California Consumer Privacy Act, or CCPA, is the first anticipated United States response to GDPR, the privacy requirements put in place by the EU back in 2016. While several state legislatures are considering versions of GDPR, the CCPA is the first of these to be enacted. Variations will inevitably come online at the state and potentially federal level in the coming years.
As with GDPR, our team of digital SEO and media experts have been researching the impact that CCPA could have for our clients and the online commerce machine as a whole. We are eager to help answer your questions as best we are able given the limited information we have to date. As with any new law of this type, much can be done in preparation for complying with the law but there is also a fair amount of speculation and uncertainty at this early stage. It is our goal to leverage our knowledge of the industry, the information provided by lawmakers and our expertise in this landscape to help answer your questions and help you navigate the potential changes.
What is CCPA?
CCPA was created to give California residents more control over their personal information by putting greater restrictions on how their private information is shared. The act requires that businesses be transparent with what data they collect from their consumers and how they use that data. In this digital age, more and more data is used to customize your online experience. Clearly communicating how information is used is intended to provide greater control to users.
The law is in effect as of January 1, 2020.
You can read all about the details of the law here.
As with GDPR, all companies doing business in or with California residents or companies will want to consult their legal counsel on the best means for moving forward.
Does the CCPA impact my company or organization?
For-profit legal entities doing business in California that collect personal information regarding California residents may be subject to CCPA requirements. “Doing business” in California applies to companies that sell goods or services to California residents even if the business is not physically located in California. Additionally, to fall within the scope of the CCPA, your business must also meet one of the additional three criteria:
- Have $25 million or more in annual revenue; or
- Possess the personal data of more than 50,000 “consumers, households, or devices” or
- Earn more than half of its annual revenue selling consumers’ personal data
Data vendors and identity resolution companies like Acxiom and FullContact will be primarily impacted by CCPA, as individuals now have the power to restrict these companies from selling their personal data. Best practices recommend that basic measures should be implemented by all businesses doing business in or with California. Privacy statement updates and opt-in options are fundamentals all online businesses can implement with relative ease.
The following are resources we recommend to help companies affected by CCPA meet the currently understood compliance requirements.
SKYSYNC CCPA Readiness Checklist and Preparation
Digital Current: What you Need to Know about CCPA
What if we are already GDPR compliant? Do we need to do more?
Companies that ensured they meet GDPR guidelines are ahead of the game when it comes to CCPA requirement implementation. If your company falls under the CCPA, there are a few other things that must be done to ensure compliance. A quick guide to the similarities and differences between the two laws can be found here.
What is Mad Fish Digital doing to be compliant?
Mad Fish Digital is currently vetting the platforms and vendors we use to provide clients regular services for CCPA compliance. We have confirmed compliance with our large platforms like Google Adwords and Hotjar. Facebook’s current stance is that they don’t sell personal data, even though personal data is the cornerstone of their ad platform. We will continue to notify clients with specific CCPA requirements of how vendors and tools may be set up to ensure compliance.
Like other companies, we are updating our privacy policy and service agreements to meet CCPA compliance standards though we do not fall under the specific requirements now. This will ensure that we are open with our users and clients about what we do with the data we collect and are transparent about its use.
Will this change my digital marketing strategy?
Over the coming years, as similar laws are passed, digital strategies will need to be nimble to adapt to an evolving digital environment. If your strategies depend heavily on 3rd party data providers, you’ll likely feel the impacts sooner rather than later. The legal battles that are sure to ensue will significantly determine how the CCPA impacts digital marketing strategies. As always, our team is monitoring the impacts this has on user experience and making service decisions in the best interest of our clients.
We are here to help you navigate the ins and outs of CCPA. Reach out to us via sales@madfishdigital.com or (503) 935-5222 if you are looking for help or would like to know more.
