Persona provides you with GDPR and CCPA compliance right out of the box. It all starts with Accounts. Accounts is a new feature that enables organizations to view the entire history of how you've interacted with an individual over time. By providing a reference id, you can automatically link many different inquiries to the same individual. Now, it’s straightforward to compare information collected in an Inquiry against what's already known about that individual user. In summary, we are providing a holistic way to understand an individual. We are moving toward verifying "who an individual is" and away from "what we learned about an individual this time."
With Accounts, you have a log of interactions with an individual and a record of all the individuals who have signed up for your service. This unlocks three main use cases:
- Reverification of an individual who is already using your service
- Ability to run continuous reports over time
- Safe PII and information storage
What’s the deal with PII and compliance?
Under the California Consumer Privacy Act (CCPA), all individuals have the right to access the personal data that is held about them by any company. Additionally, consumers can request for organizations to delete their personal data and restrict how it is used. For the business owner, CCPA guidelines require businesses to maintain a data inventory to track data processing history.
If you already are an administrator of your Persona account, you won’t have to worry because we handle all of this for you and make it very easy for you to administer any kind of data aggregation for your users with Accounts.
Decrease liability by keeping your user’s data safe with Persona
When you use Persona for your identity verification, you can focus on what you do best and leave the PII up to us, knowing that we have it stored securely for you. Not having PII in your system means you don’t carry the liability of any potential breaches or leaked customer data, yet you have easy and reliable access to it whenever you need via Persona. Persona has all of the highest security standards, so you can know that your data is safe with us. We basically offer you GDPR and CCPA compliance right out of the box.
Accounts support your CCPA Compliance
Accounts let us mirror users on your systems with the accounts on our system, which makes it easy for you to map the information that you need to find. In the event that an individual requests their PII, it will be easy to retrieve it from Persona because all information about that user will be stored under that user’s Account. Because Persona processes and stores individuals' PII on your behalf, you will have to request this data from Persona if you wish to have access to it exported.
How can I retrieve this data from an Account?
- In the Accounts section of your dashboard, you can search for the Account you need via reference ID or name and see all the information that has been collected for that Account.
- You can also use the API to get the information you need from Persona whenever you need to.
- If you’d like to export the information for whatever reason, please reach out to us.
What is stored on the account?
How can I use tags to stay organized?
Tags let you organize your Accounts via custom values that can be associated with an Account. Tags let you model any information specific to your system inside Persona, which can give more context if you need to go back and look through the data. For example, you can create a tag called “frozen” to communicate that the individual may be frozen in your system. This could be useful to let an analyst know the state of an Account when working through Account recovery. There are many more ways you can use tags to organize information about your users — get as creative as suits you!
Retention policies, scheduled redaction, and archival of PII
If you have compliance or legal requirements for how long you can keep PII, you can set up automated PII removal on the cadence of your choosing. When an Account is redacted, all PII collected up until that point on that Account will also be redacted. The Account still exists and can be used to collect new information. When an Account is archived, it is effectively deleted from our system and can no longer be used. In both cases, all associated Inquiries, Reports, and Documents are also redacted (though the opposite is not true — redacting an inquiry will not affect the Account).
If you are interested in scheduled redaction or archival of PII on your system, please reach out to your representative at Persona to set up or email firstname.lastname@example.org.