The California Consumer Privacy Act (CCPA) takes effect January 1, 2020, on the heels of sweeping consumer privacy legislation that was enacted in Europe. Many businesses are asking whether the CCPA applies to them and what they should do to be compliant. Those are important questions. At the same time, I think it’s worthwhile to ask why consumer privacy legislation such as the CCPA is taking hold in the United States. After all, the CCPA is not only privacy legislation becoming law; Nevada recently passed its own privacy law, and more states may enact their own.
Why We’re Seeing Privacy Legislation
The simple reality is that federal governments are responding to consumers because the advertising industry has not done so. Brands need to heed the meaning behind this because while consumers do want relevance in advertising, they don’t want it at the expense of respect for their privacy. According to a recently announced Salesforce study, consumer trust in brands has sunken to a new low. As reported in Adweek, more than half of consumers believe that companies do not operate with their best interests in mind, and 6 out of 10 fear that their personal data is vulnerable to hackers. In fact, for some time, consumers have expressed a concern about how well businesses manage their privacy, with the Pew Research Center reporting that 64 percent believe that the government should do more to regulate advertisers.
People are frustrated with high-profile privacy violations and mishandling of their personal data, such as the one making news right now: as reported in Fast Company, Twitter has admitted that the app helped advertisers create targeted ads based on personal data that Twitter use for account security purposes. Twitter said the action was a mistake, which underscores the struggles that businesses face to manage privacy.
Five Fundamental Questions to Ask
Businesses have struggled to respond for a variety of reasons, one of which is the increasingly complicated challenge of understanding the consumer data they track. So we can expect more privacy legislation on the horizon. I believe businesses can prepare themselves for legislation and be responsive to consumers at the same time by asking these questions:
- What consumer data do you collect? Audit the consumer data you are collecting and processing and how applicable it is to your business. This data includes information related to the person, the person’s devices and the household to which the person belongs. What are you collecting, and why? Are you even using it? Be aware that the CCPA regulation includes the drawing of inferences to create a profile of the consumer (for example, attitude, abilities, preferences, characteristics, etc.)
- How transparent are you?Assess your level of transparency: what mechanisms do you have in place to share with consumers what you are collecting, how you store it, how you process it, and whether or not you sell it?"
- Do you give consumers an opt-out? Take stock of your mechanism for being compliant: what kind of action are you going to give to users so that they have the ability to tell you that they do not want you to sell their data? Do you have a link on your home page to give consumers an easy way to opt out?
- Do you give consumers the right to deletion? Do you have the processes in place to promptly respond to a consumer’s request for their personal Information to be deleted, assuming the request does not conflict with the exceptions listed within the CCPA. Do you have the ability to easily evidence that this deletion was successfully completed, if an audit is requested?
- How is your marketing agency using your data? Is your first-party data getting matched against third-party data? Are you targeting people without their consent on other digital channels? Does your website and applications provide for all the above options for consent and right to data deletion?
Regardless of the form that the CCPA takes – regardless of the legislation on the horizon from other government bodies – addressing the above five questions will accomplish two things:
- You will have a solid foundation to be successful in the constantly shifting consumer privacy landscape
- You will start build trust with your audience
At Investis Digital, we closely follow privacy legislation. We subject ourselves to third-party audits for data privacy and security that go far beyond what you will see from other communications firms. We actively deploy solutions to help our clients maximize engagement with their audience, while respecting a newfound demand for privacy. For more insight into our thinking on privacy legislation, check out my recently published blog post, “Keeping up with GDPR, PECR and the Evolving Data Protection Landscape.” If you have questions, For questions, please contact your Investis Digital account manager or email me at email@example.com.