As of January 1, 2020, California's new data privacy law, the California Consumer Protection Act (CCPA) will come into force. Much like GDPR, its counterpart in the EU, this law responds to the ever-growing use of individuals' personal information by giving California consumers—broadly defined as "a natural person who is a California resident"—a set of data privacy rights that support the ideals of transparency, freedom of choice, access, and fairness.
As a digital solution focused on relationship-driven businesses in professional and financial services, we at Vuture care about the privacy laws that impact our clients and our client’s clients and provide solutions to support best practices in data and compliance globally. Our goal with this post is to give you more insight into how technology, like Vuture solutions, can help with foundational compliance tasks, and provide scale as these requirements change in the regions you operate.
How can technology solutions like Vuture support marketing best practices, relative to CCPA?
Here’s a digestible overview of a few of CCPA’s concepts to help get you acquainted. As with any new regulation, you should confer with your legal and privacy experts to fully understand how this impacts your business.
What are the main changes to data protection in California?
Whose data is protected?
CCPA covers the personal information of California “consumers.” Under CCPA, a consumer means:
“(1) every individual who is in the State for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State who is outside the State for a temporary or transitory purpose.”
CCPA’s definition of “personal information” has a broad scope.
Personal Information is “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
This means that, even when data is tied to a unique ID that doesn’t identify a specific person, the idea of a person, based on the collected personal information, is enough to be protected.
Who needs to comply?
The CCPA defines several types of entities -- including business, service provider, and third party -- each of which has its own obligations under the law. The full text of CCPA should be considered when deciding which of these apply to your organization, as the definitions are multi-part and your organization may meet the criteria of more than one entity type.
What rights does CCPA give to California consumers?
The privacy rights under CCPA are:
What changes do I need to consider?
While we can’t tell you exactly what to do in order to comply with CCPA, there are a few general topics and good data privacy management practices that can help you navigate the act’s requirements.
This post is not a comprehensive evaluation of CCPA and its requirements; only you can fully evaluate the implications of this new law for your business. That said, we are confident in our readiness to support our customers' plans. If you have any questions, you may contact our privacy team at firstname.lastname@example.org.
DISCLAIMER: This blog post provides general information and discussion about email marketing and related subjects. The content provided in this blog (“Content”), should not be construed as and is not intended to constitute financial, legal or tax advice. You should seek the advice of professionals prior to acting upon any information contained in the Content. All Content is provided strictly “as is” and we make no warranty or representation of any kind regarding the accuracy or quality of the Content and assume no responsibility for errors or omissions in the Content