What you’ll discover:
What types of customer data are protected under the CCPA?
What more should I do to ensure CCPA compliance?
What more should I know about California consumers’ rights?
The California Consumer Protection Act (CCPA) takes effect on January 1, 2020, and the California Attorney General begins enforcing it on July 1. The measure has been billed as California’s response to the General Data Protection Regulation (GDPR), the European Union’s data privacy regulation. The CCPA only applies to companies who satisfy at least one of the following requirements:
The company makes more than $25 million in yearly gross sales; the company owns the personal information of 50,000 or more individuals, households, or devices; and the company derives more than half of its annual income from selling customers’ personal information.
CCPA infractions may result in penalties of up to $2,500 for inadvertent offenses and $7,500 for willful offences.
Table of Contents
What types of customer data are protected under the CCPA?
The CCPA defines personal data broadly as “information that identifies, refers to, characterizes, is capable of being connected with, or might be fairly linked, directly or indirectly, with a specific consumer or household.” Using this definition, determine whether of your company’s gathered data belongs under this category. If your organization utilizes third-party data, be sure to identify the sources and be ready to respond to any CCPA queries. Regardless of its third-party source, your firm is liable for this data as if it had gathered it.
As a marketer, you should consider if all of the data you are gathering is required and determine what information is sensitive. Next, consider removing irrelevant data and encrypting what is sensitive.
What more should I do to ensure CCPA compliance?
If you work as a marketer or advertiser for a firm that fits into one of the aforementioned categories, here are some measures you may take to prepare for the change:
Understand where the data is kept so that it is easily accessible when a consumer makes a verified request.
Examine and arrange marketing list data by source (internal or third-party)
Update your company’s privacy policy and distribute it to your marketing list to alert CA residents of their new privacy rights.
Rethink your data gathering strategy and only acquire the information you need. The less unneeded data you gather, the more likely you are to comply with the CCPA.
What more should I know about California consumers’ rights?
The CCPA contains various guarantees of rights:
Companies must warn customers at or before the point of data collection about the types of personal information that will be collected and why.
Consumers may obtain data collection information and records for the 12-month period before the date of request.
Consumers may choose not to have their personal information sold. They can also request that their information be removed.
Instead of seeing CCPA compliance as a burden that must be overcome, your organization may embrace the new rule to completely rethink its data gathering approach. Rather of functioning under the traditional mindset of “collect as much data as possible,” consider why you are gathering the data and how to acquire it meaningfully. This allows you to provide greater openness to your clients, which is typically seen positively.