After the GDPR, the CCPA is the next big thing to enter the world of data privacy laws. Representing 14.3% (2.7 Trillion) of the entire US economy, California is the leading state of the US. Had it been a country, it would be the 5th largest economy in the world, even beating the UK. Hence, brands cannot neglect this massive marketplace – companies inside and outside of the US have no choice but to comply with the consumer privacy act.
Here are some aspects of the law that marketers should think about:
- Third-party data – is it required?
The CCPA gives consumers the right to find out where their data is being collected. If your company is gathering data that isn’t publicly available, it will eventually be questioned via a CCPA request. If the source of data collection is something you wouldn’t be comfortable revealing, it’s best to rethink whether you want to use third-party data at all. A benefit to this is that you can get more valuable data that is coming directly from consumers, leading to better marketing outcomes in the long run.
- Data fields in forms – long forms increase abandonment rates
The CCPA, and other laws like the GDPR, all promote data transparency that requires organizations to be frank about the data they’re collecting from consumers. As a marketer, you’re itching to receive information directly from consumers rather than third parties. Long forms increase abandonment rates and are not the way to go about this. But you can consider progressive profiling – when a prospect visits your site more than once, ask them information gradually each time; doing this at the right times aids the consumer to fill in their details without leaving.
- Data collection – useful or a liability?
As marketers are painfully aware, data is a double-edged sword. As much as it's robust, it’s also a liability. The liability can be limited if you remain selective about the information you’re collecting and the information that you choose to save.
- Consumer requests – do you have a mechanism in place?
Both, the CCPA and the GDPR give consumers the right to be forgotten and the right to have their data deleted. Of course, there are a few exceptions, where a company may retain the data owing to compliance, legal, or business reasons. However, a mechanism must be in place to delete consumer information.
- Selling data – think twice before you do so
The CCPA stipulates that companies keep a record of all the data they’re selling for a period of 12 months and provide a link on their website where people have the choice to opt out of the data selling process. Selling the data of minors (16 years old and below) has even further requirements. Such links and call to action buttons raises privacy concerns for customers; in such a case, marketers should be thinking whether they want to sell data at all so as to avoid all this.