MarketAxis

On Jan 1 2020, the California Consumer Privacy Act (CCPA) will come into force. As a marketer, what do you need to know and what changes do you need to implement in order to comply with this Act? How will you still get the benefits of customer data analysis and deliver personalized experiences?

CCPA grants California residents comprehensive privacy rights and may impact you even if your company is not located in California.

CCPA is an important new legislation created to protect personal data of consumers and make businesses disclose how they collect, use and share such data. This Act will apply to American or international companies that do business in California or sell to Californians.

What do you need to know as a marketer? Start by understanding whether CCPA is applicable to your organization. The law affects companies that have gross revenues of over $25 million, or have data on more than 50,000 consumers, or earn over 50% of their revenue by selling consumer data. So if your business falls into any of these categories it is very important for you to comply with CCPA requirements before the deadline. 

CCPA Grants California Consumers New Rights

California residents will have five new rights with respect to their personal information once CCPA comes into force. 

1. The right to know a company’s data collection practices, the categories of personal information collected, the source of the information, how it is used and to whom it is disclosed. 
2. The right to receive a copy of the specific personal information collected about them during the 12 months before their request. 
3. The right to have such information deleted.
4. The right to know whether a company sells data and to request that their personal information not be sold to third parties. 
5. The right not to be discriminated against because they exercised these rights, or opted out of allowing the use of their data

As a marketer, the law requires that you put a mechanism in place to provide disclosures about personal information that you have collected, sold or disclosed in the last 12 months. You need to provide California residents with disclosure, access and opt-out rights for their own data. You will also need to provide transparency about the categories of personal information that you are collecting and the purpose of collecting information of each category. If you sell personal information you must have a link on your website where consumers can opt-out of such a sale and this link must be prominently displayed.  

The Cost of Non-Compliance

Similar to the general data protection regulation (GDPR) implemented in Europe, CCPA has provisions for hefty punitive fines in cases of non-compliance. Violations can attract fines up to $7,500 per record of data. Consumers can also bring class-action suits if they believe that their complaints have not been addressed after serving notice to the company. 

The CCPA also prevents any form of discrimination against consumers who have exercised their right to prevent their personal data from being used or sold. They cannot be denied goods or services or charged higher than others. 

How Marketers Can Prepare for CCPA

• The privacy policy on your website will need to be changed in order to comply with CCPA. You will need to display the rights of Californians,  the process available for consumers seeking details of personal information that you collect, or requesting their data to be erased, or opting out of the sale of that data.  
• Create a plan to prepare for compliance in consultation with your colleagues from legal, IT and information security departments. Consider the change management challenges, the systems and technologies required and the training that teams will need in order to comply with the new Act.
• Understand how the Act defines personal information and review how you are collecting and processing such information. Personal information includes anything that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household. This list as defined by CCPA is fairly long. 
• You will need to review all marketing campaigns such as digital advertising, emails and landing pages to ensure that the method followed to capture and store consumer data complies with the law.  
• Create a process for individuals to ask for details about their data with you or request you to delete it. 
• If you collect data about children you have to be even more careful.  Express consent or parental consent may be required. So do check the provisions of the act in this regard.

Marketers are already grappling with provisions of GDPR when doing business in Europe and now need to get equipped to comply with CCPA for California residents. We can expect more markets to roll out stringent consumer data privacy regulations. Marketers will need to work with information technology systems to manage compliance with these different laws and still get the benefit of consumer analytics from data.