As the new decade is upon us, we think a hot button issue that will most certainly carry forward to the 2020’s will be consumer privacy. Efforts to put personal data back into the hands of consumers kicked off this past year with Europe’s GDPR law. On January 1, 2020, the first similar legislation will take effect in the U.S. with the launch of the California Consumer Privacy Act (CCPA). While the rules and actions of the CCPA may be slightly different than GDPR (see the differences in this infographic we created), the intention is the same – to give consumers more control over their personal data, how it is being used and who it is being shared with or sold to.
What to know about CCPA
The goal of the CCPA is to allow consumers to understand what personal data is being collected about them, how that data is being stored and how businesses plan to use it. The CCPA will allow consumers to opt-out of having their data sold or shared with third parties, and will also allow consumers to request their personal information be deleted from databases altogether.
The CCPA is an opt-out rule, which has been the norm for privacy laws in the U.S. to-date. This means that data can be shared unless the consumer explicitly requests to be withheld from sharing. The new component of the CCPA, however, is the inclusion of an explicit opt-in to collect data for consumers under the age of 16, and a parental consent required to collect data on minors under the age of 13.
The new law also states that any consumer choosing to exercise their rights by requesting an opt-out or deletion cannot be discriminated against, or lose access to preferential pricing or benefits.
It is widely acknowledged that the CCPA will not be the last law in the U.S. to come about in regards to consumer data privacy. Several other states are looking into similar legislation, as well as discussion taking place on the federal level. To prepare for what is to come, here are some items to consider when it comes to your company’s data practices:
Develop opt-out and opt-in processes for data collection, if you don’t already have them.
Make sure your digital marketing programs follow all CCPA standards to avoid costly fines, up to $7,500 for individual infractions.
Audit your third party contact lists and remove California residents from them. Be sure to document this process, as other states may also require this in the future.
While these new privacy regulations have been under discussion for a while, the tide is starting to turn toward activation of new policies. It will be costly to implement new technology standards in order to remain compliant with CCPA rules. Privacy regulations are not going away, and businesses should be prepared to put forth the dollars to update their processes and policies to ensure compliance. The fines for both CCPA and GDPR non-compliance can add up and are nothing to scoff at.
Questions about how the CCPA may impact your company’s marketing programs and data? Ask the data marketing experts at B2E, we’d love to review your current program and make best practice recommendations for how to keep your data collection compliant in the next decade.