While companies operating in or selling to California citizens are preparing for the California Consumer Protection Act (CCPA) a few key areas should be re-examined by marketers. First, taking a step back it is important to understand if your company will be required to meet the standards that CCPA requires.
Which include the following:
- Businesses with annual gross revenues of at least $25 million
- Data brokers and other businesses that buy, receive, sell, or share the personal information of 50,000 or more consumers, households, or devices
- A business that gets the majority of its annual revenue from selling consumers’ personal information.
With these mandates in place, it is easy to show that the vast majority of businesses will need to prepare for CCPA. While several legal teams, companies, and consultants have used fear tactics to drive change, which is fair and reasonable. It is also important for companies and specifically for marketers to think about what they change to meet the CCPA requirements. In a recent Litmus article found here they walk through a few key steps at we at RIVN have found valuable:
- Reconsider whether you want to use third-party data. The CCPA gives consumers the right to know “the categories of sources from which the personal information is collected.” If your company is buying third-party data beyond what is publicly available about your customers or prospects, it will eventually come to light via a CCPA request. If your company would be uncomfortable explaining that to customers, then you might want to halt the practice.
- Reevaluate the data fields on your forms and profiles. The CCPA is part of a clear shift toward data transparency that spurs businesses to make greater use of data that is collected directly from their customers. Is there information that you’re currently getting via third-parties that you could ask customers and prospects for directly? Longer forms increase abandonment rates, but smart progressive profiling at the right moments can maximize completion rates.
- Only collect data that you have a clear immediate use for. Data is power, but it’s also increasingly a liability. Limit that liability by being selective about what data you save, particularly when it comes to personally identifiable information (PII).
- Create a mechanism that can delete a consumer’s information, when requested. Both CCPA and the GDPR stipulate that consumers have the right to be forgotten and request that any data your company has on them be deleted. There are some caveats on what data a business can retain for legal, compliance, and business reasons, but a mechanism must exist to quickly delete all other information about a consumer.
- Don’t sell information about your customers or users. If you’re going to sell user information to other companies, the CCPA requires you to keep a record of all sales for 12 months and provide a “clear and conspicuous” link on your website with the call-to-action “Do Not Sell My Personal Information” so people can opt-out of that practice. Selling the data of children 16-years-old and younger has even more requirements. Such a button and other permission requests would surely raise privacy and security concerns for would-be customers. Your company can avoid the need for such a button by not selling customer information.
From this article point, #4 is where RIVN is here to help companies get ready for CPPA. For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet to business need and be ready for what is next.
To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com
To learn more about regulations mentioned above please see the following links below: