Invest in New Processes and Technology

Businesses can no longer avoid investing in proper data management practices and tools. Complying with the CCPA will require significant time and budget resources across several functions of your business. First and foremost, marketers will need to map the location of any existing data, records or customer databases related to California residents, households located in the state, or devices owned by residents. A customer data platform (CDP) can help businesses find and consolidate data from specific individuals across many disparate systems.

Make It Easy for Consumers to Request Data Access and Info

Next, organizations will need to create a straightforward way for customers to request access to their data and how it is being used. This includes setting up a separate toll-free phone line and email with staff designated to handle the requests. New security processes and systems will also need to be put into place for verifying the identity of those customers requesting their data report or that their data be deleted.

Update Your Privacy Policy

As we discussed in my last privacy post, the CCPA requires some updates to a company’s privacy policy. Organizations must add a section which details California residents’ data privacy rights specifically. They must also make exercising those rights simple and easy. For example, California residents have the right to insist that their data not be sold or shared under the CCPA. Homepages should feature a clear call to action for the consumer to make this request via a specific web page or portal, mail, phone or email.

Another consideration many marketers overlook with regard to privacy and consent is how minors factor into the CCPA equation. In California, children under the age of 13 cannot consent to privacy policies, so there must be procedures in place to obtain consent from their parents or guardian. Organizations that don’t have these methods in place will be charged with “willfully disregarding the California resident’s age.”

The California-only Strategy

Because it’s a California law, the CCPA brings with it many security, administrative and operational requirements affecting a small but significant piece of any organization’s customer portfolio. Some business will look to California-only sites, products or communication channels to address these requirements, allowing them to leave their original sites and products as is. This approach has its merits, but organizations must be sure not to rely on IP address or location alone when determining which website or service a customer uses when browsing online. A California resident visiting your website while traveling in Massachusetts must be sent to the appropriate California-only CCPA-compliant site.

For many, the CCPA compliance deadline — January 1, 2020 — seems a long way off, but marketers must advocate that their businesses start taking steps now to ensure requirements are met. Consumer data protection compliance is the new normal, and the way organizations respond to new rules and regulations can make or break the customer relationship. Customers are getting to the point where they hold all the cards when it comes to their personal information, and companies must treat all consent relationships with the respect they deserve if they expect to maintain long-term trust.

Also, to help keep businesses informed on the evolving interpretation and implementation of the CCPA, Arm Treasure Data has issued blog updates on privacy, including the CCPA. Here are several related blogs in our series on CCPA, GDPR and customer data protection:

• The California Consumer Data Privacy Act – 3 Steps Marketers Need to Take NOW
• Customer Personalization and Data Privacy: 6 Facebook Takeaways for CMOs
• GDPR vs. CCPA – What You Still Need to Do to Comply