Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

California Consumer Privacy Act: What your brand needs to know


Published on

Joe Youssef provides an insightful overview of the California Consumer Privacy Act (CCPA) that will take into effect in 2020. This presentation explores the key principles of the CCPA and how brands can prepare to ensure they are compliant with the policy.

Published in: Marketing
  • Be the first to comment

California Consumer Privacy Act: What your brand needs to know

  1. 1. AB-375: California Consumer Privacy Act (CCPA) This document is for informational purposes only and not for the purpose of providing legal advice. Please contact your legal counsel to obtain advice with respect to the CCPA.
  2. 2. What is the California Consumer Privacy Act? • Landmark policy constituting the most stringent data protection in the United States, passed on June 28, 2018 • Governs the way businesses collect, process and secure California residents’ personal data • Takes effect 1/1/2020
  3. 3. As of 2017, California is the 5th largest economy in the world What is the expected impact? • CCPA is going to have a wide-sweeping impact on all data collection – both online and offline – and sets a precedent in the US • Paves the way for other states to adopt similar frameworks in the future • Companies must decide whether to – reform their global data protection and data rights infrastructures, – institute a patchwork data regime in which Californians are treated one way and everyone else another, – completely ignore Californians
  4. 4. Key principles of the CCPA Affects for-profit businesses that collect, use or sell data, and fall into any of these categories: • Generates $25 million or more in annual revenue • Holds the personal data of 50,000 or more people, households, or devices • Generates half or more of its revenue in the sale of personal data The law protects California residents and provides them with the right to: • Know what personal information is being collected about them and how it’s used at or before the point of collection • Know if their personal information is sold or disclosed, and to whom • Say no to the sale of their personal information – Sale of children's data (anyone younger than 16) will require express opt in, either by the child, if between ages 13 and 16, or by the parent or guardian
  5. 5. Businesses can offer financial incentives for collection, sale or deletion of personal information and requires consumer opt-in Key principles of the CCPA The law protects California residents and provides them with the right to: • Equal service and price, even if they exercise their privacy rights – Businesses can’t deny goods or services, charge consumers who opt out a different price, or provide a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data • Access their personal information in a “readily useable format” that enables its transfer to third parties without hindrance • The deletion of their personal information, including from any third–party service providers used by the business The bill exempts businesses of these measures if it limits the ability to comply with federal, state, or local laws, to complete a requested business transaction, if it infringes on the rights of another individual, etc
  6. 6. • Any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household • Examples include: – Name – Email address – Location data – Biometric data Deidentified (and cannot be re-identified) and aggregate data are not considered personal information What is considered “personal information?” – Device ID – Cookie ID & data – Consistently hashed ID – IP address
  7. 7. CCPA: What’s at risk? Consumers can pursue private action should companies fail to maintain reasonable security practices, resulting in data breaches • The bill will be enforced by the state’s attorney general • Failure to address violations within 30 days could lead to a $7,500 fine per violation (which can be on a per-record basis)
  8. 8. What does this mean for your brand? • Opt-in for CRM and data collection must be specific and requires EXPLICIT consent • Personal information collected is limited to the specific use indicated • Data must be accessible, accurate, and available at the customer’s request • Enterprise-wide opt-in statements may not be compliant – unbranded vs branded • Financial incentives can be offered to CA residents as part of the CRM value prop 8
  9. 9. ACTION STEPS: Being CCPA compliant Conduct an information audit – How is data collected and where is it stored? – How is it accessed, by whom, and for what purposes? – What security protocols are in place to protect data? Educate key stakeholders in your organization – What are the risks and impact this poses to your business? – How does this affect them and what do they need to do differently? Review and revise privacy policies to ensure compliance with CCPA regulations
  10. 10. ACTION STEPS: Being CCPA compliant Review organizational policies and procedures – Fulfilling personally identifiable information requests of customers – Right to deletion Contact technology and media partners – What are they doing to ensure CCPA compliance? – Do any of your processes need to change to reflect their updates?