What California's New Data Privacy Act Means for Marketers

California's Data Privacy Law

California's data privacy law, known as The California Consumer Privacy Act, was approved in 2018 but goes into effect on January 1, 2020. Simply put, the law affords consumers protection in terms of how their information can be used by for-profit entities that do business in the state of California. The businesses affected by the CCPA must have more than $25 million in revenue, receive information of over 50,000 consumers, or derive 50% or more of its revenue from selling consumers' personal information.

CCPA Requirements

As mentioned above, the California Consumer Privacy Act was approved by California's State Governor back in 2018, but won't go into effect until January 1, 2020.

Ultimately, the law applies to any companies that conduct business in the state of California, and have one of the following criteria:

• Has revenue of $25 million or higher
• Receives information of over 50,000 consumers, households, or devices annually
• Derives 50% or more of its annual revenue from selling consumers' personal information

It's important to note -- the law stretches beyond businesses that have physical brick-and-mortar shops in California. That means if you're a marketer for an ecommerce business that collects data on residents living in California, you'll still be affected by the law.

What the CCPA Means for Marketers

Now, you might be thinking -- okay, but I'm not the CEO of my business, I'm a marketer. What does this law mean for me?

If the CCPA applies to your business, this means whenever you collect your consumers' personal information -- whether it be for a social media campaign, email survey, or something else -- you'll need to disclose what information you're collecting, and how you'll be using your consumers' personal information.

Additionally, you need to give your consumers the right to opt-out of having their information sold to third-parties, and you need to let consumers view and delete the information you've collected about them.

GDPR vs. CCPA

The GDPR is an EU regulation that enhances the protection of personal data of EU citizens and applies to all companies that control or process data of EU citizens. The CCPA is less comprehensive than the GDPR, but is a step in the right direction for California to similarly protect its own state citizens' data privacy.

There are a few additional differences between GDPR and CCPA that are worth noting.

One main difference is, GDPR focuses on data related to the EU consumer, while the CCPA considers data related to both the CA consumer and the household. Additionally, the CCPA only considers data provided by the consumer, as opposed to data sourced from third-parties.

Additionally, there are differences in penalties -- GDPR's penalty for companies that violate their regulation is up to $20 million or 4% worldwide turnover, whichever is greater.

In comparison, CCPA's penalty is up to $2,500 per violation or $7,500 per intentional violation, plus an additional $100-$750 per incident to the affected individuals.

There's also a difference in the type and scope of data collected. GDPR applies to all data collected about EU citizens. The CCPA, on the other hand, applies only to data collected directly from, and about, California consumers.

If you're unsure whether the CCPA will affect your business, you're not alone -- a recent ESET survey found 44% of respondents had never heard of the CCPA, only 11.8% didn't know if the law applied to them, and 34% of executives weren't sure if they'd need to change how they capture and process data to comply with the law.

Fortunately, if you're a marketer who's already done the work to ensure you comply with GDPR regulations, it shouldn't be too difficult to additionally comply with CCPA. For more information, check out our web page designed to help you prepare for the CCPA.