With the implementation of the California Consumer Protection Act (CCPA) on January 1, 2020, businesses need to start taking practical measures to prepare for the ever-evolving industry practices. To help you get ready, we’ve broken down four actions that your business can take now to ensure that you are prepared for the CCPA!

What Is CCPA?

As most of you might already know, when the CCPA comes into effect, American consumers will be able to demand that eligible companies disclose what personal data it collects about them. Companies, such as Google and Facebook, will also have to do more to tell customers upfront about what data they collect. Additionally, American consumers can demand that a company delete all their data, as well as forbid them from sharing their data with a third party.

Calendar showing Jan 01 CCPA effect date

4 Actions To Take Now

  1. Determine Whether The CCPA Applies To Your Business

Before you start overhauling your forms, policies, and practices, first find out if the new CCPA law applies to your business. There are three factors to consider when looking at whether the CCPA applies to your business or not. Consult your legal team, if you believe your company falls under any of the following:

  • The CCPA applies to companies with a gross annual revenue greater than $25 million.
  • The CCPA is a state law, which means it only applies to businesses that do business in California, out-of-state merchants that trade within California, and company websites that are displayed in California.
  • The CCPA applies to businesses that buy, receive, and/or sell the personal information of 50,000 or more consumers.
  • The CCPA applies to businesses that derive 50% or more of their annual revenue from selling personal information.

If you’ve determined you’re company will comply with CCPA, the next steps are for you:

  1. Revise Your Online Privacy Policy

If you haven’t already done so, now is the time to revise your business’s online privacy policy with the CCPA in mind. Be aware that you likely will have to make additional updates to your privacy policy in April or May 2020 to address any new requirements that the Attorney General may feel necessary. 

There are some interesting template generators online – such as this one at Termsfeed.com that you might consider using to speed the legal review process within your organization. We are marketers, not attorneys, so please consult your legal team for all legal guidance.

  1. Let Your Customers Know What Personal Data Is Being Collected

The CCPA requires companies to not only include customer protection details in their privacy policy but also to give customers the option of not allowing a business to sell their information. When complying with the CCPA law and being transparent, you should ensure that your business has the proper notices and mechanisms in place when collecting and sharing personal information of your customers. The easiest way to do this is through a company’s website. This can be done by having notices indicating data is being collected and a way for customers to opt-out of data reselling on your website. It is essential that Californian residents easily understand what personal information is being collected, and, after that, how it will be used.

  1. Employ Someone To Tackle Data Protection

The CCPA is a layered law and needs an ongoing dedicated person whose sole focus is dealing with data protection. The CCPA is a matter that involves many departments (legal, IT, engineering, marketing, etc.) and having someone to overlook the organization and implementation of this process benefits companies overall. Even though this is not compulsory according to the law, it is advised as the process of data management and protection is a massive responsibility and can include the following tasks and more:

  • designing and managing a data collection program
  • auditing, developing and revising data security policies and practices
  • updating websites
  • monitoring the evolving, relevant data security legal landscape

Some companies choose a belts and suspenders approach to privacy laws and electively comply. Whether you are required to comply or choose to take extra measures to protect your customers’ data, we hope this overview has helped.

Elevated Internet Marketing has worked with clients in highly regulated spaces for several years. If you would like to discuss your marketing strategy or obtain a free assessment contact us. We’d love to learn more about your specific goals and needs.