IRM has many features specifically for CCPA. This section details such features.
- “Do Not Sell My Information” button
- Support for custom intake form field type “Static Text”
- Double confirmation support for Request Types
- Due Date configuration by Location and Request Type
- Display of other requests submitted by DS in the last 12 months
‘Do Not Sell My Information’ button
IRM now provides a button specifically for request type ‘Do Not Sell My Information’.
Static Text Custom Intake Form Field Support
Admins can now use the Static custom form field to provide any instructions to Data Subjects in the intake form.
Double Confirmation Support for Request Types
For certain request types, CCPA mandates that customers must get double confirmation from the Data Subject before the request is submitted. IRM allows this setting to be provided for any request types. To enable this, simply do the following:
-
Select the Edit Request Type button on any of the chosen Request Type in the drop-down menu.
-
In the Edit Request Type window, select the Enable double confirmation when submitting this request type checkbox and save your settings.
When double confirmation is enabled for a certain request type, data Subject is shown a second confirm button after the request is submitted.
Due Date Configuration by Location and Request Type
CCPA mandates that customers respond to ‘Unsubscribe or Opt-out’ request types within 15 days while customers have 45 days to respond to other request types. IRM allows Due date configuration to be done based on the ‘Resident of’ field and ‘Request Type’ field. Request Types are optional in the condition. To configure this, follow the steps outlined below.
-
Under Admin menu, click Settings.
-
In the Due in Days for Processing Request column, select any of the default settings listed and click the Update Due in Days button.
You can also create a new Due In Days settings by clicking the Add new due in days link at the bottom of the page.
-
Select the Geographical Area and Request Type in the fields provided.
-
Enter the Due In days in the next field. You can choose to customize it or select a predefined day(s).
NOTE: One geographical area or country or state and Request Type combination can be used in only one rule. However, it is possible to have three rules, one for a geographical area, one for a country within that area and one for a state within that country. For example, there can be three Due In Days rules for North America, The United States, and California. In this case, the most specific rule will be used. Also, it is possible to have two rules for California but with different Request Types.
Important: IRM provides TrustArc recommended settings for Due In Days. CCPA for California, SB 220 for Nevada, and GDPR for member states of the European Union & 3 EEA countries. If any contradicting rules exist, Use TrustArc recommended settings will provide a warning message and overwrite the rules for the above three regions. Any rules created for other areas would not be deleted.
Display of Other Requests Submitted by DS in Last 12 Months
CCPA allows customers to reject a request if a Data Subject has submitted more than two requests in the last 12 months. IRM provides data in the request regarding how many requests have been submitted by the same Data Subject based on the email.