Are you ready for CCPA?

Kendall Kunz

Privacy regulations like GDPR, CCPA, and more have organizations focused on protecting personal data. You can do more than just meet the minimum requirements by using Forms On Fire to build a strong data privacy program.


For many companies, data privacy is a new strategic priority. As firms face a growing list of data protection regulations and consumers become knowledgeable about their privacy rights, designing a data privacy competence has never been more important.


There are significant overlaps between the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA). These include a common set of principles about transparency, including an individual’s right to access or request deletion of personal data, the need for security, and the potential for substantial penalties for noncompliance. Though there are differences between the regulations, such as which organizations and individuals qualify, personal data definitions and individual rights (access, correction, deletion), the best practices required to help your compliance program are largely the same.


Forms On Fire’s platform provides you the tools necessary to meet both GDPR, CCPA and we believe other similar regulations to come. This is what we call security by design and helps you to establish a repeatable process for protecting data.


As a reminder of our privacy policy, data you collect on Forms On Fire is never used, sold or shared with any other organization. We host the data in our secure servers to serve your business purposes only. As a client of Forms On Fire, you are the data controller, which is to say that you define what data you capture, and we are simply the processor of data. You also define how you use our connector capabilities to share information. We’ll get into those capabilities in some detail in this article. Suffice it to say, we only exist in the relationship that serves your purposes only, not ours.

Security By Design

Consumers today expect and deserve any company’s assurance that they are careful how information is gathered, that they are careful how they use it and that they careful how they share the information with others. Each consumer should receive full disclosure on a company’s practices, how they limit information sharing, being ready to tell them what is known about them and to delete information held about them.


The Forms On Fire platform provides you with the capability to:



  • Classify personal information
  • Limit sharing and/or to share as anonymous
  • Find personal information, and
  • Delete personal information.

Protecting Your Consumers in Data Collection

Built into our platform is the ability to identify and classify all data that is personal data or may contain personal data. Everything in data collection begins with our simple to use drag and drop screen capture design tool – seen here to the right.



Each field that you define in a data entry screen can be classified as containing personal information. Classification is simple using a checkbox that says, “IS PERSONAL DATA”. Take a look at the example below, showing how the field “Customer Name”, IS PERSONAL DATA.

designer
personal data

Once data entry screens are classified as containing personal data and data begins to be collected, the platform allows you to manage any connectors (ie. the sharing of information) to anonymize that personal information. This includes downloads of data and connectors that may send or PUT information onto file or database storage. Each and every connector type, such as to Google Drive, Dropbox, SharePoint, PowerBI, etc. also maintains a checkbox to “Anonymize personal data”. It should be noted that you define who maintains access to reviewing, downloading or sharing information and how that information is shared. Most client end users (approximately 99%) are given only the mobile form ability to capture information, one record at a time and those mobile users do not maintain access to the web dashboard where multiple records may be found and downloaded.

Protecting Your Consumers in Data Downloading

Once data is captured in the platform, you control who may download information. For each potential download and using a simple checkbox “Anonymize Personal Data”, your administrators can download information that will obfuscate any personal information that you previously defined as containing or potentially containing personal information (see above, “IS PERSONAL DATA”). Whether it be a CSV, Excel or a bulk download in PDF format, your consumer data will be anonymized using this checkbox.

data

Notice below how data looks once downloaded. Data not classified as containing personal information for this customer order example, such as product, quantity and price, can be downloaded for analysis in spreadsheets. Downloading and sharing of bulk information via spreadsheets is likely your biggest control risk, so use this feature frequently to protect your consumers.

customer name

Protecting Your Consumers in Data Sharing

Similarly to the data download, each and every connector in the Forms On Fire platform maintains a checkbox to “Anonymize Personal Data” in exactly the same form as downloading information described above. This includes all connectors for file storage, data connectors, business intelligence connectors and our OPEN API REST connectors in XML or JSON format. See the image below for an example of connecting to a data warehouse using our RESTful POST connector:

connector

Further to our connectors, which initiate sending data from our platform, the OPEN API (accessing platform data directly from external systems) provides you with four different API Keys, two of which will anonymize all personal information on the platform when accessed using the API. See below for an example of these four API Keys.

api

Protecting Your Consumers By Finding Data Quickly

You may search for any personal data either manually and automatically. Using the manual method, you navigate to the specific data entries under Table View in the web dashboard. Finding data is simple and as a reminder you can download any data anonymously for any consumer request.



If you desire searching for data automatically, you may decide to use our OPEN API, which can gather data both anonymized or with full access.

formentry

Protecting Your Consumers by Deleting Data Quickly

You may want to delete data about consumers and just like searching for data either manually or automatically, you can do that using the Forms On Fire platform. In the same way that you search information manually above, and downloading it, your administrators can choose the delete option. Our OPEN API also supports an automatic DELETE of information, which can be done for any individual record. Please be careful using either of these DELETE facilities and test them thoroughly because there is no undo capability yet for DELETE.

Enabling Your Organization with Central Search and DELETE

Our platform is very powerful and includes the ability to search data from other systems using the REST API control in the screen designer. Thinking completely outside the box, conceivably you could design an entire CCPA “search and destroy” application using Forms On Fire. Each of your systems that contain personal information will need to be connected to a single form where the form queries each application and returns what information they contain. That information can be returned to a consumer in a single report and upon request, all information in each of your systems could be deleted automatically. This type of system will require significant testing but because of our OPEN API capabilities, these things are entirely possible.


Please contact us if you have any additional questions about support for GDPR, CCPA or any other data privacy needs you may have.

By Kendall Kunz | August 24th, 2019 | Blog

Share by: