Sometimes, governance intrudes into marketing…
Now, it’s fair to say from the consumers’ perspective, marketers are doing the intruding. Not government regulators.
The sad thing is most businesses conduct themselves ethically. These folks (no doubt you included) bristle at the very notion of impropriety. And would sooner toss their shingle in the trash than cheap a client.
But sadly, the thieving, disreputable few ruin it for all.
What am I blathering about you’re probably wondering?
A few years back, the European Union passed sweeping legislation, known as GDPR.
The law was intended to “protect consumer rights.” Specifically, the statute limits the ways businesses can gather, store, and share or sell consumer data. It also empowers consumers to request a full accounting of their stored personal data. And gives consumers the right to demand their personal data to be permanently deleted from a company’s contact database.
Ever since the GDPR hit the EU, marketing circles have surmised similar legislation would appear in the US.
And it has finally arrived!
Meet CCPA — California Consumer Privacy Act
Last month, California enacted its own GDPR — known as California Consumer Privacy Act (“CCPA”).
Now, there’s been loads of buzz on this new law. Accompanied by lots of fervent proclamations about what you can and can’t do once the new law takes effect.
But here’s my take on CCPA: Most in the professional services game have little to worry about.
How come?
Below are CCPA’s four key qualifying factors:
- Businesses that serve or hire California residents
- Post $25 million+ in annual gross revenue
- Gather and store personal data of more than 50,000 “consumers, households, or devices”
- Earn more than half of annual revenue selling consumers’ personal data
Now, obstensively CCPA applies to EVERYONE doing business with clients based in California.
But I have a hunch the other four factors don’t apply to your business. Which leaves you largely off the hook.
There is, however, one aspect of the new law you SHOULD be concerned with.
But fortunately, there’s a simple solution.
Violation Penalties
Similar to GDPR, under CCPA, consumers have the right to know what data you’ve collected on them and how you’re storing it. And the right to demand that you delete that data.
This is important to note because if a consumer feels you’re not adhering to the letter of CCPA, they can report you to state regulators.
There’s a $2,500 penalty (per incident) for unintentional violations. And a $7,500 penalty (per incident) for intentional violations.
Clearly, this sort of penalty could quickly stack up a towering sum.
But now, the simple solutions…
Create a Privacy Policy
All you have to do is create a “privacy policy” statement. In your policy, note that you don’t share or sell the consumer data you gather with any third party. Note that consumers have the right to review the data you’ve collected on them. And finally, that they have the right to demand that data be deleted.
Designate a Consumer Inquiry Contact Person
But here’s the trick party — you KNEW there was going to be a tricky part, right? — you need to designate contact person in your organization for all consumer inquiries. And make sure that everyone in our organization is aware that all consumer inquiries should be referred to this designated person.
In addition, this person should be named and their contact info included in your privacy policy statement.
Designating a contact person is critical because where you’re most likely to get stung by a violation is if your organization fails to respond or responds incorrectly.
Publish Your Policy Everywhere You Market Your Business
Once you craft your privacy policy and designate a contact person, add your policy statement to your website, and post a link to it on your Home page.
If you send marketing emails, include a link to your policy statement.
If you mail or otherwise distribute print marketing materials, incorporate your policy statement in new collateral. And include an additional policy statement note with existing collateral.
And finally, just for safety’s sake, if you solicit email list signups, include a link to your policy statement in your optin confirmation email.
Have More Questions About CCPA?
I can’t claim to be an expert, but I’ve definitely studied the new law. And if you have additional questions, I’ll do my best to help.
Contact me here: ryan@ryananys.com
