The new law, which goes into effect on January 1, 2020, gives consumers the right to see and control how companies use their personal information. Under the CCPA, consumers will be able to request information from companies about how they’re using their personal info, request that their information be deleted, and opt out of the sale of information to third parties.
If a business doesn’t comply, they face fines from the state — but more ominously, consumers will be able to sue businesses for damages.
Note: The CCPA regulates cybersecurity as well as privacy, requiring businesses to put in place “reasonable security procedures and practices” to protect consumer data. For the purposes of this post, we’re going to focus on the privacy portion of the legislation.
Who’s really affected by the California Consumer Privacy Act?
While the requirements under the CCPA might seem relatively severe, lawmakers took steps to reduce the burden on SMBs that may not have the resources to comply.
To be subject to CCPA regulations, a company must be for-profit, must do business in California (more on that in a moment), and must meet any of the following criteria:
What does it mean to "do business" in California?
Salted Stone is a proud California-based business (hello from sunny Monrovia!), but you don’t have to be based in Cali to be affected by CCPA regulations. If you sell goods or services to even one California resident, that’s considered doing business in California. Experts estimate that more than 500,000 U.S. businesses will be affected.
But my business doesn’t make $25 million a year…
Does that mean that you can just forget about the CCPA? Not if you want to maintain your customers’ trust.
It stinks that we have to make this distinction, but unlike some laws, the CCPA was actually supported by voters. A recent poll of likely 2020 voters in California revealed a whopping 90% of them want companies to do more to protect their personal information.
What does CCPA mean for marketers?
Even if your company doesn’t meet the CCPA criteria, you should consider taking steps to increase data privacy.
That might give some marketers pause. After all, for the past half-decade marketers have been in the business of data collection, using that data to improve lead scoring, automation, and personalization.
But marketers are also in the business of trust, and relationships, and giving consumers what they want. And it’s clear that (in California anyway), consumers want more data privacy. They want to be able to tell companies to stop selling their data without their permission.
How can businesses increase privacy protections?
Soapboxing aside, there was a reason for the revenue test in the CCPA: implementing a full-scale data privacy program is difficult and expensive (but if that’s what you need to do, a company like Salted Stone can help).
However, you don’t need to spend all that much to improve privacy for your leads and customers. Here are some smaller initiatives you can implement more-or-less immediately:
TL;DR
The California Consumer Privacy Act might not apply to your business, but that doesn’t mean you can ignore it’s requirements. 90% of California voters want more data privacy — it’s on marketers’ to give it to them, whether the law requires it or not.