How Does the California Consumer Privacy Act Impact B2B Marketing?

Image for post
Image for post

Last fall, California passed the first data privacy legislation in the United States. The California Consumer Privacy Act of 2018 (CCPA) gives California consumers protections in terms of how their personal information is used by for-profit companies.

Image for post
Image for post

In some ways, it already has. The CCPA technically went into effect when it was passed in September 2018. But companies have until January 1, 2020 before the law truly goes into effect. And even then, the California Attorney General has until July 2, 2020 to publish regulations that make CCPA enforceable. Additionally, the Attorney General can’t bring legal action against companies that violate CCPA until July 1, 2020 or six months after the final regulations are published.

Image for post
Image for post

CCPA applies to any for-profit company that does business in the state of California and meets any of the following criteria:

  • The business’ annual revenue is over $25 million
  • The business receives the information of over 50,000 consumers, households, or devices annually
  • At least half of the business’ annual revenue comes from selling personal information

The CCPA will not restrict a business’ ability to do the following:

  • Comply with federal, state, and local laws
  • Collect, use, retain, sell, or disclose information that is deidentified or aggregate consumer information
  • Collect or sell a consumer’s personal information if every aspect of that conduct takes place completely outside of California.
Image for post
Image for post

CCPA protects consumers by covering three important areas in data privacy:

  • Transparency — consumers should know who is collecting their data and what happens to that data
  • Control — Consumers should be able to exercise control about who has their data
  • Accountability — When data breaches occur, the responsibility is on the company

Currently, companies offer services for free in exchange for tracking the movements and activities of consumers. That means that every website you visit, every search you make, every item you buy and every free PDF you download is likely a datapoint in someone’s database.

Under CCPA, companies must disclose the following information at any point data is collected:

  • The consumer’s rights under CCPA
  • What information categories are being collected?
  • How that information will be used (will it be used internally or shared and sold)
  • What categories of information have been shared with or sold in the last year?

Companies will also have to provide mechanisms that allow consumers to:

  • Edit data a company holds
  • Delete data a company holds
  • Opt out of having their information sold via a clear link titled “Do Not Sell My Personal Information”

There’s also a clause that prevents companies from discriminating against customers that opt out of sharing data. Interestingly enough, that doesn’t preclude them from charging different prices or provide a different quality of goods if the difference is reasonably tied to the value of the data.

Image for post
Image for post

Personal information under this law is anything that, “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

That means everything from behavioral data from digital interactions to the conclusions that companies draw from those interactions.

Image for post
Image for post

Selling data under CCPA means any exchange of data for either money or “other valuable consideration.” This will likely be clarified when the Attorney General establishes its guidelines for 2020.

Image for post
Image for post

The penalty for each violation is $2500 if unintentional and $7500 if intentional. Businesses have 30 days to fix alleged violations after they’ve been notified of their noncompliance.

The other concern for businesses is that if there are laws in place protecting consumers, there ‘s also the potential for class-action lawsuits which could cost companies between $100 and $750 per incident.

Image for post
Image for post

Marketers need to filter their databases and determine how much of an impact CCPA will make on their brand.

Determine if and how many customers or leads you have in your database that are from California. Maybe you segment this population to maintain compliance, but if the number is sizable, you may just want to retool all your data collection processes to comply with California’s standards. It won’t be easier, but it will help you to ensure you don’t get hit with hefty fines.

Image for post
Image for post

After CCPA was passed, it opened the door for similar bills to be introduced in other states. So far, there are 12 states with CCPA-inspired bills in the works. They are:

  • Hawaii
  • Maine
  • Maryland
  • Massachusetts
  • Mississippi
  • Nevada
  • New Jersey
  • New Mexico
  • New York
  • North Dakota
  • Rhode Island
  • Washington

That means that laws like CCPA are going to become more and more common in the coming years. For marketers, that means starting to apply the concept of CCPA to all your marketing. It’s a better look to think ahead, than to just barely comply with increasingly common rules.

Written by

HIPB2B is a demand gen solution provider, utilizing content, email, and marketing automation to drive outcomes for marketing and technology clients

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store