When GDPR – Europe’s digital privacy legislation – hit the news, business owners were sent scrambling trying to ensure that that their websites were compliant in order to avoid major penalties. Short for General Data Protection Regulation, GDPR grants users and consumers new rights when it comes to the collection of their personal information. Businesses that aren’t compliant could be in for fees, website shutdown, and more. Similarly, California’s own Consumer Privacy Act (CCPA) serves to protect users from unlawful collection and selling of their data. Under the CCPA, businesses are required to comply through having an established Privacy Policy and fine-tuning their marketing strategy. Is your business CCPA compliant? What about your lead generation efforts? These are important questions to answer when it comes to avoiding penalties and fines.
To help you comply, we’re breaking down what CCPA is, how it works, and how to ensure your lead gen efforts are CCPA compliant.
What is the California Consumer Privacy Act (CCPA)?
Established on June 28, 2018, the California Consumer Privacy Act (signed Assembly Bill 375) granted consumers new rights and protections when it came to the collection and distribution of their personal data. It claims to give “nearly 40 million people”¦ the strongest data privacy rights in the country”.
In a nutshell, CCPA aims to give consumers more control over their own data. Some of the features within the bill include:
- Creating new rights regarding the collection, use, and sale of consumers’ personal information – such as health information, financial information, racial identity, and location.
- Enhancement of children’s privacy rights by tripling fines for businesses that unlawfully collect and sell data from users under the age of 16.
- An urge for transparency when it comes to automated profiling. This way, consumers will know when their information is used in decision-making about things that impact their lives (like politics, health, housing, credit, and employment).
- Fixing election disclosure laws, including requiring businesses to note whether and/or how they use consumer information to influence elections.
The CCPA, then, impacts both businesses and consumers. Businesses need to reach compliance, and consumers have more protections than ever before under this new law.
What About Existing California Privacy Laws?
California already has existing privacy laws in place (most notably, CalOPPA), and CCPA does not serve to replace these existing laws. Businesses must comply with all of them, effective January 1, 2020. CCPA is a complement to existing laws, like Shine the Light and the Privacy Rights for California Minors in the Digital World Act.
Who Does the CCPA Apply to?
The CCPA applies to all companies – in and outside of California – if they:
- Collect personal information from California residents
- Exceed one or more of the following thresholds:
- Collecting data from least 50,000 California residents/devices/residences per year
- Making at least $25 million in annual gross revenue
- Earning at least 50% of their revenue by selling California consumer data
Note that a “California resident” is defined as someone who:
- “Is in California for other than a temporary or transitory purpose”
- “Is domiciled in California, but is outside the state for temporary or transitory purposes”
Overall, if your company is based in California, serves California-based consumer, or collects information from California residents, you must become CCPA compliant.
Penalties for Non-Compliance with CCPA
Not being compliant with CCPA puts your business at risk of major penalties and fines. If you are notified that you are not compliant, you have 30 days to reach compliance. After 30 days, you will be notified by the Attorney General with a civil case against you and/or your business.
The fine for being non-compliant is $7500 per violation. So, if you violate the CCPA rights of 100 consumers, you can expect a fine of $750,000.
Consider, if your website attracts thousands of visitors per month – most based in California – you could be on the hook for hundreds of thousands to millions of dollars in fines.
Why CCPA Matters When it Comes to Lead Generation
All businesses that market to or otherwise collect information from California residents need to be CCPA compliant. This means various protocols are put in place to protect user data at every step of the sales cycle.
Lead generation is typically one of the first steps in the sales process, and involves attracting users to your social media pages, email inbox, or website. Lead generation necessarily involves collecting user information, such as their name and email address.
To avoid penalties, you’d be smart to follow the steps below to ensure that your lead generation efforts are CCPA compliant.
How to Make Sure Your Lead Gen is CCPA Compliant
Prevent major non-compliance penalties and fees by following these CCPA compliance tips:
Step 1: Delegate CCPA Compliance to a Responsible Employee
It’s easy to overlook the finer details of your marketing efforts. When it comes to CCPA compliance, it can be even easier to miss crucial components that need to be kept up to standard.
By having a designated employee who checks for CCPA compliance, you’ll be less likely to overlook critical errors. You can even outline a process for them to follow, which could involve combing over your lead gen channels, website, chatbots, and ads for CCPA compliance factors.
Step 2: Train Your Lead Gen, Sales, Marketing, and Website Management Team on Privacy Procedures and CCPA Compliance
It’s likely that you have many team members in your company – from sales people to marketing strategists to website managers. If everyone is well-versed in CCPA compliance, you can prevent issues at every stage and in every department.
The PWC outlines the 5 key requirements of CCPA compliance. Review these with your team to ensure everyone is on the same page. Then, create a checklist for people to follow when it comes to checking their own work for CCPA compliance.
Step 3: Update Your Website’s Security Policy
Your website should regularly update its Privacy Policy. Your Privacy Policy outlines how your website collects data and what the data is for. This will look different for every company, but it’s best to be more transparent than not.
Specify how your Privacy Policy is aligned with the CCPA requirements. And, other consumer privacy laws, and post this on your website. Having a clear Privacy Policy ensures that users know that their information is being collected, so they can opt out of it if they want to.
Step 4: Outline a Procedure When it Comes to Processing Requests for Consumers’ Personal Data
If you are a B2B company, there may be times when businesses ask for access to consumer data. For these times, you need to have a procedure in place that outlines what information you are able to provide and to whom.
You can do this by documenting internal workflows, noting how data is used and stored. You can create templates for your customer service or sales reps to follow. Finally, you can log customer service requests and audit your files on a regular basis to make sure the information is secure.
Step 5: Have a Way for Users to Opt-Out of the Sale of Their Personal Information
When you generate leads for your business (say, through email marketing or chatbots) do you give users a way to opt out? If not, you may be coercing them to hand over their information.
No matter which lead gen channel you use, you must give users a way to opt-out, unsubscribe, clear their data, or get removed from your list. It may seem like a lead lost, but it could save you $750 or more in penalties.
Step 6: Ensure Your Lead and Traffic Tracking Tools are CCPA Compliant
Visitor Queue helps businesses identify who has visited their website so they can follow up with them as a potential lead. That necessarily involves collecting user information, such as their business name, location, firmographic information, and employee contact information.
As stated above, you must give users a way to opt out of these tools. One way is through enabling a pop-up that lets users know their data is being collected. Another way is by including an Unsubscribe link in your email campaigns. This gives users a way to withdraw their consent to having their data collected and sold.
Step 7: Update Your Client Contracts to Comply with CCPA
Much like your Privacy Policy, your client contracts can also be updated to reflect how your company collects and uses consumer data.
Since it has to do with a binding contract important regulations, it may be best to consult with a contract lawyer on the issue. Again, the point is to let leads (or clients) know how their information is being used.
Step 8: Obtain Consent from Minors Prior to Selling Their Information
Minors between the ages of 13-16 must opt-in when consenting to their information being collected and sold. For minors under the age of 13, you must obtain consent from their parents.
You must be transparent here. Make it uber clear how minors can opt in or out of having their information collected.
By doing so, you could avoid some costly penalties.
Step 9: Optimize Your Website for Total CCPA Compliance
If you’ve already established a designated employee to check for CCPA compliance, have them thoroughly review your website to ensure that it is up to standard.
Whether users are venturing to your site on their own accord or you are attracting them there via lead generation, you must make it known that their data may be collected and used for a variety of purposes.
Some website CCPA compliance things to check include:
- Having a clear and accurate Privacy Policy
- Enabling a pop-up that informs users that their data may be collected
- Ensuring that your on-site lead gen tools are compliant
- Checking that your follow-up marketing campaigns are compliant
- Specify if and/or how third party sites or tools are able to access consumer data
- Including a “Do Not Sell My Personal Information” link on your website allowing users to opt out of data collection
Step 10: Check that Your Lead Gen and Marketing Tools are CCPA Compliant
Lead generation tools like Visitor Queue exist to help businesses obtain more leads online. But with the new CCPA in place, it’s important to check whether your lead gen and marketing tools are compliant.
If you contact customer support, most platforms will be able to tell you whether their tool is CCPA compliant. However, it never hurts to check for yourself. See if they have their own Privacy Policy and whether they specify how data is collected.
Few businesses set aside a budget to handle CCPA non-compliance fees. You can get ahead of the issue by following the 10 tips above. They’re the surest way to help your lead generation efforts become CCPA compliant – which protects you and your potential customers.