Here’s What You Need to Know About the California Consumer Privacy Act
Data legislation is changing at the speed of light. Just recently, General Data Protection Regulation (GDPR) and Canadian Anti-Spam Law (CASL) have been implemented to ensure stronger privacy protections and greater transparency.
Due to rising consumer data breaches and growing privacy concerns, the State of California has joined those legislating data with the California Consumer Privacy Act (CCPA), which aims to significantly strengthen privacy in the United Stations when it goes into effect on January 1, 2020.
What will this new legislation mean for email marketers? As it currently stands, not a significant amount. CCPA focuses exclusively on data collection and privacy. It mentions little about email specifically (and doesn’t mention permission at all). The core components of CCPA give Californians the right to:
Know what personal information is being collected about them.
Know whether their personal information is sold or disclosed, and to whom.
Access their personal data and information.
Reject the sale of personal information.
Equal service and price, even if they exercise privacy rights.
What companies will be required to honor these rights? Businesses with annual gross revenues of $25 million or more; data brokers and businesses that buy, sell, or share the personal information of 50,000 or more consumers, households, or devices; and businesses that get most of their annual revenue from selling personal information.
So how WILL new legislation affect marketers? CCPA will affect companies outside of the jurisdiction of the law because it’s typically easier complying to the higher standard than to segment your audience differently. Nearly 40 million people live in California, so your brand will likely have no choice but to comply with the consumer privacy act. It should be said that most brands already comply with these laws due to GDPR.
Marketing best practices will help most brands cover their bases when it comes to this legislation. The following best practices for data collection are informed by the consumer privacy act:
If your company would feel uncomfortable explaining the sources from which personal information is collected, you should reconsider whether you want to use third-party data.
Data can be a liability, so only collect data that you have a clear and immediate use for. This is especially important with personally identifiable information and sensitive personal information like legal name, social security number, date of birth, and more.
CCPA and GDPR stipulates that consumers have the right to request any data your company has on them to be deleted, so ensure your business has a mechanism to quickly report and delete consumer information.
Don’t sell information about your customers or users. If you do, keep a record of all sales for 12 months and be sure people can opt-out of that practice.
Though the consumer privacy act has already passed very quickly, email marketers should expect the CCPA to evolve in addressing many questions about loopholes and enforcement ahead of January 1, 2020. Be sure to stay updated about CCPA as the initiation of it could be a standard for national data changes.