.png){kind=logo}
Appeals from Consumers
Under most U.S. state privacy laws, consumers have the right to appeal a business’s denial of all or part of their privacy request. Like Requests to Correct, appeals can cover a wide variety of situations, so the response workflow is a little more open-ended.
While appeals are relatively uncommon, here are a few scenarios in which a consumer might submit one:
- Original request denied because no records found for that consumer. The consumer might insist that they have purchased products from you in the past, so there should be a record in your system.
- Request to Correct denied because there was no action to be taken. If you received a request and determined that nothing needed to be corrected, the consumer may appeal that decision.
- Request to Delete denied in part because exceptions applied. A consumer might question the validity of an exception that your business relies on to retain some data after receiving a Request to Delete.
How Should You Respond to an Appeal?
There is no one-size-fits-all solution, but the general idea is to review any information the consumer provided as part of their appeal and then take a second, closer look at their original privacy request. It can be helpful to reach out to other team members to get a different perspective.
If you determine that their appeal has merit, take appropriate action to fulfill their original privacy request (e.g., delete their data as requested). Then inform the consumer of the result.
If you determine their appeal does not have merit, you must inform the consumer of the reasons for denying their appeal.