State governments across the country are pushing for consumer data legislation like never before, following major privacy breaches and data scandals involving companies such as Facebook, Equifax, and Capital One. As we begin to see signs of what has been dubbed the great “privacy crackdown,”  marketers need to step-up and prepare their brands for changing customer attitudes and future regulation—while simultaneously addressing an increasing demand for personalized marketing experiences stemming from data-driven product decisions.

Set to take effect in January 2020, the California Consumer Protection Act (CCPA) is the blueprint law that will determine how consumer privacy legislation will be enforced in the United States. Because it is crucial to understand its implications, Brownstein Group is sharing the key insights brands need in order to prepare for CCPA, while fostering consumer trust through transparent and purposeful messaging.

 

CCPA 101: What Brands Need to Know

The law only applies to large companies with a serious stake in the data of Californians.

Organizations will fall under the CCPA’s regulations if they collect personal information from California consumers and either 1) have annual gross revenues of over $25 million, 2) buy or sell the personal information of 50,000 or more consumers, or 3) derive 50% or more of their annual revenues from selling consumer data.

Data transparency will now be legally mandated.

Qualifying companies need to publicly disclose how data is collected and used, as well as the purpose of that collection. The first part can be accomplished by deploying tools such as updated privacy or cookie policies on websites, but the second part requires a deeper look into company practices, ethics, and goals.

Companies will be required to give consumers an option to delete their data from company servers or prevent its sale to third parties. Furthermore, they must provide an email address and designated contact to field these requests.

There are serious costs to not following the CCPA.

The law allows for penalties of up to $7,500 per intentional violation. Penalties for loss of data and data mishandling can run from $100 to $700 per resident — which means fines could run in the hundreds of millions for irresponsible actors.

 

 How Brands Can Best Address the Coming Changes

Notify customers about their new rights.

It is in the best interest of qualifying brands to be forthcoming and proactive about the new regulations by communicating changes early and across all communications channels. Transparency will help brands develop authentic and consistent messaging that falls in line with new CCPA law requirements, and sits better with consumers.

Define a purpose for data gathering that respects the consumer and aligns with the brand.

Consumers respond best to brands that communicate honestly and directly. Determine the data you need to create the marketing and product experiences your customers want, and always be transparent about your intentions and data processing practices. Where possible, it’s smart to highlight the benefits that can be derived from customer data collection, such as greater product personalization.

Realize the consequences of losing consumer trust.

Consumer concern for the “when,” “how,” and “why” behind data collection is on the rise, and it can bring about a loss of consumer-brand trust when mishandled. Companies need to ensure that they have a good reason to keep every data point they collect from customers, or risk being exposed when new requirements for transparency are announced.

 

What’s in Store for the Future

The CCPA has not taken its final form.

With less than three months left before amendments to the CCPA are due to be finalized, wrestling over legal details continues as various parties seek to steer the coming legislation in their favor. Consumer representatives, labor unions, politicians, and tech companies are all vying to amend the legislation according to their interests. Marketers need to keep track of developments, and should also keep an eye out for similar bills making the rounds in other states’ legislatures.

The coming wave of privacy legislation will reshape the tech industry.

There will be a seismic shift in the way technology companies approach product development and marketing as a result of this legislation, with companies necessarily going to greater lengths to protect data and to be conscientious about customer privacy. The tech industry will also see a large growth in data protection technology and services as more companies seek data protection solutions.

Consumer privacy will take over the headlines — the time to adapt is now.

The impact of consumer privacy legislation will cross industry sectors, consumer markets, and even company-employee relations. Furthermore, these issues will rise to the forefront of political discourse in the next few months — especially as tech giants are held accountable for customer data breaches and data mishandling.

The issue will gain even more traction as states beyond California prepare for legislation inspired by the CCPA. Nevada just passed its own privacy law in May, and similar laws proposed in New York and Washington, D.C. are under imminent consideration by local governments. Bipartisan groups in the nation’s capital are pushing to draft federal legislation by the end of summer, as large companies face the prospect of being subjected to dozens of state-level privacy laws.

For companies that are collecting any amount of data from their customers, there is no better time than now to prepare for the changes to come — and to think critically about how to protect brands by aligning them with changing consumer attitudes.