Data Privacy Compliance Leads to AGIIS Enhancement

AGIIS Update

Data Privacy Compliance Leads to AGIIS Enhancement

By Chris Crutchfield, AgGateway Member Services

Data privacy has been a growing concern throughout the world in recent years as more information is captured and shared digitally. With those concerns have come new data privacy laws and regulation. Recently the Directory Oversight Committee, which is the committee that oversees AgGateway’s Ag Industry Identification System (AGIIS), explored the question of what impact new regulation – especially a new data privacy law in California – could have on AGIIS subscribers, and whether there are opportunities to enhance AGIIS to help companies maintain compliance. After multiple discovery sessions in 2020, the team proposed a solution to address these concerns, and in January we implemented an AGIIS data privacy enhancement.

AGIIS is a subscriber-maintained database that houses over 5 million entities for the purpose of uniquely identifying an agriculture-related business, location or consumer. Each entity is enumerated with a Global Location Number (GLN), allowing subscribers and their trading partners to conduct business electronically using a common GLN.

While AGIIS (and AgGateway) does not process or store transactional data, data privacy comes into play with the listing of customers in AGIIS subsets. Think of a subset as simply a group of entities in AGIIS for which a subscriber has interest and conducts business. If an AGIIS subscriber is notified by a customer that they no longer want their personal information shared with a third party, the subscriber can remove the entity from their AGIIS subset.

Once an entity is removed from a subscriber subset for data privacy reasons, the entity is flagged for that subscriber only. If the subscriber searches AGIIS for an entity that was removed from their subset due to data privacy, they are notified of this on the AGIIS webpage via a warning message. Functionality is provided to allow subscribers to reinstate the entity, or add it back into their subset, if needed. When this happens, an automated email is sent to AGIIS primary and secondary contacts, notifying them of the reinstatement.

Finally, subscribers that maintain a subset often receive a daily, weekly or monthly update extract. This report provides demographic changes to entities within their subset, allowing them to update their internal systems with these changes. The report includes demographic information for when an entity is added or removed from their subset. The enhancement prevents this information from appearing on the report when the entity is removed for data privacy reasons.

As noted above, one regulation that stirred interest in this AGIIS enhancement is the California Consumer Privacy Act (CCPA) of 2018. This legislation gives California residents new privacy rights that impact how their personal data is collected and shared. One of these is the right to opt-out of the sale of their personal information to a third party. The CCPA defines a sale as, “Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration. This law went into effect on January 1, 2020.

If your organization is working to comply with data privacy rules or regulations and you believe an enhancement such as this can help maintain compliance, contact Member Services. You can also visit our AGIIS Enhancements webpage on the AgGateway website or email us at Member.Services@AgGateway.org.