The 7 Point CCPA Compliance Checklist for Marketers for 2020

The California Consumer Privacy Act (CCPA) comes into effect on Jan. 1, 2020. How can marketers prepare for CCPA, build privacy and compliance into their data management strategy, and navigate through CCPA regulations while ensuring personalization? We reached out to the experts to get you the best insights and tips.

CCPA is a landmark in consumer data protection law and requires organizations to make substantial changes in policies and processes related to the collection, usage, and sharing of data. Although it’s a State Law it will impact national and international organizations as it applies to all those that do business in California or sell to Californians.

As a marketer, the first thing you need to consider is whether you need to implement CCPA requirements; is the law applicable to your organization?

It is, if—

• Your company has gross revenue of over $25 million
• If you have data on more than 50,000 consumers
• If you earn over 50% of your revenue by selling consumer data
   

Learn More: 88% of Companies Still Lack Data Compliance for CCPA Implementation, Reports EthycaOpens a new window

California Consumers Have New Rights Under CCPA

The CCPA grants California residents five new rights with respect to how their personal information is treated. You need to know these rights and how they impact your business processes.

1. The right to know a company’s data collection practices, the categories of personal information collected, the source of the information, how it is used and to whom it is disclosed. 
2. The right to receive a copy of the specific personal information collected about them during the 12 months before their request. 
3. The right to have such information deleted.
4. The right to know whether a company sells data and to request that their personal information not be sold to third parties. 
5. The right not to be discriminated against because they exercised these rights, or opted out of allowing the use of their data

These consumer rights will have far-reaching impacts on businesses. From Jan. 1, 2020, companies must provide detailed disclosures about the personal information they have collected, sold and disclosed in the last twelve months. They need to have mechanisms in place to provide California residents with disclosure, access, and opt-out rights. Companies have to reveal the categories of personal information being collected and the purposes associated with each category. Businesses that “sell” personal information must have a link on their website, prominently displayed, that allows individuals to opt-out of such a sale.

Organizations are coming to terms with the changes they will need to make, and by all accounts, many are struggling. Research conductedOpens a new window by Sourcepoint Opens a new window found that 15% of digital publishers aren’t aware of the CCPA regulations, and 40% have not yet taken any action towards compliance. It’s urgent and important for all businesses to take action and mitigate potential risks arising from non-compliance.  

Learn More: One Good Reason to Comply with CCPA NowOpens a new window

The 7-Point CCPA Compliance Checklist for Marketers

Let’s review the essential checklist for marketers to manage CCPA compliance.

1. Create a CCPA compliance plan in conjunction with colleagues in legal, information security and IT functions.
   We asked Heidi Bullock, CMO of Tealium, about the best way to do this, and she said, “Marketers will need to adjust some of the people, processes, and technology currently happening to meet the new privacy reality. This should include having a clear person or group in charge of customer data, processes to ensure compliance and quality of data, and a centralized data foundation with something like a Customer Data Platform to simplify managing the flow of data across the tech stack. Without addressing all three areas— people, processes, and technology— it’ll be tough to build privacy regulations into any data management strategy.”
2. You need to update the privacy policy on your website. You now need to display the new rights of California residents. The process for getting the details of personal information collected, as well as requesting an erasure or opting out of the sale of data, need to be clear.
3. Review all marketing channels such as digital advertising, emails and landing pages to ensure that all data collection is CCPA-compliant.
   The list of data considered by the CCPA as ‘sensitive’ is quite long. It includes identifiers such as name, email, telephone, social security number, etc. Along with the details about products or services purchased, biometrics, browsing history, geolocation, audio-visual information, educational details and inferences drawn from available information to create a profile.
4. Create a process to delete an individual’s data if requested. You also need to retain data for a certain length of time as consumers may request past records. 
5. If you buy third-party contact lists, you need to check whether they comply with CCPA requirements. Discuss this with vendors and contractors who collect data on your behalf. You may need to modify contract terms to ensure data security.
6. Communicate with your customers and let them know that you have updated your policies to align with CCPA regulations. 
7. Check how you are handling data about children, the CCPA is particularly stringent in this regard.
    

While you can collect data about adults and provide them an option to ‘opt-out’; for children, data can only be collected if consent is collected on an ‘opt-in’ basis. What this means is that personal information can only be collected from children between the ages of 13 and 16 with express consent, while for children under the age of 12, explicit parental consent is required. 

What’s the Fine for a CCPA Violation?

If regulators notify a company about a violation, the company gets 30 days to comply and if the issue persists, there are provisions for fines up to $7,500 per record. Consumers who believe their privacy rights have been violated can give written notice to the company. If the problem is not resolved within 30 days, and the attorney general declines to prosecute, then consumers can instigate a class-action suit.

The CCPA also prevents businesses from discriminating against consumers who have exercised their right to prevent their personal data from being used or sold. The company cannot deny goods or services or charge them higher than others. 

Learn More: Why GDPR Could Be One of the Best Things to Happen to Marketers and ConsumersOpens a new window

Data Privacy Will be Paramount in 2020 

At a time when data privacy is recognized across the globe as being vitally important, the CCPA regulations offer new relief to consumers in California. As Xavier Becerra, California Attorney General, said, “Americans should not have to give up their privacy to live and thrive in this digital age.”

Iván Markman, Chief Business Officer at Verizon Media, echoes this sentiment from the business side and sums up the way forward for 2020:

A major component of 2020 will be privacy and data regulation as CCPA comes into effect in the New Year. The U.S. is not alone in evaluating its approaches to regulations, and we’ll continue to see inputs from governments around the world. In tandem, the industry itself is evolving to support privacy initiatives and provide consumers with greater transparency and choice when it comes to their data. Implementation, of course, will not come without challenges, but the greater focus will create new opportunities and allow for innovation. It’s important for everyone in the ecosystem to act in a principled way and seek to build trust with consumers. In short, what’s good for consumers is good for us all.

For organizations, CCPA has brought consumer data privacy issues into sharper focus than ever before. In the future, businesses are likely to become more judicious about the data they collect, simply because there are huge responsibilities associated with data. For marketers, CCPA compliance means a new set of challenges and heightened responsibility that requires focus, planning and quick execution of solutions.

What does CCPA mean for your business and your consumers? Do you feel you are well prepared for the new standards in data privacy? Share your perspectives with us on FacebookOpens a new window , LinkedInOpens a new window or TwitterOpens a new window .