Vendor list wizard: U.S. Multi-State Privacy (Standard)

   Permission: Vendor List - U.S. Multi-State

U.S. Multi-State Privacy (Standard) vendor lists are configurable registries of opt-in and opt-out privacy choices and authorized third-party vendors that do not adhere to any industry-specific specification like the IAB. A vendor list utilizing the standard framework will allow you to collect end-user consent for custom choices defined by your organization.

In order to guide your organization through the configuration process, we will walk you through the various pages of the U.S. Multi-State Privacy (Standard) vendor list wizard.

To start, click Vendor Management on the left-hand panel and click U.S. Multi-State Privacy from the subsequent menu.

Screenshot 2024-10-01 at 8.10.56 AM.png

Click + New Regulation.

Screenshot 2024-10-01 at 8.17.54 AM.png

Select the Standard option in the next modal and click Start regulation setup to begin your configuration. 

Screenshot 2024-10-28 at 10.19.43 AM copy.png


Name and Properties

From the Name & Properties page of the wizard, your organization will give your U.S. Multi-State Privacy (Standard) vendor list a name, define the the properties and/or property groups that should be associated with the vendor list, and how consent can be shared across properties. 

Screenshot 2024-10-03 at 11.13.24 AM.png

Field Description
Regulation Name The internal name of your vendor list.
Property Selection

Properties associated with a vendor list will inherit the vendors, privacy choices, etc... configured for the vendor list. This information will be surfaced in privacy managers, OTT messages, and/or first layer messages configured for the property. Click here for more information. 

  Note: While properties can be added to multiple inactive vendor lists, a property can only be associated with a single active vendor list. Click here to learn more about active statuses for vendor lists.

Consent Scope
  • Single site: Consent will only be applied to the same property an end-user has consented on.
  • Shared site: Consent will be shared across all properties on the vendor list that implemented the authenticated consent feature and website properties that share the same top level domain.

Framework Territories

Framework territories are the states/regions where Sourcepoint will collect consent for end-users who visit a property associated with the vendor list.

Add states/regions to your vendor list by clicking the checkbox to the right of a state's or region's name. Selected states/regions will appear in the Selected pane. 

Screenshot 2024-10-03 at 11.16.57 AM.png


Choices Selection

The privacy choices added to your U.S. Multi-State Privacy (Standard) vendor list reflect the data processing activities that your company engages in and, for which, you are requesting an opt-in or opt-out decision by your end-users. These privacy choices are divided into two categories:

Click Add Choice and select either Standard or Custom from the dropdown menu.

Screenshot 2024-10-03 at 12.08.42 PM.png

Standard privacy choices

Standard privacy choices are popular privacy choices identified by Sourcepoint and collated into a list for your convenience.  

Add a standard privacy choice to your vendor list by selecting the checkbox to the left of the privacy choice name and clicking Add selected choices.

Screenshot 2024-10-04 at 11.41.04 AM.png

Custom privacy choices

Custom privacy choices allows your organization to name privacy choices as you wish. Add a custom privacy choice by typing a name in the provided field and clicking Add

  Note: In the custom privacy choice modal, Sourcepoint has also included some common custom privacy choices that you can select to auto-populate the name. These choices are: Strictly Necessary, Performance or analytics, Functionality or personalization, and Targeted Advertising.

Screenshot 2024-10-03 at 1.20.24 PM.png


Language & Translations

Vendor list information is surfaced to your end-user via a first layer message and/or privacy manager. From the Language & Translations page, your organization can add translations (including the default language) to your vendor list so that it is translated in first layer messages and privacy managers according to an end-user's browser language preference.

Supported Language(s)

Use the Supported Language(s) dropdown menu to select all languages your organization plans to support. English will always be selected and act as the default language. 

Screenshot 2024-10-03 at 1.32.25 PM.png

Edit Privacy Choice Translations

Once your supported languages are selected, translations for these supported languages will appear for the your Standard privacy choice's Description and Choice Text fields. These translations are supplied by Sourcepoint. 

  Note: Any custom privacy choice added to your vendor list will need to have the content for English (Default) and any translations supplied by your organization for both the custom privacy choice's Description and Choice Text fields. 

Field Description
Description The description of a privacy choice is presented to end-users in the message ahead of the opt in or out toggle of the data processing activities listed. It should give users transparency and clarity into how your business is using the data you collect and give them information on how to exercise their choices.
Choice Text The choice text of a privacy choice is the text that directs the user to make a choice for a specific data processing activity.  For the Processing of Sensitive Personal Information privacy choice, this includes the individual categories of sensitive personal information that are included in the privacy choice.

Edit a translation by selecting whether to edit a Description or a Choice Text and then clicking a privacy choice from the left-hand side of the panel.

Screenshot 2024-10-04 at 11.49.26 AM.png

Once a privacy choice is selected, the translations for each supported language (including the default language) will populate in the right-hand side of the panel. 

Click the Edit icon inline with the provided translations.

Screenshot 2024-10-04 at 11.49.26 AM copy.png

Input your translation and click the checkbox to confirm the edit. Repeat as necessary for each supported language.

Screenshot 2024-10-04 at 11.53.00 AM.png


Region Mapping

The region mapping page provides a matrix of the framework territories and privacy choices you have added to your U.S. Multi-State Privacy (Standard) vendor list. Using the provided table your organization can set on a per-state basis whether a privacy choice should be an opt-in, opt-out, on not applicable choice. 

Consent Option Description
Opt-In The privacy choice will be presented as an opt-in choice for end-users in the U.S. State. 
Opt-Out The privacy choice will be presented as an opt-out choice for end-users in the U.S. State. 
Not Applicable The privacy choice will not be presented for end-users in the U.S. State.

For your convenience, Sourcepoint has configured the default for any Standard privacy choice added to your vendor list for each state based on the latest legislation. 

  Note: All Custom privacy choices added to a vendor list will default to Not Appplicable for all state unless otherwise edited.  

Edit the consent option for a privacy choice by navigating to that privacy choice's column and selecting the field inline with one of the states/regions. Repeat as necessary.

Screenshot 2024-10-04 at 1.10.28 PM.png

Global Privacy Control (GPC)

Global Privacy Control (GPC) is a technical specification for transmitting universal opt-out signals.

If the Standard privacy choice Sale or Share of Personal Information / Targeted Advertising is added to your list of privacy choices for the vendor list then you will have the option to support the Global Privacy Control (GPC) signal.

From the Region Mapping page, click GPC in the upper-left hand corner. 

Screenshot 2024-10-04 at 1.17.17 PM.png

Enable the Respect Global Privacy Control toggle and select the regions where the signal should apply in the provided field.

Screenshot 2024-10-04 at 1.33.15 PM.png

Click Save when finished.


Vendor Management

Add new vendors to your U.S. Multi-State Privacy (National) vendor list by clicking + Add Vendors in the upper right-hand corner. 

Screenshot 2024-10-02 at 8.28.00 PM.png

In the subsequent modal, select the System Vendors tab and navigate to your desired vendor. 

Click the checkbox to the left of the vendor name and use the provided Privacy Choice field to map the vendor to your configured privacy choices. 

  Note: By default, added vendors will be mapped to all configured privacy choices unless otherwise edited.

Click Add Selected Vendors when finished. 

Screenshot 2024-10-03 at 2.29.04 PM.png

  Note: Click here for more information on how to import vendors from a different vendor list into your Multi-State Privacy vendor list.


Opt In/Opt Out Hooks

Opt in/Opt out hooks allow you to set up custom actions for a vendor or privacy choice within a vendor list.

  • An opt in hook is eligible to be fired if the vendor or privacy choice has been opted into by the end-user.
  • An opt out hook is eligible to be fired if the vendor or privacy choice has been opted out of by the end-user.

Select whether to configure a hook for a Vendor or a Privacy Choice from the page.

Screenshot 2024-10-02 at 8.33.03 PM.png

Click + Add Hook.

Screenshot 2024-10-02 at 8.34.10 PM.png

Select a vendor or privacy choice from the provided dropdown menu in the subsequent modal. 

Screenshot 2024-10-07 at 7.35.35 AM.png

Select either Opt In Hooks or Opt Out Hooks tab and configure the hook.

Click Apply changes when finished. Click here to learn more about each aspect of the configuration modal. 

Screenshot 2024-10-07 at 7.37.29 AM.png

The hook will be added to your vendor list and added to the table on the Vendor or Privacy Choice tab. 


Advanced Settings

From the Advanced Settings page, your organization can configure how the signal is set and shared across your subdomains.

Screenshot 2024-10-09 at 11.25.15 AM.png

Advanced Setting Description
Write 1st party cookies to root domain

Toggling this setting ensures that the signal will be stored/persist across both the property's root domain (e.g. test.com) and subdomains (e.g. finance.test.com).

In practice, this will ensure that users won't see the same message when moving from root to subdomain or vice versa.

Write 1st party cookies from the server to the property

When enabled, the 1st-party cookie will be set by the server by passing a cookie from the server back to your site instead of using the on-site code to set the cookie.

This setting should be enabled if your organization has set up a CNAME subdomain.

Privacy Choice Expiration

When a user visits one of your properties the state of their privacy choices (e.g. opted in, opted out) is stored within a cookie for reference on future visits. Your organization can set the expiration of this cookie via the Privacy Choice Expiration field.

Input the expiration date for the privacy choice cookie (up to 36135 days). 

  Note: If the user clears their cookies or if the cookie expires and the user makes a subsequent visit to the property they will be deemed a new user, and therefore their privacy choices will return to the default state.

For this reason we suggest a longer time frame for the cookie expiration in order to continue honoring the users choices. 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.