Click to learn more about author Rohail Abrahani.
The official authorities implemented the California Consumer Privacy Act (CCPA) on January 1, 2020. Without a doubt, this act is a revelation in terms of consumer data protection that compels companies or organizations to take proactive measures related to the collection, sharing, and usage of consumer data.
As far as the application of the CCPA goes, it applies to all nationals and multinational organizations that work within California or sell their products and services to Californians specifically. Being a marketer, you have to determine whether the CCPA applies to your company or not.
If your organization meets the following criteria, then you will need to abide by the CCPA law as and when required:
- Your company has earned more than $25 million
- Your organization is managing data of more than 50,000 consumers
- Your company makes 50 percent of its revenue by selling customer data
California Consumers’ Rights Under CCPA
Marketers should know that the CCPA provides five new rights to Californians related to the treatment of their personal information. These rights include:
1. Consumers are allowed to know about the company’s data collection policies; they can discover how their data is collected and how it is used and to whom it is disclosed.
2. Consumers can ask organizations to delete their personal information.
3. Customers can ask companies if they sell their data and request them not to sell their data to third parties.
4. Customers can ask companies not to discriminate against them if they used their rights to ask them to refrain from using their data.
5. Customers can receive a copy of the particular personal information collected by organizations for the year prior to requesting them.
If we compare these CCPA rights with other consumer privacy laws like the LGPD, you will find many similarities. The latter also allows Brazilian customers to delete their personal information stored on different organizations’ databases. Likewise, both the CCPA and LGPD laws stop companies from selling their customers’ data without their consent.
Therefore, marketers should keep these regulations in mind before indulging in any consumer data selling activity. Conversely, companies also need to comply with the regulations of the CCPA (California Consumer Privacy Act) properly.
Since January 1, 2020, they have to disclose their personal data collection procedures applied during the last 12 months in writing. In case they have sold consumers’ information to third parties or any other entity, they have to thoroughly disclose such activity with their California customers.
Companies are supposed to implement processes that help California residents exercise their numerous rights, such as access, disclosure, and opt-out rights appropriately. Aside from that, organizations have to inform their consumers about the category of personal information collected and the various objectives related to each category.
Besides, businesses involved in selling their customers’ personal information should provide an exclusive section regarding this specific activity on their websites. Additionally, the section enables customers to opt-out of such a sale.
Many companies are struggling to meet all the requirements of the CCPA. 15 percent of digital publishers do not know about the obligations and implications of this law. Similarly, 40 percent of businesses have not started taking any action towards CCPA compliance, as the research of SourcePoint revealed.
7-Point CCPA Compliance Checklist for Marketers
The checklist below will help marketers gain a better understanding of and comply with CCPA guidelines or at least start heading in the right direction. If they fail to work towards fulfilling these regulations, they might have to pay hefty fines up to $7,500 per record. These points are as follows.
1. Develop a CCPA Compliance Plan
Marketers should create a comprehensive CCPA plan covering all the functions, including legal, information security, etc. According to Heidi Bullock, CMO of Tealium,” Marketers are bound to adjust processes, technology, and people to fulfill all the regulations of the new privacy law.” She continues:
“This whole process should be performed by a group of people, including those in-charge of consumer data. That ensures the smooth and proper functioning of customer data procedures. Otherwise, marketers will find it challenging to add privacy regulations into their Data Management strategies without considering all three areas like people, processes, and technology.”
Marketers should clearly describe the new California residents’ rights on their organizations’ websites. They should also elaborate on their personal data collection practices alongside consumers’ right of erasure or opting out of data sale.
3. Analyze All Marketing Channels
As a marketer, you are responsible for reviewing all the marketing channels like emails, landing pages, and online advertising to ensure that all data collection procedures are in line with CCPA guidelines.
According to the CCPA, data is deemed sensitive if it consists of a name, email, telephone, social security number, browsing information, geo-locations, biometric details, etc. Therefore, marketers should ensure that the collection of this type of data is CCPA-compliant.
4. Develop a Process That Deletes Customer Data Timely
You should delete customers’ information if requested, and you must store the data for a specific time if a customer asks you about the past records.
5. Check If Your Third-Party Vendors Are CCPA-Compliant
It is the primary responsibility of the marketers to confirm whether third-party vendors who collect data on their behalf follow CCPA regulations or not. For that reason, they should update their contact terms to improve customers’ data security.
6. Discuss CCPA Requirements with Your Customers
You should provide awareness about CCPA guidelines to your customers and inform them when you update your policies in conjunction with CCPA regulations.
7. Check How You Control or Manage Children’s Data
At times, marketers overlook this particular point related to the safe and proper handling of children’s data. When you collect data from children between the ages of 13 and 16, ensure you have obtained their consent. If the children belong to the under 12 age group, parental consent is a must.
The California Consumer Privacy Act (CCPA) does offer a realistic opportunity to all those marketers who manage their consumers’ data. In reality, this act gives marketers a fair idea that helps them apply privacy and compliance requirements to their Data Management strategies. Furthermore, they can go through CCPA regulations to protect and control their customers’ data accordingly.