While much about how the CCPA (California Consumer Privacy Act) will be enforced starting in 2020 is still uncertain, here’s how you can start preparing now.
#1 Button-up your notice and choice management.
#2 Commit to the headcount.
Put someone in charge and make the operationalization of data protection their sole focus. Even if it’s not mandated by CCPA, this person should have the authority to design and manage a program; to audit, develop, and revise policies and practices; update websites; and more. He or she should have the flexibility to interact with the other departments that need to be involved, including IT, engineering, product, solution design, delivery, marketing, enterprise CRM, and more – all without having to deal with the competing interests of someone in a dual or expanded role – say, someone who was given this additional responsibility while simultaneously acting as a financial officer or head of IT. This ensures they aren’t subject to different priorities.
#3 Build a world-class accountability-based data governance program.
Step up and distinguish your business or organization through strong data governance and data ethics programs. Start by connecting your customer data internally so you can better manage the legal grounds under which you use and share data. Then, integrate data protection processes into your engineering layer to keep up with rapidly changing data collection and use regulations. Embracing this opportunity to advance the strength of your policies and processes will help future-proof the organization if other similar state laws—or a federal law—are developed, while ensuring your business is honoring the rights of the people you serve. Consider a Consent Management Platform (CMP) for all third-party trackers on your site and/or app. This makes sure you have a full audit trail – ideal for clear and easily accessible documentation.
#4 Take a hard look at what data you are collecting and why.
Take a closer look and audit your data and data sources. Do you need all the data you’re collecting? How long is that data valuable? Do your partners and suppliers have the proper rights and notice to provide you with that data in a way that’s compliant with CCPA? Know the right questions to ask, to inventory and validate all sources, as well as reduce risk exposure by learning how long data actually needs to be retained. Data mapping and cleaning up your data supply chain is critical to getting CCPA right.
#5 Reach out to your representatives and advocate for your position.
Companies and their employees also have a collective opportunity to create positive change in their local areas – through consistency and persistence. Local and state lawmakers need information and feedback from their constituents about how policies they enact could affect you and your business, and how that in turn affects the viability and prosperity of the community they serve. Research how your elected officials can better represent you, build relationships, and ask how you can help educate and interact with the necessary stakeholders.
Read expert advice on what you can do to prepare for CCPA and learn about future regulations affecting marketers.
The information provided in this blog does not constitute legal advice. Please consult your legal counsel to obtain legal advice.