California Consumer Privacy Act (CCPA) is a set of laws designed to control the collection, storage, and sale of California residents’ data. It is an extensive privacy regulation that gives the inmates of The Golden State the right to know the data companies collect about them. They will also be able to ask companies not to sell the data and even delete it. This law looks quite similar to GDPR that was launched for EU.
Here’s a snippet of the online notice published by Wells Fargo with respect to CCPA.
Who should consider CCPA seriously?
The CCPA covers businesses collecting personal information of California residents in addition to the parameters mentioned below:
- Company has a gross annual revenue more than $25 million.
- The company buys, receives, sells, or shares personal information of 50,000 or more consumers, households or devices.
- It yields 50% or more of its yearly revenue by selling personal information.
Note that a business does not need to have a physical location in California for the CCPA to apply. Even if the business has a location outside California, the law will apply if the company deals with California residents. Any information that can be associated with a particular customer or identifies, relates to, and describes him or her is referred to as personal information.
Implications of CCPA on Marketing
California holds a population of around 40 million people, and it is nearly 12% of the population in U.S. California has an economy of $2.7 trillion which means it would be the fifth largest economy in the world, ahead of the U.K. In other words, California has a huge marketplace that cannot be overlooked. As a result, marketers will be compelled to adhere to CCPA.
That said, here are some of the data collection best practices you should follow to be in line with CCPA.
i. Rethink the usage of third-party data.
The CCPA informs users about the categories of sources that were used to collect the personal information. In case your company buys third-party data other than the publicly available information, CCPA request will get it exposed. To make sure that you are not answerable to your customers, you should stop doing it at once.
ii. Check the data fields on all your lead generation forms and profiles.
The primary objective of introducing CCPA is data transparency so that businesses can make better use of data collected from the customers. Think over it whether you can ask your customers and potential clients directly for the information retrieved from third-party. Prefer using short forms with progressive profiling so that you stand a better chance at getting the required information from the leads.
iii. Collect data only if you need to use it immediately.
Data is the most powerful thing for any business. However, it is the biggest responsibility all the same. Mitigate the responsibility by collecting only the most important data, especially personally identifiable information. (PII)
iv. Have an automated mechanism through which you can remove a customer’s details on request.
To adhere to CCPA, you should understand that your customers hold the right to be forgotten and make a request that any data held in their name should be removed from the database. Some doubt still prevails on the data that you can save for legal, compliance, and business reasons. However, you must have an automated mechanism so that you can instantly delete the customer information.
v. Avoid selling any information about your customers or users.
For companies who sell user information to other companies, CCPA mandates you to maintain a record of every sale for a year and offer a clearly noticeable link on your website with the CTA “Do not sell my personal information”. This will allow people to opt out of that policy. If you sell the information of children aged 16-years-old or younger, the requirements are even stricter. This button can raise privacy and security concerns for potential customers. To avoid any such apprehension, you can just do away with selling customer information.
vi. Get in touch with an attorney.
Contact an attorney and get in touch with your legal team. If you are a retailer, make sure that your vendor contracts are in place and comply with the
vii. Revise the privacy policies.
viii. Bear in mind the implementation costs.
Predictions say that the total cost of compliance with CCPA will be $55 billion. As everyone is struggling to be CCPA compliant, implementation cost will get even higher with fewer professionals. An easy way is to reach out to GDPR experts and harness their experience.
ix. Keep your FAQ section ready.
Have a section with pre-documented answers to questions related to CCPA, that may pop up in the customer’s mind. It is recommended that your marketing department works in sync with the legal team so that the brand voice is maintained.
x. Monitor your social media channels.
Your customers can turn to social media platforms if they feel that their privacy is compromised. Therefore, you should keep an eye on your social media channels so that you can instantly respond to the grievances and modify your policies, if needed.
What if you do not comply with CCPA?
Considering different factors like intentionality, you might be obligated to pay USD 2500 to USD 7500 for every violation. Customers from California can file suit under CCPA if the company fails to maintain the privacy as expected.
Brands can make the most of CCPA by keeping the customers’ information safe and be transparent about their data. It will build your reputation as a credible brand that has the security of their customer data as their priority. Amidst companies that have their reputation tarnished due to security breaches, you will have an upper hand by complying with this new law.