B2B Marketing and the California Consumer Privacy Act (CCPA)
From CAN-SPAM to GDPR, B2B marketers are no strangers to privacy and data regulations. As technology evolves, so do consumer expectations regarding how and when they can be contacted by brands, as well as what those brands can or cannot do with their information.
Following up to the 2018 European Union’s GDPR Act, California has adopted legislation called the California Consumer Privacy Act, or CCPA, around the storage and use of residents data. The core basis for this legislation is to protect consumer privacy and ensure visibility.
What do B2B marketers need to know?
Since the law goes into effect on January 1, 2020, you should familiarize yourself with the essential requirements and make sure your business is prepared. The good news is that if you’re already GDPR-compliant, you won’t have much to do. Additionally, CCPA only applies to businesses of a certain nature or size. Below are the key facts on what CCPA covers.
Who is Impacted?
Only businesses that earn $50,000,000 a year in revenue, sell 100,000 consumer records each year, or derive 50% of their annual revenues by selling personal information are covered by CCPA. All eligible businesses (based on the previous 3 criteria) must comply if they collect or sell Californians’ personal information, whether they are in California, a different state or even a different country.
What New Rights Do Consumers Have?
- Data disclosure: The right to request all information your business collected about that consumer, including the categories of personal information collected and how it was used. The right to request a copy of the information collected during the 12 months before the request.
- Data selling: The right to request all information about a consumer that your business sold to a third-party, including the identity of the party.
- Data deletion: The right to have such information deleted (with exceptions)
- Data security: The right to request that their personal information not be sold to third parties, if applicable
- Non-Discrimination: The right not to be discriminated against because they exercised any of the new rights.
What Do You Need to Do?
If your company is covered by CCPA, you need to take a few steps to ensure compliance:
- Update your privacy policy: The law requires that your privacy policy (i) identifies the categories of personally identifiable information it collects and the categories of third parties with whom it shares such information, (ii) describes how a site visitor can access and change information previously submitted, (iii) describes how the operator notifies consumers of changes to the privacy policy, (iv) identifies the effective date of the policy, (v) describes how the operator responds to do-not-track signals from a user’s browser and (vi) discloses whether it permits third parties to collect information about site visitors online activities over time and across other websites.
- Put your privacy policy online: most business websites already have this covered, but if your policy isn’t online be sure to get it up there! Consumer visibility is a core part of CCPA.
- Identify internal owners: it’s a good idea to designate a few people within your organization who are responsible for handling any GDPR or CCPA-related consumer requests. You should also have a documented process for tracking and storing this information, so that your company has proof of how requests were handled if there is ever any issue.
- Review with legal: while we’re well-versed on CCPA, we’re no replacement for your legal counsel. If you think your business is covered by the legislation, you should consult your lawyer to make sure you’re completely ready and compliant.
Glossary of CCPA Terms:
- Personally identifiable information: any individually identifiable information about a consumer including:
- Name
- Social security number
- Physical or email address
- Telephone number
- Any other identifier that permits physical or online contact of the specific individual, and any other information about a user in personally identifiable form in combination with an identifier described above.
- Any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
- Consumer: any California resident
Need help with compliance? At GGC, we have people who not only know how to spell CCPA, but can help you implement in a way that both protects your business, as well as ensure you’re not implementing the regulations in ways that hobble your marketing efforts.