The Coming Privacy Reckoning

There is a disturbance in the Force of the marketing world.  Have you felt it?  The brand-spankin’ new CA Consumer Privacy Act (CCPA) goes into effect on Jan. 1, 2020 and many organizations are going to have to get IT, legal AND marketing in the same room and working together to manage it.

So you know, The CCPA is a law meant to enhance privacy rights and consumer protection for residents of California. The bill was passed by the California State Legislature and signed into law by Jerry Brown, Governor of California, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code. Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.

The intentions of the Act are to provide California residents with the right to:

  • Know what personal data is being collected about them.
  • Know whether their personal data is sold or disclosed and to whom.
  • Say no to the sale of personal data.
  • Access their personal data.
  • Request a business delete any personal information about a consumer collected from that consumer.
  • Not be discriminated against for exercising their privacy rights.

The CCPA applies to any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds:

  • Has annual gross revenues in excess of $25 million;
  • Possesses the personal information of 50,000 or more consumers, households, or devices;
  • Earns more than half of its annual revenue from selling consumers’ personal information.
And a quick note: Organizations are required to “implement and maintain reasonable security procedures and practices” in protecting consumer data. (This is where you need your friends in IT, and probably a big box of donuts)

Why should you care? Well, because a fine up to $7,500 for each intentional violation and $2,500 for each unintentional violation can be imposed. And California LOVES to fine its friends in the business community.  Well, what should we do, Scott?  

Fear not, here are Scott’s Privacy Tips for Super Nosy Marketers (yeah, it’s probably you):
  • Don’t be creepy—If you are collecting data and you realize you probably shouldn’t have it, destroy it and stop collecting that data.  
  • Attract your audience, don’t interrupt them—No one ever gets in trouble for giving people what they want and drawing them nearer to it.  That’s called marketing. 
  • Remember the importance of brand messaging—If your message is all about YOU, they probably don’t care.  And if you confuse, you will lose.  
  • PR provides great visibility for messaging and ZERO privacy concerns—PR is about to become VERY popular…again.  🙂Empathy solves most privacy problems – if YOU don’t want it, neither do they.  We know the storm is coming, first to California, then to the rest of the USA courtesy of other states and finally Congress. And we know that ensuring privacy isn’t just marketing’s job, but we are probably the cause of 90 percent of the violations so we should be the solution.

We don’t HAVE to be this awful thing that has to be regulated by the gov’t — we can be better than this — we should and we must.  

Scott Robertson is a GDPR/CCPA privacy expert and can answer your questions and help you get your company into compliance!