Master Data Management

 View Only

Consent Management for CCPA in IBM InfoSphere Master Data Management

By Mohammad Khatibi posted Thu June 06, 2019 10:34 AM

Product:Infosphere Master Data Management
The Consent Management in IBM InfoSphere MDM provides you the capability to centrally capture and manage consent as required by various data protection and privacy requirements, such as California Consumer Privacy Act (CCPA).

CCPA offers certain protections and rights to California residents, in regards to collection, sales, disclosure and access of their personal data. It applies to the businesses, doing business in California, satisfying at least one of these criteria:

  • Annual gross revenues in excess of $25 million
  • Holding the personal information of 50,000 or more consumers, households, devices
  • At least half of their annual revenue from selling consumers' personal information 

Managing and maintaining consent data centrally in InfoSphere MDM can enable any consent enforcement processes in your enterprise to consistently and confidently handle your customer data, as mandated by various data protection regulations, hence removes the risk of accidental violations.
The consent management services in InfoSphere MDM allow you to capture and manage all opt-in or opt-out consents along with:

  • Processing purposes (e.g. selling of personal data), in accordance to one or more data protection regulations (e.g. CCPA)
  • Processing activities (e.g. sale or not sale) on portions of your customer data (e.g. email), even with specified provisions (e.g. to be used for one month, etc.), and in relation to the other entities (e.g. various companies, various product categories, etc)

On scenarios when the consents are collected by filling questionnaires, all answers by a customer, may be captured and maintained in InfoSphere MDM.
For increased flexibility, both consent giver and consent owner may either exist in InfoSphere MDM as legitimate parties (or records), or are maintained in an external system. 


The data model below shows how CCPA can be represented in the data model. The green tiles represent the configuration of the processing purpose "selling of personal data". The purpose is defined for CCPA as privacy regulation and includes the activity of transferring data to a third party.

Once a processing purpose is configured MDM can store consent for the purpose. In its simplest form, the consent stores if a certain person consents (agree), or does not consent (disagree). 
Interested to know more? Here’s the knowledge center link for additional information
Note: None of the statements contained herein constitutes legal advice - it is process advice only. 

About authors
Lars Bremer
IBM InfoSphere MDM Development

Mohammad Khatibi
IBM InfoSphere MDM Development