The California Consumer Privacy Act (CCPA) is the first major regulatory salvo in the U.S. aiming to restore data power to the consumer. For digital marketers, preparation for CCPA should be pursued with an eye toward further legislation. Brands that make conscious decision to adopt airtight data collection practices now will benefit from relative stability as others scramble to keep pace with ever-changing requirement.
For the past decade, legislation has failed to keep pace with data’s growing role in marketing and commerce, allowing brands to plot optimal strategies with little regard for the consumer’s rights, privacy and security. In many cases, this has led to unsavory and even unsafe practices, with exploitative methods and data breaches threatening to permanently damage public trust in advertisers and companies.
Passed last year and going into effect Jan. 1, 2020, CCPA ensures three basic rights for consumers: the right to request the data which has been collected about them by companies; the right to opt out of the resale of their data; and the right to request the deletion of their data.
While the regulation is limited to the data of Californians, its implications and applications are not confined to the state border and, moreover, is undoubtedly a harbinger of far more to come.
So far, six other states have also introduced new privacy legislation, and there are numerous other bills being debated at the federal level. Indeed, it seems the new regulations surrounding data collection over the next decade promise to be as unpredictable as the lack of regulation in the preceding decade.
What’s on the Line with CCPA
The new rights guaranteed to consumers by CCPA will require brands to make several critical and concrete changes to their data practices:
Brands must ensure that their data storage is mapped out and organized. Consumers are empowered to request the data which has been collected by companies. Proper organization will allow companies to respond promptly to requests for information and help to avoid penalties. Each consumer is entitled to request their data twice per year at no cost, and the company is obligated to inform the consumer what data has been collected, how it was collected, and who else has received the data.
You May Also Enjoy:
- CCPA is Coming: Are You Ready?
- GDPR One Year In: How Are Marketers Doing?
- Declining Consumer Confidence and Privacy Regs Concern Marketers
Compliance requires brands to inform consumers upfront about their rights. Brands must also state the categories of data which they are collecting, which categories of data are being sold on to third parties, and how the brand will use the data. Each company must ensure that these rights are stated clearly at the outset of the brand-client relationship.
Brands must create a mechanism by which customers can request the deletion of their data. Additionally, when a customer demands that their data be deleted, all third parties must also delete the relevant data in addition to the original collector. This detail requires brands to remain in close communication with any third party which has purchased their customer data.
Failure to adequately prepare for and adapt to these regulations could be costly. Though each individual unintentional violation incurs a mere $2,500 fine (triple if deemed an intentional violation), the major risk to a company is the possibility of a class-action lawsuit. In the event of a major data breach, thousands of California residents could exercise their rights at once, bringing about catastrophic financial consequences to a company who is not in compliance.
Building Trust Instead of Fear
These new requirements imposed by CCPA may strike marketers as draconian. However, brands should instead view compliance as a necessary and positive first step toward building a longer term, more trusting relationship with consumers. The upcoming CCPA inflection point provides a perfect opportunity to prepare in this regard for the rest of the regulatory storm to come, rather than dwelling on its impending restrictions.
Today, consumer trust is at a dangerously low point, and consumers desperately wish companies like Facebook could be more trustworthy with their personal data. CCPA should propel marketers to clean up their data collection practices and reestablish trust with their customers. Building direct relationships with consumers and relying more first-party data willingly provided by the customer in a trusted relationship, rather than third-party data, creates a longer term, more productive and positive relationship. By using CCPA as jumping off point and a fresh start for the customer-brand data exchange, companies can make an immediate positive impact on their public perception—and on their marketing ROI.
After years of data collection free from oversight, CCPA will inevitably lead to growing pains and frustration. However, marketers must take this opportunity seriously: thoughtful, methodical preparation for the arrival of CCPA will not only pay off in 2020, but will also produce benefits for the next decade of new policies and legislation.