How can Vuture help you with the CCPA?

As of January 1, 2020, California’s new data privacy law, the California Consumer Protection Act (CCPA) will come into force. Much like GDPR, its counterpart in the EU, this law responds to the ever-growing use of individuals’ personal information by giving California consumers—broadly defined as “a natural person who is a California resident”—a set of data privacy rights that support the ideals of transparency, freedom of choice, access, and fairness.

As a digital solution focused on relationship-driven businesses in professional and financial services, we at Vuture care about the privacy laws that impact our clients and our client’s clients and provide solutions to support best practices in data and compliance globally. Our goal with this post is to give you more insight into how technology, like Vuture solutions, can help with foundational compliance tasks, and provide scale as these requirements change in the regions you operate.

How can technology solutions like Vuture support marketing best practices, relative to CCPA?

• Preference Manager provides transparency as an easy, secure place for contacts to view and manage the information held about them, including their mailing preferences.
• Reports and engagement scoring supports real-time understanding of engagement data to support ongoing data hygiene such as suppressing old, unengaged contacts.
• Health Check tools help you understand the data you hold and make privacy-focused decisions.
• Vuture’s software supports the deletion of personal data and can help you track and audit deletion requests.

Here’s a digestible overview of a few of CCPA’s concepts to help get you acquainted. As with any new regulation, you should confer with your legal and privacy experts to fully understand how this impacts your business.

What are the main changes to data protection in California?

• Strict transparency obligations
• A broad new definition of “personal information”
• Several new rights for consumers
• A new regime of fines that can be levied on businesses who fail to protect consumers’ personal information

Whose data is protected?

CCPA covers the personal information of California “consumers.” Under CCPA, a consumer means:

“(1) every individual who is in the State for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State who is outside the State for a temporary or transitory purpose.”

CCPA’s definition of “personal information” has a broad scope.

This means that, even when data is tied to a unique ID that doesn’t identify a specific person, the idea of a person, based on the collected personal information, is enough to be protected.

Who needs to comply?

The CCPA defines several types of entities — including business, service provider, and third party — each of which has its own obligations under the law. The full text of CCPA should be considered when deciding which of these apply to your organization, as the definitions are multi-part and your organization may meet the criteria of more than one entity type.

What rights does CCPA give to California consumers?

The privacy rights under CCPA are:

1. The right of Californians to know what personal information is being collected about them.
2. The right to request that a business delete any personal information about the consumer which the business has collected from the consumer.
3. The right of Californians to know whether their personal information is sold or disclosed and to whom.
4. The right of Californians to say no to the sale of personal information.
5. The right of Californians to access their personal information.
6. The right of Californians to equal service and price, even if they exercise their privacy rights.

What changes do I need to consider?

While we can’t tell you exactly what to do in order to comply with CCPA, there are a few general topics and good data privacy management practices that can help you navigate the act’s requirements.

1. If you have an existing privacy program created in response to GDPR, consider how this program might help you comply with CCPA’s provisions. There are requirements that overlap, and some others that require CCPA-specific solutions. Be sure that data subjects in either jurisdiction understand how you’ll support their privacy rights.
2. Make sure that your privacy and cookie notices are up-to-date with the appropriate information to provide transparency to individuals about how you collect, process, and share their personal information, as well as how they can exercise their rights under CCPA.
3. Perform data mapping exercises to understand the categories of data subjects, personal information, and any recipients of that information (service providers, third parties, affiliates, etc.) so that you can respond to requests for access to or deletion of personal information. These data maps should also help you determine how existing contracts with vendors facilitate CCPA compliance, or how those should be amended in light of this new privacy law.
4. Consider how you will need to approach CCPA’s rules on selling data. Do you currently sell data, as defined by CCPA? How do you provide notice of the sale of data? How can individuals opt out of the sale of their data?

This post is not a comprehensive evaluation of CCPA and its requirements; only you can fully evaluate the implications of this new law for your business. That said, we are confident in our readiness to support our customers’ plans. If you have any questions, you may contact our privacy team at [email protected].

DISCLAIMER: This blog post provides general information and discussion about email marketing and related subjects. The content provided in this blog (“Content”), should not be construed as and is not intended to constitute financial, legal or tax advice. You should seek the advice of professionals prior to acting upon any information contained in the Content. All Content is provided strictly “as is” and we make no warranty or representation of any kind regarding the accuracy or quality of the Content and assume no responsibility for errors or omissions in the Content