I was honored to participate in the recent CCPA panel discussion hosted by the ACMA. I provided my perspective on preparedness from the service bureau world. For those of you who could not attend, below is a recap of key considerations for retailers who work with service bureaus.
- In order to be CCPA compliant, a marketer DOES need to send these requests to their service bureau, as well as co-ops.
- Send your requests securely (i.e. SFTP), not via email.
- Clearly label the type of request so that Do Not Sells are still included in the marketer’s own campaigns.
- Delivery of CCPA requests should be timed to the cadence of services provided by the vendor (i.e. mailings vs. database updates).
- Right to Know requests are best cross checked against the service bureau, but answered through the marketer’s own internal source systems.
- Requests to delete data should include the (not so obvious) places where service bureaus store data: Mail files and Matchback response files as well as various forms of Masterfile’s created for mailing purposes or more advanced marketing databases. Note: A service bureau does not have to delete requested client data from back-up systems as they will age out over time, unless the data is restored/accessed.
Your service bureau should have an established, documented procedure for handling these requests. Maintain a copy of the latest policy for each vendor that you work with. In addition, if this topic is important to you, please consider joining the ACMA. CCC joined in 2019 and we have become very active members. The ACMA seeks to protect a variety of interests of concern to catalog and online merchants, as well as their suppliers. Click here to learn more.