Disclosure

Organizations are required to disclose their personal data processing practices of California residents (consumers). The disclosure should include the following:

 

• Purpose for data collection

• Categories and sources of the collected personal data

• Third parties with whom the personal data is shared

• Categories of personal data sold or disclosed to third parties

• Specific attributes of personal data that have been collected

Impact

Organizations require a comprehensive data classification and an easily accessible disclosure capability.

 

Solution

Personal data categorization/classification 

​

A comprehensive data classification is a vital first step for this.

Manual: Map out standard or custom objects and identify any custom fields required. APEX or workflows to support timely exports or API integrations.

 

Automated: Data tagging & inventory

Disclosure

One of the best ways to describe an individual's rights and how a company uses/processes that data is to put it on your website. If they apply to everyone equally, listing them publicly and including a link to it will meet the requirement.

 

Disclosure & Policy Management: Automate multi-lingual and regional variants with Cloud Compliance 

​

Next: Consumer Requests