As digital marketing and our Internet culture evolve, so do changes in consumer privacy laws and how small- to medium-size businesses must operate. In a nutshell, these rules and laws create protections for consumers on how companies can use, sell, transfer, and handle their personal information. While there isn’t yet an overall federal regulation standard in the U.S., one law—the California Consumer Privacy Act (CCPA)—is one of the most comprehensive consumer privacy laws passed in the digital age.
The CCPA in particular has helped shape how businesses need to handle consumer information. While the law is currently only in effect in California, even if your business is located in Cincinnati—but does any business in California—your digital efforts need to follow the law of the land. All that to say, it may only be a matter of time before the U.S. enacts a variation of the GDPR (General Data Protection Regulation) that took place in Europe in 2016, so understanding the general rules is essential for any marketer or a business owner.
When you order something online, companies get a large volume of information, including your name, address, phone number, email address, payment information, and the list goes on. This is known as “personally identifiable information,” or PII for short. This information can technically be handled in any fashion a business sees fit as it is laid out in their privacy policy (aka the long page of legalese no one ever reads). Once CCPA came into effect in California in 2018, it created specific rules businesses have to follow when it comes to this personal data, including:
- What they can do with your PII.
- How your PII has to be stored.
- When they have to notify you in case of a security breach.
- The right to opt out of digital tracking online.
- The right to have your PII deleted when requested within a reasonable amount of time.
- The ability to opt out in general.
Several intricate details revolve around this. For national brands and businesses that existed in California, most of them had until January 1, 2020, to be compliant. But as this is the strictest law in the U.S., many businesses across the country also opted into these rules and regulations to stay ahead of the curve.
So, how does this play out practically for your business if you want to also be CCPA compliant?
- You must provide a Do Not Sell My Personal Information link on your business website. When a user clicks on this, they are given the option of turning off all tracking pixels on the website, outside of what’s considered essential for the website to function. In most cases, your Facebook and Pinterest pixels would turn off if a user opted out, but things like your analytics would still stay active.
- You need to provide clear language via your business privacy policy on how PII will be stored and secured.
- Users must be given an option to altogether opt-out and delete PII that your business has stored. This can include mailing lists, data saved from past transactions, and anything used for marketing purposes.
- Update your privacy policy online to directly say what PII you store and how you use it (whether it’s for email, audience building, etc).
- Make sure any third-party vendor you use is also CCPA compliant and has the appropriate data safeguards in place.
- Make sure all PII data is as secure as humanly possible. There may be legal ramifications if a breach occurs and a certain number of breached users live in California.
While laws like CCPA currently only affect businesses that operate (or serve customers) in California, it can be used as an example of what your business needs to do if a national law is passed. Given the way consumer data and knowledge is growing, having this in mind sooner rather than later can help make for a much smoother transition if your business needs to pivot for compliance.
At St. Gregory, we have over 30 years of experience helping businesses stay ahead of the curve. Looking to partner with a marketing agency that will help you get the results you’re aiming for? Reach out and say hello—we’d love to chat.