Bullhorn for Salesforce CCPA Compliance User Guide

Note: To take advantage of the features mentioned in this documentation, your Org needs to be using Package Version 7.16 or newer. See Release Notes for more details about which features were introduced in each release. If you would like to upgrade to the current release, contact Bullhorn for Salesforce Support.

Overview

A versatile tool is available for customers that need to comply with Data Privacy regulations, the ConsentClosed In BH4SF , Consent is used in the context of GDPR or similar data privacy processes. Candidates or Clients are usually asked to consent to the storage or sharing of their personal data. Tool (Available in the 2020.01.1 release, v. 4.1 and newer). This is a more flexible version of the Bullhorn for Salesforce GDPRClosed General Data Protection Regulation is a set of rule enacted by the EU to further protect candidate / contact informtion and provide them control over their own information. Tool, introduced in May 2018. Customers that are using the GDPR Tool can continue to do so or switch to the Consent Tool, which has similar logic and uses some of the same code. The Consent Tool is supported in both Lightning and Classic.

The Consent Tool can be used to comply with CCPA regulations and this article will focus on how the Consent Tool helps manage CCPA requirements.

What is CCPA?

The California Consumer Privacy Act (CCPA) is a bill intended to enhance privacy rights and consumer protection for residents of California, United States.

CCPA Key Requirements:

  • Notice on capture: Businesses must, at or before the point of data collection, provide notice to the consumer of the categories of personal information to be collected and the purposes for their use.
  • Publish Privacy Policy: A business must describe consumer privacy rights, disclosure modes, and data categories captured in its online privacy policy and companyClosed A Company is the organization where the contact works. This can also be called the Client. contact information.
  • Enable Consumer Rights to stop data from being sold: A business must provide a "Do Not Sell My Personal Information" feature that enables a consumer to opt out of the sale of the consumer's personal information.
  • Enable Consumer Rights to Delete records: A consumer may request a copy of their personal information collected by the company and/or request that the company delete their personal information.
  • Enable Consumer Right to Disclosure: A consumer may request to know the information (details / categories) that any company has about the consumer.

When does CCPA take effect?

CCPA regulations go into effect January 1, 2020.

How does CCPA affect the staffing industry?

At its core, a recruitment business relies on collecting and utilizing the personal data of potential candidatesClosed A person looking for a job. A candidate can also be referred to as a Job Seeker, Applicant, or Provider. including contact information, resume databases, applications, public jobClosed A job (vacancy, position, role) is an opening for which a customer's client needs a placement. boards, and social media profiles. To continue using data in this way, CCPA compliance is mandatory if your business meets the criteria below:

CCPA applies to any “for-profit” business that:

  • Does business in California which involves consumer data collection and its processing / sales;

AND EITHER

  • Has annual gross revenues in excess of $25 million;

  • Buys, receives, sells, or shares the personal information of 50,000 or more CA consumers/residents;

OR

  • Derives 50% or more of their annual revenues from selling CA consumers'/residents’ personal information

Consent Tool for CCPA -  Feature Set

The Bullhorn for Salesforce Consent Tool assists clientsClosed A Company is the organization where the contact works. This can also be called the Client. in remaining compliant with new CCPA regulations. This tool helps with the day-to-day administration of CCPA compliance by providing a way to automatically or manually share the Company’s Privacy Policy with Candidates and, if required, offer them opt-out options. The tool can also be used to retroactively meet CCPA compliance requirements for candidates that are already in the system.

Bullhorn for Salesforce provides several mechanisms to assist in meeting CCPA  regulations.

It is very important to realize that Bullhorn for Salesforce does not in any way certify compliance. Rather, Bullhorn for Salesforceprovides a tool to clients that seek to meet their compliance objectives

Features Offered:

  1. Create a personalized Consent Type record to capture your Company’s Privacy Policy and (if required) offer any of the opt-out options to your CandidateClosed A person looking for a job. A candidate can also be referred to as a Job Seeker, Applicant, or Provider.. The content of the Consent Type is then referenced on a public page linked to the CCPA email.
  2. Manually send Candidates the CCPA Compliance email with a link to a public page showing the Company Privacy Policy and opt-out options. This can be done in two ways:
    • using the Request Consent button from a Contact record
    • selecting candidates from a list on the new Consent page and sending the CCPA email from there
  3. Optionally set up an automatic flow where the CCPA Compliance email is sent every time a new Contact record is created if certain criteria are met.
  4. Capture a Candidate's response to the CCPA email using the Candidate Consent object. Add the Candidate Consent Related List to your Candidate Contact page layout to easily access the CCPA email-related information. The fields on Candidate Consent records will get updated both when a CCPA email is sent and when a Candidate replies to the CCPA email with any of the opt-out requests.
  5. Using the CCPA related Candidate Consent fields, users will be able to track CCPA emails sent and any Candidate response through reports and dashboards.

Candidates can respond to the CCPA email by submitting any of these three requests:

  • Do Not Sell My Personal Information
  • Disclosure Request
  • Delete My Records

The corresponding field will be updated on the Candidate Consent record when such a request is received, but the CCPA Compliance Tool doesn’t include any out-of-the-box solution for meeting such requests. It is the user’s responsibility to monitor CCPA email responses and to act on them.

CCPA Compliance Flow - Step by Step

This is a description of how your users can take advantage of the Consent Tool to comply with CCPA . We assume that your Organization has been upgraded to the required package version and that the initial configuration has been completed.

Create a CCPA Consent Type Record

  1. Privacy Law Name: Select the name of the Privacy Law that this Consent Type record is associated with. In this case, CCPA.
  2. Consent Type: Enter a name for this Consent Type record. For example CCPA Compliance.
  3. Consent Email Body Request: This is where, in the case of CCPA, the information about how you use personal data is captured. The text that you enter here will be displayed in the public page linked to the CCPA email.
  4. Consent Behavior: There are two options:
    • Explicit: A response is needed/expected. The public page shows the response options (radio buttons or checkboxes)
    • Implicit: No response required, only the text is shown on the public page.

      NOTE: if you decide to only provide the Candidates with your Privacy Policy, choose ‘Implicit’ here. No opt-out options will be offered on the Public Page. If you select ‘Implicit’ there is no need to populate ‘Consent Format’ and ‘Answer Options’.

  5. Consent Format: Choose Radio Buttons if the questions on the public page require one response exclusively (For example : ‘I Consent’/’I do not Consent’)
    • Choose Checkbox if the questions on the public page can have multiple answers.
  6. Answer Options: This multi-select picklist lets you choose the questions and opt-out options that you want to provide for your Candidates. The values are taken from the Privacy Law Answer Options Global Picklist. For CCPA we have:
    • Do Not Sell My Personal Information
    • Disclosure Request
    • Delete My Records

Send CCPA Email to Candidates

  1. Navigate to the Consent page by clicking App Launcher > Consent.
  2. Select CCPAfrom the Select the Law dropdown.
  3. Choose the list of Candidates that you want to work with from Select list view.
    • To see any of your Contact List Views in this drop-down, you need to prefix the name of the list view with CCPA (or the prefix entered as the list view prefix in the Consent settings at the time of the Consent Tool configuration.)
  4. After selecting one or more Candidates from your list, click on the Send Consent button.
  5. A pop-up shows the available Consent Types for the selected law. Select the desired options then click Send Email.

This page is also designed to assist with tracking emails sent and the Candidate's responses. Through configuration you can add either the package reports or your own reports to this page. You can also quickly check which emails were sent and if there was a response for an individual candidate by clicking on the View link in the History column.

The CCPA email can also be sent directly from a Contact record by using the Request Consent button that can be added to the Contact page layout as part of the initial configuration.

Candidate Receives the CCPA email and Clicks the Public Page Link

There is an included Email template that you can use for your CCPA compliance emails.

The text is generic and can be edited, or you can use your own template, but in both cases it is very important that the link in the template is preserved. This is what the candidate will receive:

Public Page Content and Options

After clicking the hyperlink in the email, the candidate will be navigated to this public page.

If the Consent Type record associated to this page has Consent Behavior set to Implicit, the candidate will be provided the information with no further action needed. If Consent Behavior is set to Explicit then the questions and opt-out options are offered. The candidate will need to select an answer and submit.

Candidate Consent Record Field Updates and How CCPA Compliance is Tracked

When the CCPA email is first sent out it triggers the creation of a Candidate Consent record which is a child object to Contact most of the information related to CCPA is stored.

  1. Candidate: Name of the Candidate you sent the CCPA email to.
  2. Email Sent Date: Timestamp of when the email was sent.
  3. Privacy Law Name: Formula field that populates with the Privacy Law Name from the Consent Type record.
  4. Consent Type: Name of the Consent Type record associated with the emails sent out.
  5. Candidate Response:
    • If Consent Behavior is set to Implicit on the Consent Type record this field is updated to "Notice Sent" when the CCPA Email is sent.
    • If Consent Behavior is set to Explicit on the Consent Type record, then this field is set to “Not Responded” when the CCPA Email is first sent. This field will then be updated with the Candidate’s response when the Candidate selects any of the options on the public page.

      This field gets updated through code and the values are driven by the same global picklist that is used for the Answer Options field on Consent Type (Privacy Law Answer Options Global Picklist), which in turn determines the answer options visible on the public page.

The data captured on Candidate Consent records can be leveraged to track the CCPA compliance flows using standard Salesforce reporting.

Send CCPA Emails Automatically

As part of the Consent Tool feature set we offer the option of setting up an automated action for automatically firing the CCPA Email. Criteria can be entered in the main Consent Tool configuration setting (Consent Configuration Custom Metadata Type) so that every time a new Contact record is created and the criteria are met, then the CCPA email will be sent out to the new Candidate. This is done as part of the initial configuration.