Configuring the Data Privacy Feature for CCPA Compliance
Overview
This article contains information on configuring the Data Privacy feature. The Data Privacy feature has been used previously by many of our customers for compliance with GDPR, with some minor configuration changes it can also be used for CCPA compliance purposes.
This article will cover the process to implement your choice of settings and content for the Data Privacy module specifically for CCPA compliance. This article will assume that the User has already reviewed the Data Privacy feature guide.
The Data Privacy User Guide, presents a comprehensive end-user guide on how to use all aspects of this feature.
This article covers:
How to Enable the Data Privacy Module
How to Enable the Data Privacy Module
Permission Required: Please note, to access System Preferences you need the "Access System Preferences" permission
Data Privacy can be enabled within System Preferences by navigating to Global Settings > Data Privacy and checking the Enable Data Privacy box:
By default, this feature is labelled ‘GDPR’, but this is customizable to suit your business requirements. For CCPA only compliance, we would advise updating the label to CCPA. If using for CCPA and GDPR, "Data Privacy" is an appropriate title.
Configure Data Privacy Record
After the feature has been enabled, you can configure the settings for this feature by opening the Data Privacy Record. Click to the Tab in Outlook, then into the Data Privacy Icon:
The Data Privacy record will open. This record is accessible to all users and is used as a central point of reference for storing Data Privacy Documentation and associated settings in .
Permission Required: Please note, all Users can view this record, to Edit the GDPR Record, you need the "Edit Data Privacy Record" permission
This section of the article will walk through the initial configuration steps, it will then detail the individual sections of the Data Privacy Record.
Lawful Bases
Click to the Lawful Bases tab to view a list of all Lawful Bases for storing and processing data for people in your database.
By default this list will be populated by the 6 Lawful Bases included in the GDPR legislation.
We would advise to click Edit to show the following window:
Firstly, click Create New Lawful Basis. This will add a new row into the grid, click into the row and change the Lawful Basis title to CCPA and ensure the Active checkbox is ticked. You can also add a description here if you wish.
If there are any Lawful Bases that do that apply to your organisation (e.g. you do not fall under the jurisdiction of GDPR or you don't wish to use all the GDPR Lawful Bases) you can make them inactive by unchecking the checkbox in the Active column. If your organisation falls under both GDPR and CCPA compliance, you may wish to consider editing the title of the GDPR Lawful Bases to include a "(GDPR)" suffix, such as in the example screenshot.
If you mark a Lawful Basis as "Inactive", this will prevent the Lawful Basis from being assigned to any records. This will not remove the Lawful Basis if assigned already from any existing records.
For CCPA, there isn't a requirement to request consent from People, therefore we would advise leaving the "Requires Consent" checkbox empty for the CCPA Lawful Base. If this is checked, a User will have to request consent from any Person with this Lawful Basis assigned, this isn't a necessary action.