How can we help?

CCPA: what you need to know

Overview

As a marketer and a consumer, you’re likely no stranger to the increase in consumer privacy regulations when it comes to data processing, ownership, and communication. General Data Protection Regulation (GDPR) set a global standard for privacy regulations in May 2018, and in January 2020, California became the first state to enforce statewide data privacy laws with the California Consumer Privacy Act (CCPA).

The CCPA establishes new consumer privacy rights and expands liability for consumer data breaches. In other words, it gives Californians the right to hold businesses accountable for disclosing and storing information collected about them, as well as the right to pursue legal action if their data is breached. Both GDPR and CCPA empower consumers to maintain all rights and privileges to their data and require companies to adhere to all related protocols for data management. If your company is GDPR-compliant, that means you’ve probably done some of the legwork for CCPA compliance—but we strongly recommend that you review and ensure compliance with CCPA specific regulations.

Note: Cordial will always try to redirect, forward, or defer CCPA related compliance requests to the client to handle appropriately.

The CCPA grants new rights to California consumers

  • The right to know what personal information is being collected, used, shared, or sold, both as to the categories and specific pieces of information;
  • The right to delete personal information held by businesses and by extension, a business’s service provider;
  • The right to opt-out of the sale of personal information;
  • The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

The CCPA applies to certain businesses

The regulation applies to any for-profit entity doing business in California that collects and controls the processing of a consumer’s personal information (“controllers”) and also satisfies ANY one of the following thresholds:

  • Exceeds $25 million gross revenue annually;
  • Handles the personal information of 50,000 or more California consumers, households, or devices annually, or;
  • Derives more than 50% of annual revenue from selling consumers’ personal information.

What you’ll need to do to comply with CCPA

As a US company, you will most likely need to update your privacy policies to comply with the CCPA. Here are some key recommendations for CCPA compliance:

  • Decide whether your company will create a separate privacy notice for Californian consumers, or if you’d like to create a universal practice.
  • Review what personal information your company collects, how it’s used, and any policies or procedures used in collecting the information.
  • Understand whether the information is sold to or shared with third parties and the purpose of sharing.
  • Establish policies and procedures for when customers request access to, deletion from, or information related to the sale or disclosure of their information, including digital solutions to process these requests and internal training.
  • Review contracts with service providers that use or store any personal information provided by your business, and ensure those providers are also CCPA compliant.
  • Update your company’s privacy policies internally and on your website.

For more information about CCPA compliance, check out the official Californians for Consumer Privacy website and CENTRL’s CCPA Organizational Readiness Checklist.

How Cordial can help

Data security and privacy have always been top priorities for Cordial. As we did with GDPR, we’re working to provide our clients with tools that enable them to comply with CCPA.

Data access and portability

We've built a Download Contact Profile data job that will package all of the data related to a specific contact into a single file. You could already meet this CCPA requirement using existing platform functionality, but this new feature minimizes the effort, as it combines all related data collections into a single package by using API or through the platform UI.

Right to be forgotten

We've significantly enhanced the delete contact functionality. Deleting a contact will also remove all custom properties from the contact’s activities (events) collection in Cordial’s database, in addition to removing the contact record itself. We’ve also added support for advanced scenarios where contact records can be stripped of personal data and/or anonymized without destroying the entire contact record.

Security policy control

For more granular control of the security policies related to tracking events, you can explicitly dictate which contact attributes can be updated via Cordial’s JavaScript listener.

We welcome any questions about how you can stay compliant with CCPA on Cordial. If you have any questions, please feel free to contact your Client Success Manager.

Sources: CCPA Fact Sheet; CCPA Organizational Readiness Checklist

Comments

0 comments

Please sign in to leave a comment.