws global picklist. You can add/remove values from there.

    Consent Format*

    Choose Radio Buttons if the questions on the public page require one response exclusively. 

    Choose Checkbox if the questions on the public page can have multiple answers.

    Consent Page Order*

    If adding multiple consent types, the number in this field determines in which order they appear on the public page

The Consent Type fields marked with an asterisk (*) have been newly added to the package so when using them for the first time you will need to enable Field Accessibility at profile level. They are not supported in GDPR/Consent Tool v.1.

If you have been using GDPR Consent Tool and you are switching to this new version, please make sure that all of your existing Consent Type records have a value selected in the Consent Format field (if Consent Behavior is explicit). Failure to do so will result in no option at all on the public page (even if previously present).

Configure Candidate Consent Records

  1. If this is your first time using Candidate Consent you may need to create a tab for this object and provide object access at profile level.
  2. Go to Setup > Object Manager > Candidate Consent > Fields & Relationships > Privacy Law Name and give field access at profile level
  3. Go to Setup > Object Manager > Candidate Consent > Fields & Relationships > Candidate Response and give field access at profile level.
  4. If you are planning on adding a free text field on the public page you will want to add the Response Text field to the page layout.
    • See the description of Show Response Text in Step 7 for more details.
  5. Optionally you can add a Candidate Consent Related List to the Contact record.

The Candidate Response field on the Candidate Contact gets updated based on the backend depending on what response is submitted by the Candidate from the Public Page.

If Consent Behavior is set to Implicit on the Consent Type record this field is updated to Notice Sent when the CCPA Email is sent.

If Consent Behavior is set to Explicit on the Consent Type record, then this field is set to Not Responded when the CCPA Email is first sent. This field will then get updated with the Candidate’s response when the Candidate selects any of the options on the public page.

Add Reports to the Consent Page

  1. Go to Setup > Custom Metadata Type > Consent Report ( TR1__CT_ConsentV2Report__mdt). and click on New.
    • You will need to create a separate record for every Report you add.
  2. Enter a Label and Consent Report Name.
  3. Choose the name of the related Consent Metadata Type in the Compliance Law lookup field.
  4. Enter the Record ID of the Report you want to display on the Consent Page.
  5. Select Save to confirm your changes.

Two reports are included with the package in the “Talent Rover - Consent Reports” folder on the Reports object. If you wish to use them, create two Consent Report .mdt records and fill in the required fields. These are the Report names, please make sure to clone and customize them as required:

  • Candidate Responses by Privacy Law
  • Candidates by Privacy Law

(Optional): Configuration for Sending the CCPA Email Automatically

  1. Go to Setup > Custom Metadata Types > Consent Configuration and click on Manage Records.
  2. Go to the .mtd record you created for the required privacy law.
    • Example: CCPA
  3. Ensure the checkbox Law Enabled is selected.
  4. Check Send Consent Email on Contact Creation.
  5. In New Contact Rule Filter enter the criteria for the CCPA email to be fired automatically when a new Contact is created.
  6. Select Save.

(Optional) : Assign Users to a Permission Set

A Permission Set is available out of the package and will assign the following to Users:

Objects

  • Candidate Consents (Read, Create, Edit, Delete)
  • Consent Types (Read, Create, Edit, Delete)

Apex Class Access

  • TR1.CT_ConsentCoreAsync
  • TR1.CT_ConsentCoreUtil
  • TR1.CT_ConsentTriggerHandler
  • TR1.CT_LawChartsController
  • TR1.CT_LawSelectorController
  • TR1.UtilityLogger

Visualforce Page Access

  • TR1.CandidateConsentRequest
  • TR1.CT_ConsentClassic