Case Study
FTI Technology Enables Large Manufacturer to Remedy California Privacy Protection Agency Enforcement Action
A large, global manufacturing company was subject to an enforcement action from the California Privacy Protection Office, arising from violations in its consumer website opt-out and data privacy practices. FTI Technology has nurtured a yearslong relationship with the company to provide data privacy assessment, operational privacy work, seconded privacy professionals and help the client navigate numerous complex privacy compliance matters. So, when the company needed to conduct a wide-ranging assessment and overhaul of its website functionality and use of digital advertising trackers to bring the company into compliance with the CCPA requirements, it turned to FTI Technology’s experts.
Situation
California, amongst many other U.S. states, is taking a strong enforcement position under recently enacted data privacy regulations, including the California Consumer Privacy Act among others. These require that organizations uphold specific data privacy rights and choices of their consumers; and they require clear links, the ability to accept Global Privacy Control signals (automated do not sell signals) and symmetry of choice when opting in or out of sale and share of consumer data. Further, they require contracts with third parties that extend those rights to partner organizations. In this case, the manufacturing company was like many others and had implemented technology to support these requirements, but was not configured correctly to bring them into compliance.
In a settlement with the CPPA, the company engaged FTI Technology to support resolving the issues and bringing its consent and adtech practices into compliance across more than 60 unique authenticated and unauthenticated websites. The client had a firm deadline or face significant business impacts including shutting down its websites.
Our Role
A team of FTI Technology’s data privacy and adtech experts conducted extensive technical and process assessments across the organization’s domains to identify gaps. This included aligning stakeholders across functions within the company by facilitating structured working sessions with more than 20 business units, including legal, privacy, IT and marketing, and 18 external agency partners to map the current landscape, diagnose issues and define a clear path to compliant solutions.
Once the assessments were complete, the team provided:
- Marketing technology ecosystem modernization. Reconfigured, developed, tested and deployed key components of the client’s digital marketing technology stack — including tag management, consent and preference management platforms and supporting web services — ensuring these systems operated cohesively with the client’s customer data platform. The team created an all-encompassing content delivery network to provide consistent execution of consent, suppression and cross-domain persistence across agency related and owned domains in compliance with the California order.
- Infrastructure integration. Merged and enhanced marketing technology components to better support consumer lifecycle operations, including the development of new web services that seamlessly integrated with backend systems.
- Ongoing compliance assurance. Conducted recurring website audits and third party technology scans to identify tracking technologies requiring remediation and to validate continued compliance with regulatory expectations.
- Technical remediation and rebuild. Provided backend and infrastructure changes to correct issues, built code and web functionality for “do not sell” requests and implemented and configured a consent management platform to bring all the sites into compliance on time.
Our Impact
FTI Technology’s work ensured that the client met aggressive regulatory deadlines and established systems to maintain compliance. The team continues to provide ongoing support and technical fixes and will support the client in ongoing adtech audits.
Additional results to date include:
- Avoidance of massive fines, penalties and future lawsuits.
- Adaptive, compliant ready environment to handle future change in laws and business operations.
- Training and education of internal stakeholders to operationalize the process.