The California Consumer Privacy Act (CCPA) introduces new rights for California residents—requiring companies that conduct business in the State of California to implement structural changes to their privacy programs. These new consumer rights, such as the right to opt out of the sale of your personal information, have resulted in two critical challenges. First, organizations need a scalable and efficient way to process and respond to consumer requests to exercise their new rights to opt out. Second, organizations must maintain detailed, ongoing records for compliance.

How OneTrust Helps 

With OneTrust, your organization can simplify CCPA compliance by leveraging a customized suite of tools, each offering CCPA-specific functionality. By leveraging the OneTrust Consumer Rights Management tools, your organization can pinpoint what data you hold, how it is used, and what third parties have access to it, and automate the intake and fulfillment of consumer requests. The OneTrust platform directly addresses CCPA requirements relating to consumer rights and do not sell requests and sets organizations on the right trajectory for supporting a global privacy program.

OneTrust CCPA “Do Not Sell” Solutions 

Under the CCPA, all consumers have the right to opt out of the sale of their personal information. This is enabled by adding a “Do Not Sell My Personal Information” link to your website. With OneTrust Consumer Rights Management, you can direct consumers to a customizable web form, allowing them to opt out of the sale of their personal information. Moreover, organizations should have a way to verify that they are effectively respecting consumers’ “Do Not Sell” requests, as well as documenting the details in the process.

The OneTrust Consumer Rights Management tool documents consumer “Do Not Sell” requests within the platform to demonstrate compliance with the CCPA. These records are then synched to your other technologies via a plugin or API integration to avoid accidental or unauthorized sale of consumer data.

Additionally, for organizations that sell or purchase behavioral tracking data via cookies, OneTrust Cookie Consent helps prevent the unlawful sale of this type of consumer information. With OneTrust Cookie Consent, your organization can also display various cookie consent notices based on the location of the consumer (e.g. notice-only cookie banner for California and opt-in banner for the EU).

Personal information under the CCPA is broadly defined and includes internet or other electronic network activity information, unique identifiers (which include cookies), and information regarding a consumer’s interaction with a website, application, or advertisement. This means that businesses, when responding to requests for information and deletion, will also need to know which cookies and other tracking technologies are associated with a particular person. The OneTrust Cookie Consent & Website Scanning tool allows you to scan your website to automatically detect cookies and other tracking technologies, generate a detailed cookie notice, and provide a cookie preference center for visitors to granularly select which types of cookies consumers can enable or disable.

Lastly, the OneTrust Universal Consent & Preference Management tool helps businesses maintain records of consent. Via the OneTrust Preference Center, offer a preference management center and embed a link to enable consumers to opt out of the sale of their personal information. This empowers consumers to take more control over their settings, creating a better experience and more personalized marketing.

Many privacy challenges stem from collecting personal information and freely using it without first understanding the potential legal repercussions. OneTrust’s “Do Not Sell” solutions for the CCPA bridge the gap between privacy and marketing teams with powerful tools that not only promote compliance, but also drive greater personalization and can increase opt-in rates. A comprehensive privacy program is incomplete without tools that address the many challenges that come from marketing.

Regardless of the maturity of your privacy program, it’s never too soon to start planning for your CCPA readiness. OneTrust for CCPA is a full set of scalable solutions and services specifically designed to implement CCPA requirements and workflows to support a global privacy program.

For additional information, or to request a live OneTrust for CCPA software demo, visit or email [email protected]

Register for our CCPA Master Class Series featuring Do Not Sell Requirements, August 6, 2019 1:00 pm ET | 10:00 am PT.


Check out our CCPA blog series: