Successfully reported this slideshow.
Your SlideShare is downloading. ×

California Consumer Privacy Act (CCPA): Countdown to Compliance

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 31 Ad

California Consumer Privacy Act (CCPA): Countdown to Compliance

Download to read offline

What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.

What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.

Advertisement
Advertisement

More Related Content

Slideshows for you (19)

Similar to California Consumer Privacy Act (CCPA): Countdown to Compliance (20)

Advertisement

More from Tinuiti (20)

Recently uploaded (20)

Advertisement

California Consumer Privacy Act (CCPA): Countdown to Compliance

  1. 1. California Consumer Privacy Act (CCPA) Countdown to Compliance
  2. 2. 2 ● Session recording and slides will be sent out ● Log back in anytime with the same link ● Resources available as handouts Eyebrow Text Today’s Logistics Persephanie Arellano Webinar Coordinator
  3. 3. Experts-Only Approach Strategic acquisitions have positioned us as the leading independent performance marketing agency Search • Social • Amazon • Email • Display • Shopping & Data Feed • SEO • Affiliate • Conversion Rate Optimization • Creative Services • Analytics & Marketing Science
  4. 4. Will Weld SOLUTIONS ARCHITECT Today’s Speakers Jodi Daniels CEO
  5. 5. What is your readiness level for the CCPA regulations? Poll Question ● I'm just learning about it now ● I'm aware of it but have not taken action on it ● I'm aware of it & planning my approach ● I've already begun implementing the required solutions ● I'm aware of it and desperately need help
  6. 6. 6 Agenda 1. CCPA Overview: New Regulation for Data Protection & Consumer Privacy for Californians 2. Comparison Between GDPR & CCPA 3. CCPA Key Requirements That Must be Met to be Compliant 4. Recommendations to Consider for Your Next Steps
  7. 7. CCPA Overview
  8. 8. 8 California Consumer Privacy Act What is the CCPA? ● Law that will go into effect January 1, 2020 that outlines new regulations for data protection and consumer privacy for Californians ● Part of a global trend towards more stringent data privacy and protection ● Has similarities to GDPR, including individual rights ● California represents 12% of the US population and along with an oversized market, it will have a national impact
  9. 9. 9 California Consumer Privacy Act Who is Impacted? Businesses with annual gross revenues of at least $25 million$25mm Businesses that buy, receive, sell, or share the personal information of 50,000 or more consumers, households or devices 50,000 Businesses that get at least 50% of their annual revenue from selling consumers’ personal information 50% Note: exceptions for personal data covered by HIPAA and GLBA
  10. 10. 10 California Consumer Privacy Act Individual Rights Under CCPA The law gives Californians the following rights: ● Know what personal information is being collected about them ● Access that personal information ● Know whether their personal information is being sold or shared, and if so, with whom ● Opt out of the sale of their personal information ● Equal service and price regardless of exercising individual rights The legislation further requires companies that collect personal information to delete all of it upon request (with some exceptions) and disclose more detailed information about data collection in privacy policies. Data requested is from the preceding 12 months. Individuals can make up to 2 requests in a 12 month calendar year.
  11. 11. 11 California Consumer Privacy Act What is “Personal Information?” The law uses the term “personal information” broadly, so it pertains to traditional information as well as behavior and preference based information ● Birthdate, SSN, email address, address, etc. are considered “traditional” personal information ● GeoLocation, IP address, consumer behavior, browse and search history, preferences, open / click behavior, etc. also qualify as personal information under this law How the CCPA defines personal information
  12. 12. 12 California Consumer Privacy Act What is Considered “Selling” Personal Data? The CCPA defines "sell, selling, sale, or sold" broadly to include selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information to another business or third party for monetary or other valuable consideration ● “Valuable consideration” is up for debate and likely to be more clearly defined before law goes into effect Note: Explicit opt-in consent to sell data is required for consumers under the age of 16 How the CCPA defines the sale of personal information
  13. 13. CCPA vs GDPR
  14. 14. Lawful Basis & Data Processing Principles • No lawful basis requirement and no data processing principles. • For example, B2C emails do not require opt-in • Requires a legal basis processing prior to using data (consent, legitimate interests, contract, etc) • For example, B2C emails require opt-in consent Scope • California residents • Minimum thresholds • European residents • No minimum thresholds Definition of Personal Information/Data • “Identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household” • Includes online identifiers, profiling & probabilistic data, etc • Uses “Personal Data” • Refers to identified or identifiable natural person Privacy Notice • Specific requirements including contact information to exercise individual rights • Do Not Sell link on homepage • Requires a legal basis processing prior to using data (consent, legitimate interests, contract, etc) • For example, B2C emails require opt-in consent Fines • Civil fines: $2,500 - $7,500 • Private right of action: for data breaches if failure to maintain reasonable security. Statutory damages $100-750 • Up to 4% global turnover or €20 million Individual Rights • Disclosure, access, delete, opt out of sale of information • Respond within 45 days • Access, delete, rectification, data portability, object • Respond within 30 days CCPA Lingo • Consumer • Business (meets certain requirements) • Service Provider (meets certain requirements) • Third Party (not a business or service provider - for example may be an entity that was sold data from the business) • Data subject • Controller • Processor CCPA GDPRComparison
  15. 15. Recommendations to Consider for your Business
  16. 16. 16 California Consumer Privacy Act Considerations Several other states are in the process of developing similar regulations Privacy Law Passed Privacy Law Proposed No Privacy Law
  17. 17. 17 California Consumer Privacy Act Considerations Assume that CCPA applies • If no state location is collected on a consumer, assume California residency Consider growth, investment, and M&A potential for your business • Investors are increasingly reviewing practices in due diligence Growing expectations from customers for high levels of privacy • Will this be adopted for individuals from all states or only California?
  18. 18. 18 California Consumer Privacy Act Considerations Determine if you sell data per CCPA • Identify if your business practices qualify as “selling” data. If it does, your business will need to comply with the new regulations. Perform a risk/benefit analysis of the data you sell • If you are currently using any third party data to append to consumers, you may want to consider requesting that data directly from the consumer if possible. Reconsider the use of any third party data • Any data sold or purchased about a consumer would qualify for CCPA and your business would be required to comply to the regulations.
  19. 19. Key Requirements for CCPA Compliance
  20. 20. 20 California Consumer Privacy Act Key Requirements to be CCPA Compliant ✓ What personal information is being collected about a consumer ✓ How the information is used ✓ With whom personal information is being disclosed What you need to know ✓ Provide access to personal information ✓ Provide data in a readily usable format ✓ Allow users to opt out of the sale of their information ✓ Delete collected data upon request What you need to be able to do What do I need in order to be compliant?
  21. 21. 21 California Consumer Privacy Act Key Requirements to be CCPA Compliant ✓ What personal information is being collected about a user ✓ How the information is used ✓ With whom personal information is being disclosed What you need to know What do I need in order to be compliant? ➝ Determine what specific pieces of information you’re collecting ➝ Perform an audit on your analytics tags and pixel placements ➝ Identify the destinations data is being sent to via tags and pixels ➝ Locate where data is stored and document what data is stored there ➝ Document the mechanisms by which you share, collect, and use data ➝ Determine what data you “sell” or collect per the CCPA ➝ Identify any parties involved with the “selling” of data as defined by the CCPA
  22. 22. 22 California Consumer Privacy Act Key Requirements to be CCPA Compliant ✓ Provide access to personal information ✓ Provide data in a readily usable format ✓ Allow users to opt out of the sale of their information ✓ Delete collected data upon request What you need to be able to do What do I need in order to be compliant? ➝ Create a process to honor Do Not Sell requests ➝ Train all employees who will be part of Do Not Sell process ➝ Test the process ➝ Act on customer request in 45 days and provide reasons in case of delays, without placing any charges to the customer ➝ Keep record of all sales of consumer information for up to 12 months ➝ Not discriminate against consumers who exercise their individual rights ➝ Include a “Do Not Sell My Personal Information” link in a clear & conspicuous location on the homepage ➝ Include in the Privacy Policy toll free number to submit individual rights (note amendment pending to include toll free number or email address)
  23. 23. 23 ✓ Categories of personal information collected about the user ✓ The sources from which that information is collected ✓ The commercial or business purpose for which the personal information is collected ✓ The categories of third parties the information will be shared with ✓ Specific pieces of personal information collected about the consumer Consider making your privacy policy more user friendly with hyperlinks, visual boxes, summaries and also a separate privacy / trust page featuring how the business addresses privacy California Consumer Privacy Act Privacy Policy Requirements Privacy policies must include:
  24. 24. 24 ★ Be forward thinking and tell your customers how your business is complying with CCPA, GDPR, or other privacy laws ★ Share your privacy principles and values ★ Include if you are adopting CCPA for all states or only CA residents ★ Anticipate your customer’s privacy or security concerns or questions ★ Create a privacy center for all privacy activities (e.g. unsubscribe, opt out, summarized privacy notice) Privacy Trust/Commitment California Consumer Privacy Act
  25. 25. Wrapping Up
  26. 26. Audit your data inventory, analytics tags, & pixel placements Create process to honor Do Not Sell requests & train employees Implement privacy policy & website changes Sept 2019 Test the entire process & make any necessary adjustments Oct 2019July 2019 Jan 2020June 2019 CCPA goes into effect Make sure you’re doing it right Jan 2020 26 California Consumer Privacy Act Countdown to Compliance
  27. 27. Key Takeaways Determine any impact on your marketing strategies Create a plan for honoring individual rights 1 Get started on your data inventory 2 3
  28. 28. 28 Next Steps: How We Can Help California Consumer Privacy Act Get a FREE Mini-GA Audit • A free, mini audit of your Google Analytics setup and data, including a PII analysis Request an Analytics Audit • A full-fledged audit and analysis across dozens of issues and over 150 touchpoints Request a CCPA Consultation • Contact Jodi to chat about data inventories, individual rights, privacy policies and all other CCPA topics hello@tinuiti.com hello@tinuiti.com jodi@redcloveradvisors.com
  29. 29. Thank you!
  30. 30. Will Weld SOLUTIONS ARCHITECT Live Q&A Jodi Daniels CEO
  31. 31. Growing your D2C Approach, Scaling Amazon & Beyond September 19, 2019 The InterContinental Downtown, San Diego Tinuiti.com/addiego

×