CCPA Automation: How to Automate Processing Requests

Imagine if a verified CCPA request took no time and no work to fulfill?Automating the fulfillment of CCPA requests provides both consistency and efficiency to businesses. A number of software companies in big tech Google, Yahoo, Microsoft, or marketing tech Amplitude, Braze, and many more are building APIs so you can programmatically fulfill requests as they come in. The first step to receiving a request is to verify it. I won’t touch on how our tool verify requests on this post.

At CCPA Toll Free, we want to make it simple to receive, verify and process requests. It is only natural we would start looking at the APIs from various software as a service companies to help automate your workflow – maybe making those APIs calls available at a click from your CCPA Toll Free dashboard. This is a guide which we will update that explains the different APIs available from companies to automate the fulfillment of CCPA requests. If that’s something of interest to you, contact me at support@ccpatollfree.com.

Webhooks

When you click the verified button on your CCPA Toll Free dashboard, we send a webhook event: privacy_request.updated to your webhook URL. In the JSON describing the privacy request, you have the customer information, and the verification status. If verified, you may start calling the retrieve or delete API from the services you are currently using. Here is a list of services and their API description.

Customers.io & CCPA Toll Free

Customers.io provides a single API to delete the customer information. They provide a manual process to get a copy of your customer information. That means, when processing a retrieve CCPA request, you have to manually compile a folder containing the data from customers.io. For delete requests however, you may use the API.

Step 1 of the API is to get your API secret key, and site ID available in the Customers.io dashboard. They currently use Basic Auth for authenticating, so here is an example of an API to delete a user from this documentation. From CCPA Toll Free, you will not have the customer id from Customers.io. You will have to retrieve that from your backend. And then POST to the API as follows:

curl -i https://track.customer.io/api/v1/customers/:id \
  -X DELETE \
  -u YOUR-SITE-ID-HERE:YOUR-SECRET-API-KEY-HERE

Shopify & CCPA Toll Free

Shopify has both APIs and webhooks just like we do. The webhooks are useful if you use Shopify as your privacy request manager, and then want to receive HTTP requests when CCPA requests come in. Of course, they are less sophisticated than CCPA Toll Free in managing privacy requests.

Shopify uses GraphQL mutations OR HTTP Requests to process your CCPA requests. If you need to delete a user, you can call the delete API. However, make sure to delete all orders associated with this user first, or you will get an error.

DELETE /admin/api/2020-10/customers/{user_id}.json

To retrieve customer data, you will need to retrieve the customer information, and all the orders associated with the customer. Then compile them into a file, and send to your customer.

Amplitude & CCPA Toll Free

Amplitude is a leader in automating CCPA requests. They are part of the founders of OpenGDPR. In order to delete user data, you can authenticate your request with Basic Auth:

POST https://amplitude.com/api/2/deletions/users
Arguments
amplitude_ids: Amplitude IDs to be deleted.
user_ids: User IDs to be deleted.
requester: The person who requested the Amplitude ID to be

Amplitude currently does not have an API to retrieve all customer information. Of course, this data is big and probably needs to be asynchronous and send you a file for you to forward to your customer.

Conclusion

Overall, there are lots of different APIs, authentication methods, and API architectures to learn from to successfully automate CCPA requests. OpenGDPR is a protocol to help standardizing creation and discovery of the status of a CCPA request. Some companies skipped to building a delete/retrieve API as opposed to creating a CCPA request manager following the OpenGDPR protocol, which could make sense if we believe they are not request managers. We are also monitoring the use of a platform like Zapier to connect the different services but it’s still very EARLY!

If you need help with your CCPA compliance, start by signing up. Our services start at $25 / month billed annually, and provide you with a webform, toll-free number, verification methods, webhooks and much more.

CCPA data illustration