#Ownyourdata campaign created ripples across the world. It led the movement towards providing the right to data privacy for consumers. Every nation responded to this ask from the consumers. National legislations reacted to it with national data privacy laws that protect citizen-consumers within the country and in an international scenario.
Since the United States of America is led by a Federal system. California state was one among the few that passed legislation called California Consumers Protection Act, 2018 (CCPA).
The California Consumer Privacy Act is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. |
Understanding CCPA
Understanding CCPA, in brief, helps determine the onus that is laid on the businesses by the law. Customer Data Platforms like FirstHive are designed and updated to help companies remain compliant with CCPA.
1. Is CCPA applicable to your business?
CCPA is not applicable to all businesses and does not replace any existing laws. It is relevant and applicable to businesses that buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices. Businesses that derive 50 percent or more of their annual revenue from selling consumers’ personal information; or those that have gross annual revenues greater than $25 million. For-profit companies do not necessarily have to be based in California to be subject to the statute.
2. How does the Subject data request process work as per CCPA?
CCPA provisions for subject access requests. Organizations must be prepared to intake and effectuate consumer access and delete requests as they come in.
Businesses that fail to comply with these requirements or tend to release personal information to the harm of the consumer would face litigation, as well as other regulatory enforcement actions.
3. Is Data Mapping covered under CCPA?
Data Mapping of personal information is a recommended best practice on data protection which aids subject data requests. According to CCPA, organizations should know the types of personal information that have been collected in at least the past twelve (12) months, the purposes for which it was collected, and who (including the types) of entities such data was shared with, all tracked on an ongoing basis.
To comply with this clause, CDP ensures the same and keeps the marketing team informed about how personal information is mapped across the organization.
4. How do online privacy and cookies notices affect your organization under CCPA?
Your organization has to explicitly state why, how, when and for what is the consumer data collected, stored, used, and distributed. This means your website should have a clear and updated cookie and privacy policy in compliance with the CCPA guidelines. The legislation requires you to cover both online and offline data means. It also requires you to describe the internal policy that is under implementation. The internal policy should be targeted towards how you ensure that the data hacks or breaches do not occur from someone or a process or entity associated with your organization.
5. Who is associated with you to help with this?
Yes, the law also requires you to announce your association with any third-party vendors that are assigned with the duties of managing your customer data. It needs to be a transparent affair when it comes to who, when and where is the customer data made available and for what purpose.
How does FirstHive as a CDP facilitate CCPA compliance for your business?
CCPA promotes consumer data protection which empowers consumers with more rights than apparent by the law itself. This is where a CDP ensures that businesses adhere to what is expected of them in the realm of data protection.
Data updates and preferences
CCPA allows consumers to request organizations to update and change their data preferences at any time. Even though the data provider is not involved with the business in a monetary transaction, the right still applies to the consumer. CDPs automate this process and update customer and lead records in real-time.
First-party data for Identity Data resolution
Businesses still depend on third-party data for some basic analytics and tracking a customer. However, that is not considered authentic by CCPA. It requires a business to use only first-party data to build customer profiles that resolve identity issues that arise due to staggering data coming in from fragmented sources of interaction and information.
Right to be Forgotten
Consumers can demand any time for the right to be forgotten. CDP allows the seamless implementation of the opt-out and deletion requests from customers. This marketing technology is programmed to provide a single source of truth and hence can update the entire database to adhere to such requests.
Cross-Channel Preferences
Consumers interact with your business across different channels. Each consumer comes with a unique set of information and action preferences from each touchpoint. These can be asynchronously updated in the database and fields managed by a CDP.
Data Scrutiny
If a customer demands disclosure, which is allowed by CCPA, a CDP provides a transparent interface of how the customer’s data is being collected, stored, used, and updated from time to time.
The rest of the world is responding to the need for consumer data protection. Each nation is releasing new laws specific to address the data needs of consumers. There are constant updates to the existing legislation. CDP brings the ability to execute marketing campaigns in adherence to the evolving data environment across the world.
For further queries, please drop in a note to [email protected]