What You Need to Know About the California Consumer Privacy Act
A keystone of ethical marketing is transparency. Let consumers know what you are doing and why you are doing it. That is the essence of the California Consumer Privacy Act of 2020 (CCPA). There are several benefits to complying with the CCPA – even if the law doesn’t apply to your company. It can improve business processes and increase the effectiveness of your email marketing campaigns. We know; that’s a bold statement. Let’s learn how this seemingly cumbersome new law can actually help your business.
What is the CCPA?
The California Consumer Privacy Act (CCPA) was implemented on January 1, 2020. The law, known as AB-375, was introduced by California State Assemblyman Ed Chau and California State Senate Majority Leader Robert Hertzberg. It takes data privacy protection to the next level. CCPA requires companies doing business in California to clearly state the type of data they collect and what they use it for. It’s no longer sufficient to state how you safeguard personal data. Your company is now required to implement specific processes to increase data collection transparency. Moreover, you must also give California residents the ability to opt out of having their personal information collected in the first place.
Eyes and Ears
The CCPA defines personal data beyond what your target audience will see or hear from you. It includes the psychological profiles some marketing companies create based on your online behavior. The new law also considers olfactory and thermal information collected as part of your personal data profile.
Not for Everyone
If you buy, sell, or share information with at least 50,000 households, devices, or individuals, you must comply with the CCPA. Companies who have annual sales of at least $25 million, or derive more than 50% of their annual revenue from the sale of personal information, also must comply. In fact, if you share branding with a company that meets any of these criteria, you’re on the hook.
California Test Case
California isn’t the only state concerned about consumer privacy. Other states are actively considering similar laws to protect the online privacy of their citizens. Implementing the CCPA guidelines in California will allow you to create a test case and work out the kinks in implementation. Microsoft – a company worth emulating – is going national with their privacy program. If the privacy laws are ever implemented at the federal level, they will just need to tweak their existing processes to meet compliance.
Wish You Were Here
The CCPA applies only to California residents. Even if they are living outside the state temporarily, like college students. However, it does not include consumers who are temporarily living in California, again, like college students. You can see where trying to make the distinction is probably a waste of time and resources. One of the reasons Microsoft may have decided to go national.
Know Your Customers’ Rights
The CCPA gives California consumers several rights, including the right to:
- Access their personal information.
- Know what data a company is collecting about them.
- Delete their privacy data.
- Know whether their personal information is sold and to whom it is disclosed.
- Opt-out of the collection or sale of their personal data.
- Receive equal service and price, even when they exercise any of these privacy rights.
Read the Full Text of the CCPA Law
Tell Me What to Do
You’ll need to make changes to your website to meet CCPA compliance. First, a “clear and conspicuous” link must appear on your homepage that says, “Do not sell my personal information.” The link needs to lead to a page dedicated to allowing consumers to opt out of having their personal privacy data sold. You cannot force a consumer to first create an account so they can opt out. The specifics can get complicated; it is worth consulting a lawyer who specializes in the CCPA.
Spell it Out
You Just Have to Tell Them
This is no time to try to get slick with your data collection disclosures. The CCPA requires your company to tell California consumers specifically what kind of personal information you’re collecting. Should you decide to gather more data from these consumers at a later date, you must notify them by email or snail mail. Consumers are limited to requesting their data twice every 12 months.
Get Rid of It
California consumers can request that your company delete the personal information you collected about them. There are several “loopholes” in this requirement. For example, if the personal information is needed to provide products or services that the consumer requests. Or, if the data is needed to protect against fraud.
It Will Cost You
Some say any publicity is good. Not so with violating the privacy rights under the CCPA. In addition to bad press that can hurt your company’s reputation, you’ll pay a fine for skirting the law. The CCPA includes specific noncompliance fines. This should provide your company an incentive to actively review and improve your privacy practices.
Change Is Good
Some businesses who changed their email marketing strategies to comply with a similar law implemented in the European Union (the General Data Protection Regulation or GDPR), did see a drop off in email delivery rates. But their open and click rates greatly increased. When a consumer must opt-in to receive emails from your company, you know their interest rate in your product or service is higher. This should lead to more accurate consumer profiles – and even higher open and click rates. A good marketing company can help you develop CCPA-compliant email campaigns.
Any company – big or small – should see the CCPA as an opportunity to improve their email marketing and increase the quality of the data they sell. Prospects who opt-in are truly interested in your company. It is more likely they will buy your products or services. You may find that the CCPA provides the impetus to improve the way you do business – and attract more customers.
Full transparency and data collection consent is our top priority. Contact Us to learn more about best practices and how our data is permissible and ethically sourced.