Starting January 1, 2020, there is a new email privacy act in town — California’s Consumer Privacy Act (CCPA). You can access our CCPA webinar to get helpful information on what CCPA is, how to interpret it and what steps your business needs to take.
If you’re knee-deep 2020 planning and just need the quick highlights, keep reading for a need-to-know summary of CCPA.
What is CCPA?
CCPA is a privacy act applying to California residents, largely focused around the sale and usage of personal information (PI) data. While the law comes into effect on 1/1/2020, businesses have a grace period until 7/1/2020. The specifics of the law are still in development and businesses are looking to the Attorney General for clarification. For this reason, we recommend consulting your legal team as you prepare to bring your marketing and data practices into compliance.
Does CCPA apply to my business?
If your organization does business in California and collects personal information, you may be subject to CCPA if ANY of the below criteria is true about your business:
- Business annual gross revenue over $25 million.
- Business engages in buying/selling/receiving data of at least 50,000 consumers, households, or devices.
- The business Generates least 50 percent of its annual revenue from selling consumers’ personal information.
Does this only apply to California?
Yes. For now, California is the only state with an outlined privacy act. But don’t be fooled, more and more states will be developing their own privacy laws. We highly recommend using some of the early regulations from CASL, GDPR and CCPA as the perfect reason to get your strategy set for data management and privacy compliance. Check out our recent blog on the right time to develop a scalable policy.
Are there fines associated with CCPA?
Yes. Fines can range between $100-$750 per consumer per incident. For example, a violation affecting 10,000 residents in your database could run a minimum fine of $1m.
What steps should I take to be in compliance?
What effect does this have on my marketing tactics?
You should consider both lead generating and lead sharing tactics. For example, content syndication and purchased lists are very clearly contained in CCPA. But you should also consider less obvious activities like sharing PI data via retargeting or Marketo Ad-Bridge. Work with your legal team to ensure all applicable tactics are considered.
Now is the time to start reviewing your policies to prepare for CCPA and beyond. Not sure how to get started? Contact us at firstname.lastname@example.org today to learn about our CCPA Audit package.
Disclaimer: This post is designed to help you better understand the compliance requirements CCPA. We are not lawyers and this should not be considered legal advice. As always, please have your legal counsel review your own mailing policy.