Implemented CCPA Compliance for a Japanese Conglomerate on its Loyalty Platform

Our team implemented a unified framework for data governance to help one of our marquee clients comply with the California Consumer Privacy Act (CCPA) to better manage their website users’ personal information.

The Client

Our client is a Japanese conglomerate subsidiary and manages a unified loyalty platform for many of the conglomerate’s US and global businesses.

The Challenge

The client owns a robust loyalty management platform for customers to redeem reward points earned from their purchase of products using the company’s co-branded cards. The website has over 6 million customers, many from California.

California Consumer Privacy Act (CCPA) requires all California consumers to be informed of how their data is being captured, used, and shared. Our client urgently needed to make sure that the rewards website complied with CCPA.

Our client chose OneTrust’s tool to implement CCPA. While OneTrust’s tool is relatively straightforward to implement, ensuring that all website technologies abide by the options selected by the user via the tool is not easy. The website uses multiple technologies like Salesforce Commerce Cloud, Adobe Launch, Adobe Experience Manager, Adobe Analytics, Google Tag Manager, and other third-party tracking software. Each technology has its own set of cookies for personalization. Customizing and harmonizing the cookies and making sure each technology's cookie supports the necessary level of privacy selected via OneTrust’s tool made the project challenging. We had to manually scan many cookies to create a comprehensive list of all cookies.

Share this Document

Adobe

B2C

Retail

Application Development

Data Governance

Data Privacy

Salesforce

Related Resources

Empowering Learners with Enhanced Course Discovery and Engagement through ContentHubGPT

Reflecting Excellence: How an Auto Mirror Leader Revved Up Product Descriptions with ContentHubGPT

Reduce Product Time to Market to Just Two Hours with Salsify PXM and ContentHubGPT

The Solution

We used our framework to create an inventory of all cookies across the various technologies and then applied data governance to implement geolocation-based cookie banners to capture user consent. Our framework categorizes cookies so that their behavior can easily be modified for future requirements.

Our team implemented a unified framework in four steps.

Step One. We ran then analyzed OneTrust’s website cookie scan report and detected discrepancies. We then manually scanned the pages to gather the missing cookies.

Step Two. We analyzed the existing cookie functionality and OneTrust’s categories (Strictly Necessary, Functional, Performance and Marketing) and went through a process of recategorizing some cookies with guidance from the customer’s legal team. In parallel, we verified and fixed the impact of any recategorization of cookies on the site’s functionality. Also, we placed the unknown cookies (discovered in the earlier step) in appropriate categories.

Step Three. We created a new rule in Adobe Launch to integrate the OneTrust’s tool with Salesforce Commerce Cloud. This was necessary to track user interactions on the website through OneTrust Reports and Adobe Analytics. This enforced a fully serviceable OneTrust console with a dashboard, updated geolocation rules, templates, and banners.

Adobe Launch rules and server-side scripts were also updated for each cookie category to permit or block the creation of cookies based on the user’s consent request.

Step Four. We created two geolocation-based cookie banners—an opt-out banner for California residents letting them pick their cookie preferences for specific categories, and an opt-in banner for the rest of the world. These cookie banners appear when a user visits the website the first time, to notify them about the website's personal information tracking practice.

Business Impact

The client’s website is now CCPA-complaint.

The client leveraged our framework to comply with state guidelines and ensure that customer’s data and personal information is managed with the user’s consent.

The client is empowered to create and configure cookies to meet future requirements.

Technologies Used

OneTrust: Modular solutions for Privacy, Security, Governance, and ComplianceSalesforce Commerce Cloud: Cloud-based service that provides a personalized omnichannel shopping experienceAdobe Launch: A next-generation tag management system that unifies the client-side marketing ecosystemAdobe Experience Manager: Cloud-based platform that provides a personalized customer experience across multiple digital media channelsAdobe Analytics: Tool that provides reporting and visualization analysis of website visitor behavior

Related Capabilities

Optimize Business Operations by Eliminating Inefficiencies and Redundancies with High-Quality Apps

Develop advanced applications mapped to your strategic goals utilizing modernize architectures such as microservices that can seamlessly leverage cloud capabilities. We can help you migrate your applications to a modernized technology platform, while keeping costs in control.