The California Consumer Privacy Act (CCPA) holds significant implications for marketers. Even though the law applies only to California, it will impact companies nationwide. Businesses will follow the stricter California law across all states rather than apply different state rules. As the most populous state and home to technology giants like Google and Facebook, California holds outsized influence. The law may inspire other states to pass similar legislation.
More Power for Consumers
In summary, the CCPA grants consumers the power to:
- request what personal data organizations have collected about them, why it was collected and what categories of third parties have received it,
- ask companies to delete their information, and
- tell companies not to sell their personal data.
Although the law doesn’t go into effect until 2020, organizations are already pondering how to comply with its extensive requirements. Experts expect the state to modify the law over the coming year and urge businesses to stay abreast of changing requirements. “While the CCPA is in many ways a game-changer in the U.S., it is fair to anticipate that it will evolve some before the implementation date,” says Justine Young Gottshall, a partner at InfoLawGroup LLP.
The law is part of a general trend toward greater consumer privacy and data security that includes the European Union’s General Data Protection Regulation (GDPR) and Canada’s anti-spam law. While the California law reflects parts of the GDPR, it only touches on email and does not mention permissions at all. However, the state legislature is considering another bill that would strengthen state anti-spam laws and implement opt-in requirements similar to international anti-spam laws, says Chad S. White, research director at email marketing platform Litmus.
Recommendations for Marketers & Businesses
Reconsider buying third-party data. The CCPA gives consumers the right to know “the categories of sources from which the personal information is collected.” Customers will eventually learn if your company purchases third-party data following a CCPA request. If your company would be uncomfortable explaining that to customers, then you might want to halt the practice.
Re-evaluate the data fields on your forms. To minimize third-party data, collect more data from customers directly via website forms – even though longer forms may increase abandonment rates. Is there information that you now obtain from third-parties that you could obtain directly from customers?
Gather only what you need. Only collect data that you have a clear immediate use for. Additional data increases liability. Limit that liability by being selective about what data you save, particularly personally identifiable information (PII).
Create a mechanism that can delete a consumer’s information when requested. Both CCPA and the GDPR say consumers have the right to be forgotten and can request data your company has on them be deleted. Business can retain certain data for legal, compliance, and business reasons.
Don’t sell customer information. If you sell user information to other companies, the CCPA requires you to keep a record of all sales for 12 months and provide a “clear and conspicuous” link and button on your website with the call-to-action “Do Not Sell My Personal Information.” That will raise privacy and security concerns among customers. Your company can avoid the need for such a button by not selling customer information.
Bottom Line: California’s new online privacy act impacts companies nationwide. Legal and digital marketing experts urge organizations to start studying how to comply with the new law.
William J. Comcowich founded and served as CEO of CyberAlert LLC, the predecessor of Glean.info. He is currently serving as Interim CEO and member of the Board of Directors. Glean.info provides customized media monitoring, measurement and analytics solutions across all types of traditional and social media.