How Marketers Can Respond to CCPA
January marked more than just the start of a new year and a new decade. It ushered in a new era of consumer privacy.
Enter the California Consumer Privacy Act, or CCPA. Drafted by citizens, the bill was signed into law last year. Although it has been in effect for only a couple of months, the CCPA is already reshaping the digital marketing landscape. But what does it really mean for marketing leaders? How should the modern marketing organization respond?
Who really owns the data?
It started with this simple question, one that has rattled the boardrooms of Silicon Valley, the halls of government, and courtrooms across continents. Over the last several decades, Europe has played a leading role in privacy regulation, culminating in the EU’s passage in 2016 of the General Data Protection Regulation (GDPR), the most sweeping consumer privacy law in history.
From boardrooms to courtrooms, the debate over consumer privacy is now heating up in the U.S. States like California, Colorado, and Washington, as well as the federal government, are taking a close look at the rights of consumers in the digital age. Marketing leaders are in need of an action plan that addresses the changing attitudes and regulations regarding consumer privacy.
The reality is that almost all of the data that has ever existed has been produced in the last five years, and most of it has been collected, shared, and sold without consumer permission.
The bargain is changing
Most consumers have long been aware that every time they use a free-of-charge digital service, such as a search engine, mobile app, or website, their activity is being tracked and sold for ads.
The CCPA hopes to change that situation by giving consumers the explicit right to opt out of the sale of any personal information. Consumers will be able to use services without fear of their web searches, messages, or interactions being monitored and sold to advertisers. While this dramatic shift will ultimately upend existing business models, it also presents a unique opportunity.
An opportunity for marketers
The past few years have seen big business rocked by massive data breaches, whistleblower complaints, and a culture of consumer distrust. The CCPA can help reset the conversation with customers and open the door to regained trust. When customers know that their personal information will be safeguarded, they’ll be more likely to share data and experiences and offer feedback.
Since data is the lifeblood of modern marketing, it’s critically important that consumers trust our brands. And this unique moment provides the ideal opportunity to begin to restore that trust. Wherever you may be on your compliance journey, consider the following when designing campaigns, building systems, or implementing policies:
- Build with privacy in mind. It can’t be an afterthought. In designing campaigns or interacting with data, marketers must build with privacy as default. Today’s complicated regulatory environment, combined with changing consumer expectations, requires every organization to take data privacy seriously. It’s more than just publishing a privacy policy; it’s designing organizational systems that protect consumer data.
- Train your team. Whether you manage a team of three or three thousand, every employee needs comprehensive training in protecting consumer data. You may, as a leader on your team, set a strategy that prioritizes privacy, but if a single junior employee mishandles any data, there can be drastic consequences for your brand and your bottom line. Invest the time early on to ensure that every employee who is involved with designing, building, or managing digital campaigns has a strong understanding of your corporate policy and the relevant legal requirements.
- Assess your vendors. Your vendors are likely among the most important tools in your business – and they often handle some of your most sensitive data. This state of affairs presents real security and privacy challenges. Always maintain ongoing oversight and compliance with respect to vendor risks. Simply analyzing risk factors during onboarding is not enough; you must continually audit your vendors for risk exposure and take the appropriate actions to mitigate risk.
While the technical requirements of CCPA may require organizations to update existing systems or procedures, this changing tide presents marketing leaders with a perfect opportunity to build systems with privacy by design, to train team members in data protection, and to assess vendors for risk. Make these changes a welcome opportunity for your team.