The start of the new year marks the end of the rush to become complaint with The California Consumer Privacy Act of 2018 (CCPA). Sure, the regulations aren’t finalized, but for the most part we should be comfortable with our responsibilities and how we’re going to respond to consumer requests.
Assuming we’re in great shape on CCPA, is the topic of consumer privacy behind us? Unfortunately, the answer is “No.”
CCPA is more likely the beginning of data privacy regulations than the end. What comes next is anyone’s guess, but the group behind the Californians for Consumer Privacy (CCP) is not standing still. The organization released what we are referring to as CCPA V2 in September 2019, which they’re hoping to get on the ballot in November 2020.
If you thought CCPA compliance has been difficult, surviving CCPA V2 could be the biggest challenge many businesses have faced since the Great Recession of 2008. Click here to read a summary of the proposed regulations.
California is Only One State. What About the Other 49?
13 states currently have laws related to internet privacy and there are many more in consideration. Here’s a reasonably up-to-date list, but the ground is shifting quickly.
Some hope the Federal Government will step in, but most likely they will hold off as long as they can. Consumer Privacy is an easy win for politicians and last I checked; they have bigger fish to fry.
So, if these laws are coming at us from all directions, and the Federal Government isn’t going to act anytime soon, what can we do?
What Can We Do?
1) Create a Team Responsible for Consumer Data Stewardship and Compliance
This should be an Executive level committee including legal, marketing and your CTO at a minimum. Depending on your own structure, the team may also include key vendors and other internal stakeholders.
First and foremost, the team should be responsible for staying abreast of legal requirements and their potential impact. Remember, compliance today does not mean compliance tomorrow. In addition, this committee should be in charge of educating your employees, clients and other stakeholders about your company’s approach to consumer privacy.
2) Continuously Identify, Label, Classify and Organize the Personal Info You Collect on All Consumers
The better you know the data collected the easier it will be to respond to new compliance requirements.
3) Vet Outside/Third-Party Data Partners and Confirm the Sources of their Data
If the data is deep and associated cost are too good to be true, the data may not be compliant with CCPA and other laws. Review partner data acquisition and consumer privacy policies to make sure they meet your customers’ expectations
4) Actively Participate in Industry Lobby Groups
Don’t assume large players like Facebook and Google will lobby to your benefit as their interests might not align with yours.
The Interactive Advertising Bureau, Association of National Advertisers, and The Non-Profit Alliance have been leading the way, but there are many other groups. Determine which group(s) best align with your goals and contribute. Silence is acquiescence.
5) Don’t be a jerk
Just because something is legal or possible, doesn’t mean it’s smart. Exploiting legal loopholes and angering consumers is no way to survive long term.
Published on Jan. 08, 2020, Last Updated on Jul. 18, 2022