Most of the time, email marketing is rainbows and stars, right? You get to tap into your creative side – map buyer journeys, create messaging strategies, build valuable content, and more. Yet, every so often, the dark clouds of compliance move in, casting a shadow over your rainbow. Most recently, the The California Consumer Privacy Act (CCPA) was passed as a response to the increased use of personal data by businesses and the related privacy implications. Though the CCPA went into effect January 1, 2020, there was a 6-month grace period — meaning this can now be enforced.
…Ummm starting to panic, we’re not prepared… just how do we clear these threatening storms and get back to our rainbows?! Let’s dig into the basics of the law, how to maintain compliance with it and what this may mean for you.
Who does this apply to?
The CCPA applies to for-profit companies that do business in California and meet at least one of the following criteria:
- Have annual gross revenues greater than $25 million;
- Possess the personal information of at least 50,000 California residents, households, or devices; or
- Earn 50% or more of their annual revenue selling California residents’ personal information
Not sure if this is you? It’s a good idea to play it safe and run it by your legal team.
Why take the gamble?
This law most likely impacts to your business. Even if it doesn’t currently, you could end up qualifying for one of the criterion quicker than you realize! To add to this, if you have any kind of online presence, it’s hard to guarantee you won’t end up with some California residents in your database. Further more (I know, are you convinced yet?), there’s an industry shift happening around protecting customer data. Even proactively, it’s likely your customer expectations will change and a similar law will hit home very soon – similar bills in other states are in the works. Better safe than sorry.
Penalties of non-compliance: Fines are between $2,500 and $7,500 – per violation. These fines can climb pretty quickly! If the violation is resolved within 30 days of notice, there may be no liability.
What is it?
In short, this law secures privacy rights for California consumers. It is not the same thing as GDPR, but if you meet GDPR guidelines you’re that much closer in making sure that you are CCPA-compliant.
Simply put, a few of the main consumer rights included in this act include:
- The right to know what personal information a business has collected, how it’s being stored, and how it’s being used.
- The right to opt-out of a business selling their information.
- The right to deletion of the personal information the business has collected.
- The right to non-discrimination when exercising CCPA rights.
Businesses should be prepared to adhere to the above rights.
First things first, you need to understand your data, and document that understanding. As a start, ask these questions:
- How does data enter our database?
- Where does our data live (likely, multiple systems)?
- What data do we collect?
- What do we do with this data? Who sees it? What workflows do they run with it?
The next step is to work with your legal team. They’ll be able to interpret how the act affects your company and what actions need to be taken to comply. At a high-level these steps will likely include:
- Setting expectations of data usage
- Documenting processes in handling CCPA requests (that meet all of the law standards)
- Creating workflow to honor the rights outlined above
These are just a few of the actions you may need to take. Like with GDPR, you’ll need to ensure that all your systems compile with these workflows. If a customer wants to request their data be deleted, where does this request go and who will process it? When they process it, which systems react?
Is there a “pot of gold” at the end of compliance?
It’s quite easy to get discouraged here not only because the initial compliance setup will take work and cooperation across teams, but we also know that this will likely impact our marketing efforts. For example, you may see an increase in opt-outs, leaving your emailable database smaller. Or through the process you may decide to collect fewer data points, leaving some gaps in segmentation you previous employed.
That said, indulge in the fact that you’re making your prospects and customers more comfortable. By taking the necessary steps, you provide peace of mind around personal data. Ultimately, by growing trust, you’re also showing customer love.
Also, we may not have a pot of gold for you, but we do have a bunch of funny content about GDPR collected from around the interwebs here: “GDPR is a Funny Four-Letter Word“
Meet Kim Para Allen
Kim Allen likes tapping into right- and left-brains equally; and marketing automation serves perfectly in exercising both the creative and the analytical! With 7+ years in the marketing automation space, she’s very thorough in strategy, troubleshooting, and tailoring systems to support business needs and goals. Kim is a past member of the Marketo Champion group and is now part of the Marketo Champion Alumni group. Located in Jacksonville, Florida, Kim enjoys spending as much time as possible in the sunshine. You can usually find her sailing, reading, cheering on her Georgia Tech Yellow Jackets and Jacksonville Jaguars, traveling, or exploring with her husband and their two dogs.