What Marketers Should Know About the California Consumer Privacy Act

On January 1st, 2020 the California Consumer Privacy Act (CCPA) went into effect. This law, which protects the collection, storage, resale and brokering of California residents’ data, also gives residents increased control over how their data is used.

Considering the global impact of GDPR, this begs the question: How long until data privacy laws impact the way my company collects and uses customer data in my state?

While we can’t predict the future, we can provide context around CCPA compliance, its penalties and how organizations can be proactive with data privacy laws and regulations that haven’t been passed yet.

Continue reading to learn:

  • Why the California Consumer Privacy Act (CCPA) matters for marketers, regardless of your company’s location
  • The penalties a company in California can face for violating CCPA
  • Recommendations that organizations can implement to make CCPA compliance easier and best practices to stay proactive to data privacy regulations

Why the CCPA Matters

As a marketer, if your company isn’t located in California and doesn’t offer products and services to Californian residents, you may feel like this legislation won’t personally impact you or your organization. However, considering the global impact of GDPR and the fact California is home to tech giants Google, Facebook, Apple and more – demonstrates that data privacy regulations aren’t some passing fad to be dismissed.

The ability for consumers to be able to choose whether to opt-out of data collection and the ability to request the deletion of certain information also prevents intrusive and unethical marketing. Consequently, this creates additional considerations that companies must make to remain CCPA compliant and other states may consider similar measures when drafting data privacy legislation.

Scrutiny over how data is collected and used is a global concern that is only growing more relevant as consumers become savvier and more discerning about what apps to download or businesses to support. Now that California passed CCPA to address this mounting concern, it’s only a matter of time until other states follow its lead. This brings with it both promising and potentially problematic consequences.

Currently, the federal government has not passed any sweeping legislation to address data privacy and has instead left it to individual states to mandate. That means theoretically, if all 50 states were to pass laws with varying regulatory measures, companies like Google, Facebook, Apple etc. would have to be in compliance with the unique requirements of each individual state.

Cliff Karklin, Director of Analytics & Optimization at Linkmedia 360 further elaborates on the growing complexities and implications of this development:

“The fact of the matter is that the amount of data collected about users on the web has been constantly and rapidly expanding over the past few years, and everything from your digital analytics to your website form data collection includes data components that fall under the reach of the CCPA if it applies to you. These privacy regulations are only expanding, and it’s best to be prepared for your business and your website to meet the needs of those regulations.

There’s currently a lack of clarity around how exactly infractions against these regulations are going to be handled.  But it’s far more prudent to have an understanding of whether or not these regulations apply to you, rather than assuming they don’t and hoping not to find yourself at the end of a series of fines.  Realistically, the best way to be 100% certain is to reach out to a law firm that specializes in data privacy law to get the answers.”

Companies Affected by the CCPA and Resulting Penalties

The CCPA impacts companies that fall under the following criteria:

  • An annual gross of $25 million or greater
  • Possess personal, sensitive data of 50,000 consumers, households, devices or more
  • Companies that earn more than half of its revenue from selling personal information

Since many companies could potentially fall under that umbrella, there’s still uncertainty regarding which companies could potentially fall under one or more categories while remaining exempt due to other circumstances not currently outlined in the law.

Though that may be the case, the penalties for non-compliance are quite clear. Companies that fail to comply will face a fine up to $7,500 per incident. Since the fines compound based on the number of violations, this can quickly escalate into exorbitant amounts. That said, companies that fail to comply with the CCPA have a 30-day grace period to correct each violation.

Best Practices and Recommendations to be Proactive About Consumer Data Privacy

Linkmedia 360’s Recommendation: Our team’s primary recommendation for any organization that could be impacted by the CCPA is to seek legal counsel with a law firm that specializes in data privacy law. Having a law firm or lawyer on retainer with expertise in data privacy will keep your organization adaptive to any regulation changes as it occurs. With so much up in the air regarding the CCPA, having legal advice when needed will protect against unnecessary fines and lawsuits that could stem from breaching a customer’s inherent privacy. That said, once this safeguard is in place, a digital marketing agency or internal marketing team can implement and execute on any items that are needed to be CCPA compliant.

In light of the growing relevance of data privacy, companies should take a proactive stance to prevent headaches down the line. To stay ahead of inevitable legislation and to maintain consumer trust, look to implement the following measures:

  • Regularly perform data cleansing to ensure the information in your company’s database is the accurate and up to date
  • Only keep essential customer data and purge the rest from databases and servers
  • Have a transparent and honest privacy policy that indicates how consumer data and information is used
  • Notify via popup or other notification to disclose when cookies or tracking is used on your website
  • Develop a contingency plan or team to address concerns and answer questions in the event of a disgruntled site visitor or customer

By following the best practices above, your company will have foreseeable preventative measures in place. Additionally, putting these best practices into action in advance will keep your organization accountable to its customers while making future compliance that much easier.

Wrapping Things Up

Companies and marketing teams alike may feel like its ability to engage with customers is limited by data privacy laws or regulations. If your team feels that way currently, perhaps an excerpt from Marketing Land will provide some light at the end of the tunnel with an optimistic (if not profitable) takeaway that can be learned from GDPR:

“Studies in Europe have shown that adherence to GDPR privacy rules has not hurt firms doing business in the EU. In fact, it appears to have had the opposite impact – helping them outperform their non-compliant peers. By extension there could be a similar benefit for CCPA-compliant companies in the U.S.”

By being consumer-centric and transparent in terms of data privacy, companies will only stand to earn trust from customers. We will continue to provide updates as changes and amendments to CCPA and other pieces of legislation are rolled out. In the meantime, if you or your team has a question regarding CCPA compliance or wants to put safeguards in place to improve how it collects, stores and sells customer data, contact our team. We’ll be happy to advise your company and will provide customized best practices to help it transition into today’s data privacy reality.

Read About:

  • Senior Living
  • Self Storage
  • Addiction Rehab
  • Trade Shows
  • General