CCPA Explained In Six Questions

December 17, 2019 Amanda Jurgens

Starting January 1, 2020, there is a new email privacy act in town -- California’s Consumer Privacy Act (CCPA). You can access our CCPA webinar to get helpful information on what CCPA is, how to interpret it and what steps your business needs to take. 

If you’re knee-deep 2020 planning and just need the quick highlights, keep reading for a need-to-know summary of CCPA. 

What is CCPA? 

CCPA is a privacy act applying to California residents, largely focused around the sale and usage of personal information (PI) data. While the law comes into effect on 1/1/2020, businesses have a grace period until 7/1/2020. The specifics of the law are still in development and businesses are looking to the Attorney General for clarification. For this reason, we recommend consulting your legal team as you prepare to bring your marketing and data practices into compliance. 

Does CCPA apply to my business? 

If your organization does business in California and collects personal information, you may be subject to CCPA if ANY of the below criteria is true about your business:

  1. Business annual gross revenue over $25 million.
  2. Business engages in buying/selling/receiving data of at least 50,000 consumers, households, or devices.
  3. The business Generates least 50 percent of its annual revenue from selling consumers’ personal information.

Does this only apply to California? 

Yes. For now, California is the only state with an outlined privacy act. But don’t be fooled, more and more states will be developing their own privacy laws. We highly recommend using some of the early regulations from CASL, GDPR and CCPA as the perfect reason to get your strategy set for data management and privacy compliance. Check out our recent blog on the right time to develop a scalable policy. 

Are there fines associated with CCPA? 

Yes. Fines can range between $100-$750 per consumer per incident. For example, a violation affecting 10,000 residents in your database could run a minimum fine of $1m. 

What steps should I take to be in compliance? 

First and foremost, work with your legal team to develop your interpretation. You’ll want to amend your privacy policy to contain a section specific to California. Your forms should include a disclaimer or link to the privacy policy. People need the ability to opt out of the sale of PI. You should also be able to show that your business is taking appropriate security measures. 

What effect does this have on my marketing tactics?

You should consider both lead generating and lead sharing tactics. For example, content syndication and purchased lists are very clearly contained in CCPA. But you should also consider less obvious activities like sharing PI data via retargeting or Marketo Ad-Bridge. Work with your legal team to ensure all applicable tactics are considered. 

Now is the time to start reviewing your policies to prepare for CCPA and beyond. Not sure how to get started? Contact us at today to learn about our CCPA Audit package. 

Disclaimer: This post is designed to help you better understand the compliance requirements CCPA. We are not lawyers and this should not be considered legal advice. As always, please have your legal counsel review your own mailing policy.

About the Author

Amanda Jurgens

Amanda is a digital marketer with over 10 years of experience utilizing marketing operations and marketing automation to deliver a personalized customer experience. She's passionate about solving complex business challenges through technical marketing solutions, working across business systems and teams. Marketo Certified

Follow on Linkedin More Content by Amanda Jurgens
Previous Article
5 Places You Should Be Using Tokens
5 Places You Should Be Using Tokens

Gifting season may be over but there's one last gift we encourage you to give yourself: the gift of easier ...

Next Article
Gift it Forward 2019 with the BMUG
Gift it Forward 2019 with the BMUG

This year, in the spirit of giving, we invested in the members of the community who need it most at our now...