Making Sure Your Digital Marketing Meets CCPA

January 2020

CCPA image

Image: Cristian Storto for Fotografia

Digital marketing is about to hit a major disruption. That’s especially true for organizations reliant on buying rather than building lists, gauging campaign effectiveness through web metrics, and sending content to recipients without their explicit permission. All of those practices are impacted by the nation’s most stringent consumer data privacy law: the California Consumer Privacy Act (CCPA).

Though CCPA received a lot of attention when it first passed in summer 2018, it’s only been in recent months that marketing and sales departments have focused on compliance due to the Jan. 1, 2020 deadline. Only Californians are covered, but many companies are reshaping their programs to include all customers out of fairness and to preempt other, similar U.S.-based laws expected to follow.

Last month we released a new ebook in our Twirling Tiger Media Knowledge Center on how to manage CCPA if you’re a content marketer. It explains what the law requires and how to achieve compliance. Violators face substantial financial penalties if they fail to respond to a consumer’s request within a specific timeframe.

Consumer rights under CCPA

As of now, Californians have the following rights:

  • To know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information.
  • To delete personal information held by businessesand by extension, a business’s service provider.
  • To opt-out of selling that personal information. California consumers are able to direct a business that sells their personal information to stop. Children under the age of 16 must provide opt-in consent, with a parent or guardian consenting for children under 13.
  • To not be discriminated againstin terms of price or service when a consumer exercises a privacy right under CCPA.

Requirements for Content Marketers

Marketing teams must determine how best to meet CCPA requirements. Here are some guidelines to get you started. Be aware that some of these, such as adding a “Do Not Sell My Info” button, should already be active.

At a minimum, CCPA-qualified marketers must:

  • Provide notice to consumers before any data collection takes place.
  • Create procedures to respond to requests from consumers to know, opt-out, or delete their data. For requests to opt-out, businesses must provide a “Do Not Sell My Info” link on their website or mobile app.
  • Respond to requests from consumers to know, delete, and opt-out within 45 days. This timeframe includes creating a verification process to ensure the consumer is accurately identified and covered under CCPA.
  • Disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information and how the incentive is permitted under CCPA.
  • Maintain records of requests and how they responded for 24 months in order to demonstrate compliance.

Those exempt from following CCPA

Not every organization must comply with CCPA, of course. Those industries currently exempt tend to already be restricted by other data privacy laws, such as healthcare and insurers covered by HIPAA and financial services covered by Gramm-Leach-Bliley. Additionally, companies with less than $25 million in gross annual revenues are not covered by the mandate. Also, if you don’t have any Californians in your current databases, nor intend to include them, the new law doesn’t apply.

Our ebook goes into detail on how content marketing must change under CCPA, including how to handle lists; structure email campaigns; and develop lead generation through web sites and trade shows. Make sure your company is following this influential legislation by downloading your copy.

Thank you for reading this,

Anne Saita
Editorial Director