top of page
Organizations are required to disclose their personal data processing practices of California residents (consumers). The disclosure should include the following:
  • Purpose for data collection
  • Categories and sources of the collected personal data
  • Third parties with whom the personal data is shared
  • Categories of personal data sold or disclosed to third parties
  • Specific attributes of personal data that have been collected

Organizations require a comprehensive data classification and an easily accessible disclosure capability.
Personal data categorization/classification 
A comprehensive data classification is a vital first step for this.
Manual: Map out standard or custom objects and identify any custom fields required. APEX or workflows to support timely exports or API integrations.
Automated: Data tagging & inventory

One of the best ways to describe an individual's rights and how a company uses/processes that data is to put it on your website. If they apply to everyone equally, listing them publicly and including a link to it will meet the requirement.
Disclosure & Policy Management: Automate multi-lingual and regional variants with Cloud Compliance 
Next: Consumer Requests
bottom of page