California Consumer Privacy Act of 2018: What Will Compliance Really Look Like?
If you’re a marketer, chances are privacy is one of the things keeping you up at night. The privacy of consumer data is a hotly debated topic in every major newspaper. Consumers are getting more and more nervous about how their data is being used. And rumors of new consumer privacy regulations are cropping up almost daily.
Of course, one of the biggest concerns for marketers is how to comply with the California Consumer Privacy Act of 2018 (CCPA), which takes effect in January 1, 2020. And those of you who have been watching recent developments know there’s a chance the consumer privacy regulations could still be modified if any of the amendments being considered right now are passed. And that will make compliance even more difficult.
No matter what happens, the privacy clock is ticking. And that’s why many data companies – particularly those companies whose business relies heavily on consumer data – are working together to develop a set of guidelines designed to offer compliance guidance to the industry. Because the law itself is pretty short on details when it comes to defining compliance.
The Devil is in the Details
Just a few weeks ago, I sat at a table with more than 15 lawyers and dozens of data executives, all from leading data marketing companies. And there were a whole lot of different opinions on what “compliance” really means.
Despite the disagreements, we’re committed to working together to develop industry-wide guidelines that answer questions like these: If a consumer requests information on the data that’s been collected, what exact data should you provide? Do you provide every IP address the consumer has ever been associated with? Or does that overburden the consumer? Meanwhile, what does “reasonable” security really mean?
The Push for National Regulations
The good news is that marketers will eventually have guidelines to help them comply with CCPA. The bad news is that the amount of time and effort that’s gone into the process of developing guidelines for CCPA is significant. And that’s part of the motivation behind groups like Privacy for America, which are pushing Congress to enact a Federal consumer privacy law.
Skeptics call these pushes for Federal regulation an attempt to put less stringent regulations in place. But the reality is that having a single national policy that governs consumer privacy is vital to the health of our industry.
Reputable marketers are more than willing to comply with reasonable, attainable privacy guidelines. After all, the number one goal of any good marketer is to build relationships with their customers. And those relationships are severely damaged when customers are “creeped out” because they’re worried a company is invading their privacy.
But having to follow 50 different guidelines outlined by 50 different states puts an unnecessary burden on any company. I can’t tell you how many hours I have already spent with my industry colleagues trying to hash out the details involved in complying with just one state’s legislation. That’s why you see the industry pushing for Federal standards – because they cannot afford to spend all their resources on regulatory compliance.
Why It’s More Important than Ever to Know Where Your Data Comes From
So what can you do to start preparing for CCPA – and any other new regulations that are established in the future – today? You can protect yourself by asking some tough questions of the data providers you work with, such as:
- When you are collecting data, do you provide notification to the consumers you are collecting it from? Do you get their consent?
- Where exactly do you get your data?
- Do you allow consumers to opt out of your list?
- Are you willing to indemnify my company when it comes to privacy compliance?
For marketers, it’s more important than ever to know exactly where your data comes from and whether you can trust your data provider.
Because in today’s regulatory environment, using bad data doesn’t just reduce campaign ROI due to, for instance, high undeliverable rates. But in the future, bad data could actually cause you to become liable for consumer privacy violations – even if you didn’t know you were making them.
That’s why I’ll be providing more insight on privacy-related issues in future blogs – like the importance of good data sourcing, why data transparency is critical and the evolution of protected personal information. Stay tuned…