In January of 2020, a change in California law may have a dramatic impact on your business and how you can collect data about users on your website. Are you and your company ready for the California Consumer Privacy Act?
As a digital marketing agency, we’ve been keeping our eyes on the rollout of this law, and fielding lots of client questions. The TLDR? There is still a lot of uncertainty as to how the California Consumer Privacy Act will immediately affect businesses and consumers.
When is the rollout?
Much like Europe’s General Data Protection Regulation, which went into effect in 2018, the California Consumer Privacy Act requires data collection transparency from websites, and the option for users to opt out of data collection entirely.
Starting January 1, 2020, affected businesses will need to inform users if they intend to collect personal data.
This means businesses must be transparent about what data they collect, how it is used and who it is shared with. These companies must allow consumers to opt not to have personal data sold and to delete any data the company has gathered on the consumer. And businesses are not allowed to charge a different amount or refuse service to a customer who exercises these rights.
Who is affected?
According to CNBC, the California Consumer Privacy Act applies “to all businesses in the state that generate annual gross revenue over $25 million; derive at least half of their annual revenue from selling customers’ personal information; or that buy, sell or share personal information from at least 50,000 consumers, households or devices.”
But that doesn’t mean the law will only impact businesses based in California. The new law applies to websites that have users or visitors from, or do business in, the state of California. Like Europe’s General Data Protection Regulation, or California’s vehicle emissions requirements, the California law will have impacts far beyond the state’s borders.
There is currently no federal law regulating the collection of personal data on websites in the United States. But some, including Facebook CEO Mark Zuckerberg, are calling for one national policy. As the largest state economy in the US, California’s law is effectively the defacto standard until a broader law in enacted.
California’s Department of Finance estimates the act could cost companies up to $55 billion to be in compliance with the new regulations.
What we don’t know yet
The one wrinkle? The regulations aren’t set yet, so it isn’t clear exactly what companies will need to do to be compliant. However, that doesn’t mean websites that have visitors from or do business in California can’t prepare for the coming changes. Companies that are already in compliance with the European law will have already done some of the work to be in compliance with the California law.
And all businesses should take a close look at the data they gather online, where it is stored, and who that information is shared with. Having this information documented before the final regulations are in place could make implementing compliant processes a much smoother endeavor come 2020. Forbes recommends proactively setting up a “CCPA program management office to handle regulations accountability, remediation, and implementation.”
Taking a proactive approach preparation now could save your business money in the long run, and mean you will be ready to seamlessly continue doing business online once the regulations go into effect.