You are here:
Consent Management for CM
Find out more about consent management for CM.
- Consent Management for Your Product
Learn about consent management for Case Management. Various data protection and privacy laws, such as the GDPR, impose requirements around obtaining, maintaining, and withdrawing consent and otherwise honoring certain preferences of individuals in the processing of their personal information. We provide examples, considerations, and tips to help you determine ways to comply with constituent preferences around contact with, or from, your organizations.
Consent Management for Your Product
Learn about consent management for Case Management. Various data protection and privacy laws, such as the GDPR, impose requirements around obtaining, maintaining, and withdrawing consent and otherwise honoring certain preferences of individuals in the processing of their personal information. We provide examples, considerations, and tips to help you determine ways to comply with constituent preferences around contact with, or from, your organizations.
When managing consent and certain other data privacy preferences, you may consider using Salesforce’s new Individual object. The Individual object is neither pre-enabled in your system nor pre-configured to work with Salesforce.org applications, but you can enable and implement it using Salesforce customization tools. Whether and how best to utilize the Individual object for your organization is up to you. Salesforce.org will continue to evaluate the Individual object and how we may support it in future releases of our applications.
We offer the following examples of common requests and considerations to help you plan how best to honor constituent consent-related requests. These are only suggestions for your review, and not guaranteed steps for ensuring compliance with any legal rule.
Keep in mind that addressing constituent requests, including those provided for under the GDPR, can be challenging. A one-size-fits-all strategy may not always work, and you may need to adjust your approach when balancing organizational needs and legal obligations. For example, if exporting personal data to satisfy a GDPR data portability request may violate someone else’s rights, you might consider narrowing the fields in scope rather than exporting all data. If deleting personal data to satisfy a GDPR erasure request may conflict with other requirements around record preservation, you might consider anonymizing certain fields rather than wholesale deletion.
-
No results are displayed if the predictive metrics fields are not populated.
-
If the Don't Profile field is checked, then a yellow warning icon and a Don't Profile badge are displayed on the Predictive Metrics header when predictive metrics are loaded. The Don't Profile field is located on the individual record that the Contact is associated with and it ensures that the user's data is not used for future modeling.
As always, there are pros and cons to each approach, including legal and business impacts and risks, and you are responsible for your own compliance obligations in your use of the Salesforce Services and Salesforce.org applications. You should work with your advisors, including legal counsel, to determine whether you are covered under a legal requirement, and come up with a compliance plan that’s best for your organization.
Salesforce resources:
- Store Customers’ Data Privacy Preferences
- Consent Management: Track Customer Consent
- Enable Tracking and Storage of Certain Data Privacy Preferences
- Best Practices for Tracking Data Privacy
- Consent Management for Marketing Cloud
- Consent Management for Pardot
| Common Constituent Request | Actions to Consider | Things to Consider |
|---|---|---|
| Some of your clients don’t want to receive calls, emails, or postal mail from your organization. | You may consider deleting information in these Contact fields:
For Contacts, consider these NPSP options:
|
|
| Some of your constituents don’t want to hear from your organization unless they specifically opt in. | For Contacts, consider using these NPSP options:
Consider deleting phone numbers, email addresses, and mailing addresses, unless your constituents give you consent to use them. Refrain from sending marketing materials. Consider removing data from Salesforce standard Email and Phone fields. |
|
| A volunteer has requested that you do not store her email address and phone number. | Manage Contacts | Consider deleting data in any fields that store her email address and phone number. PMM, included with the Case Management app, also includes the standard Salesforce email and phone fields and objects:
If you’ve created other records or activities related to this volunteer, consider removing her email address and phone number from those records, and from Salesforce standard Email and Phone fields. |
| A child is the recipient of services and the parent needs to give consent. | Case Management does not include data structures that specify how to obtain and track caregiver consent on behalf of minors in their care. You may consider customizing Case Management but should weigh all the options with a legal advisor. | |
| A legal guardian of a child in your organization's programs does not want the child's email address recorded. | Consider deleting data in any fields that store the child's email address and phone number. PMM also includes these custom email and phone fields and objects:
If you’ve created other records or activities related to the child, consider removing the child's email address and phone number from those records, and from Salesforce standard Email and Phone fields. |
