Massive recent data breaches (Facebook, Under Armour, etc.) and the EU's newly implemented GDPR law have sparked an overall trend in regulations on collecting consumer data. Effective January 1st, 2020, the California Consumer Privacy Act will change the way companies that conduct business within California's jurisdiction collect and store consumer data. By now, most companies are already complying with GDPR's regulations, but what efforts need to be done to comply with California's subsequent new law?
California's Consumer Privacy Act will have a major impact on marketing efforts so if you want to stay ahead of the curve, here's what we're talking about...
“The California Consumer Privacy Act empowers you to find out what information businesses are collecting about you, your devices, and your children, and gives you the choice to tell them NO. If a business sells your personal information, they have to tell you what categories of personal information they are selling and then tell you to whom they sold your personal information.“
When trying to find something out, it's best to go straight to the source. Check out the California Consumer Privacy Act (CCPA) where you can learn the backstory of the initiative. Dig deeper to learn how it aims to give consumers' ownership over their personal data and ensures data security by holding businesses responsible for safeguarding consumer information.
“The act applies to most companies with California-based assets or customers. As a threshold matter, the act applies to any “business” that (i) does business in California, (ii) collects California consumers’ “personal information” (which includes persistent identifiers), and (iii) satisfies one or more of the following thresholds: (A) annual gross revenues over $25 million; (B) buys, receives, sells or shares (for commercial purposes) the personal information of 50,000 or more Californian consumers, households or devices; or (C) derives 50 percent or more of its revenues from selling consumers’ personal information.”
Does your company do business within California? Depending on your company's size and data collection efforts, this initiative may directly apply to you. The new law takes effect on January 1st, 2020, so don't stress. You have time to prepare.
Reading a law initiative may sound daunting, but Corporate Counsel has you covered. Check out this great article that translates the raw legal text into a format that doesn't require you to pass the bar exam to understand.
“The law does not prevent companies from collecting people’s information or give people an option to ask a company to stop collecting their information, differentiating it from GDPR”
The European Union's GDPR act came into effect on May 25th of this year, and with it came strict limitations on how a marketer can track consumers who declined receiving cookies. Some are calling the new California law “GDPR Lite”. Read Tim Peterson's article to learn how the new California data privacy act differs from GDPR and what that means for your business.
“California is a marketplace that many brands inside and outside the U.S. just can’t ignore. They will have no choice but to comply with the consumer privacy act. That said, compliance should be relatively easy for brands that are already in compliance with GDPR.”
When evaluating CCPA, most articles take the perspective of the consumer and how the act will protect their data. From a marketer's perspective it may seem like more work, but rest assured, very little has to be changed if you are already complying to GDPR standards.
Within this newly regulated space, there are some general best practices your company can follow to comply with both GDPR and CCPA. For example, only collect data that you have a clear, immediate use for. Companies will be held responsible for the data they save, so do yourself and your company a favor and only highlight the data that you absolutely need. Furthermore, create a system that can delete a consumer's information when requested. Both CCPA and the GDPR stipulate that consumers have the right to be forgotten and to request that any data your company has on them be deleted. Check out this article to learn more best practices for data collection.
“Much of the same data classification, business logic and tracking of consent and preferences developed to comply with the GDPR should carry over to this new California law.”
If video format is more your thing, check out CyberTraining 365's coverage on the new act and how it compares to GDPR. Within this short three minute video, you will learn the two biggest differences when comparing the two laws and how it will affect the way businesses collect information.
“The General Data Protection Regulation (GDPR) has garnered a lot of attention in a time where data protection has become a hot topic. But the GDPR isn’t the only privacy law deserving of attention. In this episode of Digital Detectives, hosts Sharon Nelson and John Simek talk to Scott Pink about the California Consumer Privacy Act, a law that aims to give consumers more control over their privacy and data usage. “
Check out this podcast where they discuss the rights formally recognized by this act, what kind of businesses it applies to, and whether other states are likely to adopt similar legislation.
As long as you're collecting, storing, and using consumer data in a responsible way, your company will fall within both GDPR and CCPA regulations. Check out our Introduction to Lead Generation Guide to learn how to employ website forms to responsibly collect consumer information and more.