2.7 Release: Secure Uploads & Downloads, Consent Management & Privacy Center Improvements, & Light/Dark Mode
Secure Uploads & Downloads for Privacy Requests
Concord has always prioritized both verification and security by implementing automated user identity verification for all data privacy requests. This not only adds an extra layer of protection but also cuts down on compliance costs by reducing the processing of invalid requests. Our latest release builds upon the functionality to make it easy for you to upload and deliver data to your users as part of the privacy request process. This includes:
- Advanced File Upload Support for Privacy Requests: This feature enables organizations to securely upload multiple files to individual "Get a Copy" privacy requests through our Admin Interface. Upon resolving a request, an automated process combines all files into a secure zip file, accessible exclusively by the designated end user.
- Identity Verification for Secure File Downloads: We continue to leverage our robust identity verification process, ensuring that your users can securely access their data as part of the fulfillment process. The inclusion of time-sensitive links further strengthens this security measure.
- New Privacy Portal Microsite for Secure Downloads: We are proud to introduce our new Privacy Portal microsite, offering users an effortless yet secure data access experience. By building upon our stringent identity verification measures, this portal reflects our unwavering commitment to data protection and building trust with users.
- Privacy Portal for Secure Downloads: Our new privacy portal microsite leverages that identity verification, ensuring that users can effortlessly access their secure data during the fulfillment process, reflecting our unwavering commitment to safeguarding user information and fostering trust.
- Download Activity Tracking: To ensure accuracy in data handling, all download activities are traceable, further solidifying our commitment to data transparency and control.
- Auto-Deletion of Files: To uphold data security, all files are automatically deleted 30 days after email/link delivery, or 7 days post-download.
Together, these updates are designed to further streamline the handling of incoming privacy requests, making them more secure and user-friendly for businesses and individuals alike.
Flexible Consent Management Refinements
For flexibility when it comes to global data privacy laws and in order to ensure comprehensive support for CCPA/CPRA and other US data privacy regulations, we have added a number of more powerful and granular configuration options that can be easily configured via our Admin experience. These include:
Blocking Mode: This gives you additional control over how we block cookies and scripts and has four options:
- Disabled: No blocking of cookies and scripts will occur.
- Discovery: Identifies and lists cookies and scripts for categorization, without blocking them.
- Permissive: Allows only Strictly Necessary and Unclassified cookies and scripts to run prior to user consent. Categorized cookies and scripts will be blocked until user consent is received.
- Strict: Only permits Strictly Necessary cookies and scripts to run until user consent is received. This mode is required for full GDPR compliance.
Consent Mode: Privacy laws and regulations often have a key difference in how user consent must be capture. GDPR and other similar regulations typically require active user opt-in, or express/explicit consent, while United States laws like CCPA/CPRA only require implied/implicit consent. We now allow you to choose which mode is used within any given project in your Concord organization. Here are the options and how they work:
- Implied: Automatically triggers implied consent opt-ins for all privacy setting categories. Users can then choose to opt-out afterwards via your enabled consent banner or privacy center options.
- Express: Users must actively accept or alter their consent settings via the consent banner or privacy center. This mode is required for GDPR compliance.
Banner Mode: This allows you to enable or disable the consent banner. Useful if you only want to give your users access to privacy center or when using discovery mode above to classify your cookies and scripts.
Consent Banner Button Options: We have also added a “Close Button [X]” option to the consent banner settings, and added full visibility and configuration settings for all of the consent banner buttons.
Powerful Privacy Center Refinements
In our latest update, we're giving our users even more control over the look and feel of their branded privacy centers. This includes a range of customization options for various modules, providing users with the ability to alter labels/titles, descriptive text, and the ability to toggle certain features on or off. The configurable privacy center options now include:
- Floating Button: Adjusts whether the floating button widget is shown on your page, which gives your users easy access to your branded privacy center.
- Privacy Disclosures Module: Displays your privacy policies and terms of service for transparency and easy access by your users.
- Privacy Requests Module: Allows users to view and submit different types of privacy request forms. These options include Change Request, View Request (Get a Copy), Delete Request, and Do Not Sell or Share Request.
- Consent History Module: Displays an individual user's granular consent choices, including what they have accepted or declined.
With these new additions, our platform is taking a step further to make privacy management more customizable and user-friendly, aligning with your brand's unique needs and providing a more personalized experience for your audience.
Do Not Sell or Share My Data Update & Limit the Use of My Sensitive Personal Information
In alignment with the latest changes in California and other jurisdictions, we have updated our options when it comes to Do Not Sell or Share and added a new option for Sensitive Personal Information. This includes two new Privacy Setting Consent Types: "Do Not Sell or Share My Personal Information" and "Limit the Use of My Sensitive Personal Information". When the Do Not Sell or Share consent option is enabled, it will be considered “accepted” upon submitting a standard Do Not Sell or Share compliance request via our request forms or checking the Do Not Sell or Share compliance checkbox on the consent banner. Both types can also be adjusted by your users by toggling the corresponding compliance switch on the consent settings tab of the privacy center. In adherence with the latest laws, Do Not Sell or Share will also automatically disable Marketing consent.
Global Privacy Control (GPC)
We now support the Global Privacy Control option, which is required in California. If GPC is detected, we will automatically check the "Do Not Sell or Share" option on the consent banner, notify users that their GPC signal has been honored, and set the Do Not Sell or Share consent type to accepted. The user can later choose to adjust that setting if desired.
Ability to Set Light / Dark Mode in the Admin UI
Admin UI users now have to option to change their settings to allow for light or dark mode. Changing the website screen between light and dark mode can provide a more comfortable viewing experience for users. Additionally, some users may find that switching to dark mode can help reduce eye strain and improve their overall experience. The new enhancement to the Admin UI allows users to choose their preferred mode, providing greater customization and control over their Concord experience.
Other Fixes & Improvements
- Enhancement to the Admin UI to allow users to switch between light and dark mode.
- Enhancement that allows an organization to further customize form and button text on the Privacy Request forms with in the Privacy Center.
- Fix to correct errors which impacted how data was being reported in the Concord Daily Summary Report email.
- Fixed an issue that impacted the ability to export key metrics data to CSV.
- Fixed an issue that caused organizations to be reported as "undefined" in the Compliance Request Summary email.
- Enhancement to add show/hide feature to the API Keys section in the Admin UI.Fixed an issue that caused a limited number of attributes to appear when configuring a data system.
- Changed user permission functionality for the Admin UI to exclude "viewer" permission type.Added functionality to better handle and report on organization status (suspended, disabled, closed).