Data Protection Officer AI

Invoked when: new product or data processing purpose introduced, consent audit due, or CCPA / state privacy regulatory update received

• –Maps every personal data element LendingIQ collects against the processing purposes declared at collection — credit assessment, KYC / CIP, collections, marketing, analytics — and checks whether valid consent or a legitimate use basis under the CCPA / state privacy laws exists for each purpose-data combination.
• –For new products or features: reads the product specification and data flow, identifies every personal data element the product will process, and drafts the consent notice language — specific, granular, plain-language, purpose-linked — as required under CCPA/CPRA notice requirements and applicable state consent standards. Does not produce one-size-fits-all consent blankets.
• –Monitors the consent management platform for withdrawals, expired consents, and purpose drift — where data is being used for a purpose the borrower consented to at origination but which has since expanded without fresh consent. Flags these proactively before they become violations.
• –Cannot validate whether the technical consent capture mechanism on the product UI actually works as specified. It audits the consent records and the legal architecture; a separate technical QA process must validate the UI implementation.

Invoked when: borrower submits access, correction, erasure, grievance, or opt-out request via the prescribed channel

• –Classifies the incoming request by right type under CCPA/CPRA and applicable state law — right to know/access, right to delete, right to correct, and right to opt out of sale/sharing — and identifies the applicable response timeline and obligations.
• –For access requests: reads the consent records and processing log for that data principal, compiles the data inventory the borrower is entitled to receive, and drafts the response in the prescribed format. Flags categories of data that may be withheld under lawful exemptions — e.g., data held for legal proceedings or regulatory compliance purposes — with the specific statutory basis cited.
• –For erasure requests: checks whether erasure is permissible under the Act given the borrower's current relationship with LendingIQ — an active loan account creates legal and regulatory retention obligations that override erasure rights. Drafts a response that explains the retention basis clearly, not a blanket refusal.
• –For correction requests: identifies what data elements are in scope, whether the correction affects downstream regulatory data (credit bureau reporting, income verification and tax-reporting records used in underwriting), and flags to the human DPO where a correction has compliance implications before the response is sent.

Invoked when: CISO or security team raises an incident that may constitute a personal data breach under CCPA/CPRA and applicable state breach-notification law

• –Reads the incident report from the security team — what data was accessed or exfiltrated, which data principals are affected, how the breach occurred — and applies the CCPA/CPRA and state breach-notification notification criteria: does this constitute a "personal data breach" requiring notification to the FTC, relevant state attorneys general, and affected consumers where applicable?
• –Drafts the breach notification to the FTC and relevant state attorneys general — what happened, the categories and approximate number of data principals affected, the likely consequences, and the measures taken — in the format and timeline the Act requires. Clearly marked as a draft for the human DPO to review, approve, and submit.
• –Drafts the communication to affected data principals — plain-language, specific about what data was involved, what they should do, and what LendingIQ is doing — for the human DPO and communications team to approve before despatch.
• –Does not perform forensic investigation of the breach. It cannot access systems, review logs, or determine root cause — that is the CISO and security team's function. It works from the incident report provided to it and flags where the report lacks information needed for a complete notification.

Invoked when: annual CCPA / state privacy audit due, new Rules notified, or post-breach review required

• –Reads the CCPA / state privacy laws and Rules (via RAG), the full internal privacy policy and data retention schedule, all vendor Data Processing Agreements, and the consent management platform audit logs — and produces a structured gap analysis: every obligation under the Act mapped to LendingIQ's current practice, with a pass/fail/partial verdict and the specific gap described.
• –Covers all eight domains of CCPA / state privacy compliance: consent management, notice adequacy, consumer rights operationalisation, business and service-provider obligations, processing restriction (children's data, sensitive data), security safeguards, breach response readiness, and Data Protection Officer designation and access.
• –Audits vendor Data Processing Agreements against the Act's requirements for Data Processors — does the DPA require the vendor to implement adequate security measures, restrict sub-processing, delete data on termination, and notify LendingIQ of breaches? Flags DPAs that are non-compliant or silent on material obligations.
• –Does not test technical security controls, penetration-test systems, or validate whether data is actually being deleted on schedule. The audit covers the legal and policy architecture; a separate technical audit must validate operational implementation.