Data Ethics

How LiveRamp is Preparing for CCPA

December 6, 2019  |   Andrea Reichenbach

LiveRamp firmly believes that enhanced accountability and a commitment to data privacy are vital business requirements—now more than ever. We strive to remain accountable to our corporate values, to do what’s right, and to respect others. We seek to set a high standard, reassuring our clients, associates, and partners that LiveRamp is in data and security compliance globally and are continuously working to comply with data regulations such as GDPR and CCPA.

How well businesses achieve readiness, responding to regulatory changes and beyond, can create strong competitive differentiation. Over the last many months, the LiveRamp Data Ethics team spoke to hundreds of clients, both about what they themselves are doing to achieve compliance and how LiveRamp is preparing for the CCPA effective date of January 1, 2020. This includes but is not exclusive to the following activities:

  • Product Classification. Depending on how the data is collected and used, CCPA draws a distinction between Business or Service Provider. In some instances, LiveRamp products put us in one category or the other. For example, we are a Service Provider for onboarding and a Business for the creation of our identity graphs.  
  • Full Data Inventory. From a CCPA viewpoint, it is essential to conduct a full inventory of the data LiveRamp collects and keeps in order to understand obligations associated with each piece of data. We are leveraging our previous GDPR data inventory efforts in preparation for our CCPA data inventory analysis. 
  • Contract Remediations. We are reevaluating all our contracts with partners and clients to ensure that we are in compliance with the guidance for CCPA and conducting contract remediation where necessary.
  • Productization and Operationalization of key CCPA components. CCPA requires certain updates to privacy policies and websites, which LiveRamp is in the process of completing. We are also establishing the appropriate reporting capabilities and a global consumer portal for access requests, and are working to facilitate both direct and indirect opt-out, deletion, as well as subject-access requests (SAR). 

While not required by GDPR or CCPA, LiveRamp is also an active participant and member of a number of industry organizations. As part of the IAB Tech Lab, LiveRamp contributed to the IAB’s Transparency and Consent Framework (TCF) in Europe. With the ANA here in the U.S., we helped develop the Data Transparency Label which discloses source, collection, segmentation criteria, recency, and cleansing specifics of third-party data. We also continue to promote practical and effective data-privacy protections as part of the legislative and regulatory process on both federal and state levels. 

Finally, LiveRamp has increased efforts for engagement and education. We have built an online education hub for CCPA, and have added CCPA-specific sessions to many of our RampUp conferences around the country to provide updates and perspectives from industry leaders.

As we approach the effective date for CCPA, LiveRamp will continue to provide further communications and updates in regards to readiness as well as new products and initiatives designed to serve the ecosystem at large.