- Request a demo
- United Kingdom
Is there any better way to ring in the new decade than more compliance training? Uh, no! Put away that silly champagne and let’s crack open a big ol’ bottle of 2020 California Consumer Privacy Act (CCPA). When the ball drops at midnight on January 1 and CCPA goes into effect, we want to make sure you know what it means, if it applies to you, and what Invoca has done to ensure that we (and, in turn, Invoca customers) are compliant. So grab a glass, sit down by the fire, and let’s get down with CCPA! Oh, go grab that champagne, too. We’re going to need it.
CCPA is new state legislation that will provide additional data privacy rights and consumer protections for residents of California. Before you pop on your 2020 party glasses and run out of the room because your business is not based in California, note that CCPA applies to any company that conducts business in or on behalf of anyone in California. Since California makes up 12% of the national population and 17% of its net worth, that likely means you, so you might as well sit back down and keep learning.
CCPA gives California consumers the right to:
If a company conducts business in the state of California and has annual gross revenues in excess of $25 million; possesses the personal information of 50,000 or more consumers, households, or devices; or earns more than half of its annual revenue from selling personal consumer information, then it will be impacted by CCPA.
When looking at how personal data is defined in CCPA, the best way to describe it is that it is broad in scope. Within the regulation, they have defined it as any information that identifies, relates to, describes, can be associated with or links to (directly or indirectly) any particular consumer or household. That definition alone probably has you thinking “they could really mean any piece of data”. And that’s not far from the truth.
To help simplify this, here’s how CCPA categorizes personal data:
The good news here is that CCPA and GDPR are extremely similar in their definition of “personal data,” so if you have already gone through the steps to prepare for GDPR last year, then you are already in great shape for when CCPA goes into effect and your teams will mainly be making preparations for how to handle the few areas of difference between the two.
With so many new privacy regulations instituted in the last few years, many people are asking why now? (And WHY ME??) It can mostly be attributed to the rise in consumer demand for more control of their personal data. The Pew Research Center found that 75% of consumers say there should be more government regulation of consumer data and how businesses may use that information.
Since the U.S. has not introduced and federal regulations for consumer data privacy, it is up to the states to do so. CCPA is an example of the state of California taking this action and you will likely see more states following suit in the very near future. This will no doubt (eventually) drive lawmakers in Washington to institute a federal regulation as a mish-mash of state laws that make compliance increasingly difficult. This is exactly what prompted the creation of GDPR, so you should just prepare yourself to read another one of these articles on the new U.S. regulation here next year. Sorry in advance.
The bottom line is that marketers use lots of consumer data and technologies that harness it, and if you’re in the U.S., you probably also do business in California. Data privacy regulations will only continue to expand and once the dust settles and people start dissecting the impact of these regulations, industry experts are predicting that there will be either new regulations or modifications to CCPA and GDPR to fill the gaps. This means that assuring compliance will no longer just be a checkbox to be quickly ticked off, but a business requirement for every piece of technology that you use. And there are steep fines and potential PR disasters awaiting those who fail to meet the requirements, just in case you needed some more motivation.
Now, CCPA doesn’t just impact companies and how they handle the data of their customers, but their technology providers as well. In many cases, technology providers and vendors are responsible for handling consumer data for companies, which means that they must not only be compliant but be prepared to walk their customers through the CCPA compliance process.
It might sound like a pain, but it will actually create an opportunity for tech vendors to step up and help their customers by offering to ensure compliance with new data privacy laws and sharing knowledge of the new standards. Ensuring compliance is a huge pain point for companies that work with dozens of tech vendors and partners, so technology partners must be able to help businesses navigate the murky waters of compliance now and in the future, as privacy laws continue to evolve and change.
At Invoca, proper handling of sensitive data has always been and will continue to be a top priority. We recognize that our customers are looking for a technology provider that treats them and their data with the utmost care — not just to comply with the law, but to go above and beyond to earn and keep your trust. This is why we’ve taken a comprehensive approach to preparing for CCPA. Here are some of the key actions that we have taken:
Like most things compliance, CCPA is complicated and can be difficult to digest. If there is anything you take away from this on what CCPA is, let it be that CCPA covers:
One way or another, CCPA will impact many if not most marketing professionals. You may not have to be an expert, but you have to be aware of its potential impacts on your business, especially when making technology purchases that may change the way you handle consumer data. If you are an Invoca customer, you can rest assured that we are CCPA compliant. Here’s to 2020 and all of the new compliance standards to come in the new year. Now, where’s that champagne?
