Most likely there won’t be much you have to do differently in your day to day operations.
Most companies that are affected by the CCPA should be mostly (if not completely) compliant if they are already following the guidelines set by GDPR.
Even then, the only businesses affected by the CCPA are those that satisfy any of the following criteria:
Gross annual revenue exceeding $25 million
More than 50% of their annual revenue deriving from the sale of consumer’ personal information
Buying, receiving, or selling the personal information of more than 50,000 consumers, households, or devices in California.
If your business meets any of those requirements, you must provide notice to consumers before data collection happens while providing a “do not sell my information” opt-out option for anyone who chooses to.
You’ll also need to have contact information detailed on your website where consumers can contact you and ask questions about their data or request a deletion.
Requests of this type will also have to be processed within 45 days of receiving them, so you might want to consider having additional processes in place to make sure you comply.
It’s not yet clear how California will be enforcing this new law, but there are fines in place for businesses that fall into repeated noncompliance.
Here is what you should do to be CCPA-compliant
Take another look at your privacy policies: Be sure they are compliant with all of CCPA’s required disclosures.
Be open and transparent about the specific purposes for data collection: Users need to be informed when providing personal information, so anything ambiguous is a no-go.
Take a look at how the data you collect is managed and stored: Make sure there are no holes in your data management; look for any potential vulnerabilities.
Treat data requests from customers as urgent: Create processes to handle these requests quickly. Failing to respond within that 45 day period will result in fines — not to mention you’ll start losing trust with your customers.
What about my advertising in California?
Unfortunately, just like with GDPR, this will have an effect not only on businesses in California, but also those who interact with Californian residents.
What this means is that even if the CCPA doesn’t apply to you, you may still need to pay attention to it.
Even companies who do not need to be compliant (i.e. they don’t satisfy any of the requirements outlined above) are seeing their ad performance negatively impacted within California since the law took effect earlier this year.
As of right now, it’s not clear if Facebook will ease its enforcement and let businesses not affected by the CCPA resume business as usual.
Facebook and CCPA
Regardless if businesses need to become compliant or not, it appears that those who are compliant are being rewarded heavily in California on Facebook.
Our main suggestion would be if you are advertising in California and you are not CCPA-compliant, you’d be better off pausing those ads.
It appears that it really doesn’t matter if you are legally obligated to comply with CCPA or not. Facebook is still dinging performance in California.
California is a huge market and many businesses rely on its population to hit their revenue goals.
The current penalties in Facebook are too large to ignore and can affect other areas of your account, so we would still recommend pausing your California-based campaigns or excluding California from your targeting until you are compliant — or until Facebook eases the current enforcement of the laws.
In the meantime, if advertising in California is a large part of your business you should work hard to become compliant as soon as possible. Consult your legal counsel and development team to get these mandates up and running on your site.
For other platforms like Google, LinkedIn, and Microsoft, we aren’t seeing major effects just yet. This will change, however, as California amends and signs new additions to the law in the near future.
We don’t know when any changes will take place, especially now with California COVID-19 cases surging.
The future of data privacy
The CCPA is a sign of things to come. Personal information and privacy are becoming more and more protected, and more states and countries will follow in California’s footsteps.
As business owners it is our duty to our customers to protect their information and treat it properly.
Regardless if the CCPA affects you or not, it will pay off to look at how your data is being managed and stored. Take the steps to protect your customers’ information now, before you are legally obligated to do so.
Here Are Some Related Articles You May Find Interesting