The California Consumer Privacy Act (CCPA) is coming — get compliant

Nearly 40 million people live in the state of California. Californians make up 12 percent of the population of the entire US. In fact, California’s economy is worth $2.7 trillion. That makes it the fifth-largest economy in the world — right after Germany and before the United Kingdom. 

Okay, that’s interesting and all, by why exactly, are we telling you all these fun California facts?

Because they illustrate that, like it or not, there’s almost no US (and maybe even international!) business that can guarantee it doesn’t — or won’t — collect data from a Californian consumer. And that’s going to matter big time when the California Consumer Privacy Act goes into full effect in 2020. 

So keep reading for a quick primer on everything you must know about this new law and what you can do right now to ensure your business — no matter where it’s located — is prepared to stay compliant without any scary fines or costly disruptions.

Everything you need to know: The California Consumer Privacy Act

Expected to go into effect January 1, 2020, the California Consumer Privacy Act (CCPA) was created with much the same goal as the EU’s famous General Data Protection Regulation (GDPR) — to update the way businesses collect information about private (and, in this case, California-based) citizens in the internet age.

In short, the CCPA empowers Californian consumers with the right to:

• Know what pieces personal data a business has collected
• Know if their personal information is being sold or disclosed — and to whom
• Know with whom their personal information is being shared
• Deny the sharing of their information
• Access their personal information
• Receive the same pricing and service across the board — whether they’ve exercised any of these privacy rights or not
  

Who will the CCPA affect when it comes to businesses? Legal, for-profit entities that operate in California and collect consumers’ personal information will be responsible for complying to the CCPA if they meet any of these stipulations:

• Have an annual gross revenue that totals $25 million or higher
• Buy, receive, sell, or share consumer data from 50,000 or more consumers, households, or devices
• Make the majority of their annual revenue from selling personal data

And what if these businesses aren’t all queued up to comply by January 2020? Well, then California citizens — as well as the state itself — will be entitled to sue any company that violates their rights under the law. Aside from the associated legal fees, businesses could suffer $7,500 fines for each violation that hasn’t been addressed after just 30 days.

However, legal action, fines, and even a poor reputation aren’t the only reasons marketers and businesses alike can’t afford to ignore the CCPA. 

Why you should care: The CCPA is just the tip of the iceberg of new data legislation

Today, nearly every enterprise marketing team uses consumer data to create personalized digital experiences, develop smarter analytics, inform segmentation, produce effective email marketing campaigns, and do tons of other awesome things that ultimately fuel the growth and success of their organizations. 

So it’s pretty safe to say that the CCPA is going to have a huge impact on marketing teams and businesses as a whole if they aren’t compliant by the time 2020 rolls around. 

In addition to it being a major challenge of reimagining years or even decades of marketing methods, the CCPA is also a sign of more changes to come.

Data-driven organizations, websites, and marketers everywhere must sit up and take note — governments are taking action when it comes to safeguarding their constituents’ online information. California wasn’t the first to crack down and it certainly won’t be the last. 

Businesses that want to mitigate risk, minimize disruption, and get ahead in the post-anything-goes digital age need to tighten up their practices when it comes to gathering and storing consumer information — and quickly! 

Let’s hop right in to one innovative compliance solution that goes straight to the heart of your business’ digital experience.

How to get compliant with the CCPA: It all starts with your content management system

Content is the life blood of the digital experience that your business relies upon to attract leads, educate consumers, and generate revenue — and your content management system (CMS) is the heart that keeps it all going.

That’s why I recommend starting your campaign for CCPA compliance with your CMS and letting your entire tech stack follow suit. 

With these key features, your CMS will help prepare your marketing team and your company as a whole for the CCPA as well as whatever other privacy regulations come your way.

Automated consent management and validation

What has come to be known as bundled (or single) consent will not be enough under the CCPA. Your CMS should be able to display unique consent forms for each instance in which you plan to gather personal information.

In addition, it would save you a ton of time and headache if your CMS could also automatically recognize when consent still needs to be collected as soon as a consumer lands in a new data-gathering situation.

As for validation, look for a CMS that can be configured to automatically send a secondary opt-in via email. A commitment to thorough validation will go a long way toward keeping your business on the right side of the law. 

Easily-accessed and adjustable consumer profiles and consent records

The CCPA doesn’t leave a lot of leeway when it comes to responding to violation claims — businesses have just 30 days before a $7,500 fine can be levied. Because of this threat, it’s key that your CMS be fully capable of integrating with customer relationship management (CRM) software where consumer data is both safe and accessible.

That way, should a consumer request to access, remove, or even port over their personal information that you have on file, you’ll be able to make quick work of tracking down and sharing that info — complete with a history of their consents.

A rigorous “right to be forgotten” workflow

A consumer’s “right to be forgotten” means they can request that you remove their personal data from your system — no matter how many different places that data may exist. 

Because of this, you’ll want your CMS to be constantly tracking where all the pertinent data associated with a single user lives so that you can find and remove it during the allotted time frame. 

And for good measure, you can also integrate alerts that inform third parties with whom you’ve shared this specific information so they can choose how to comply with the “right to be forgotten” request. 

Thorough permissions settings

Since privacy and security are kind of the overarching goal when we talk about consumer data under the CCPA, we think it’s pretty key that your CMS has permission controls that keep thorough track of exactly who within your business is able to access your customers’ personal information. 

Overall adaptable and extensible architecture

At the end of the day, there are countless ways to go about complying with the CCPA and other data privacy laws on the horizon. So, perhaps the most important CMS feature of all is a flexible, customizable architecture. 

Learn more: Keep your business flexible as the CCPA and other data privacy laws continue to develop

Whether you’re researching how to get ready for the CCPA, catching up with GDPR, or just setting yourself up for success in the changing future of digital data privacy regulation (smart!); building your consumer experience on a flexible foundation is sure to be one of the best ways to stay legal, fine-free, and on-track no matter what comes your way.