Are you ready for CCPA?
If you're not sure what CCPA is, you're not alone. Well it stands for California Consumer Privacy Act and its California's version of Europe's GDPR. So if you figured you were out of the woods last year with GDPR because you don't have users in Europe, you need to rethink things again this year in light of California's new laws, even if you're not headquartered in California, because you may have California users.
The new law goes into effect in January 2020 so there's less than 3 months left to act! Now, if you don't even know what GDPR is, it's possible you need not worry about privacy laws at all, but you may just want to learn a little bit about what's required from a privacy perspective to see if you need to make some changes.
Once upon a time you used to be able to capture as much data on your users as possible and never tell anyone just how much info you have on these people. And you never needed to delete that data either. Those days are over. And for companies required to comply with the new laws, there will need to be an audit on all the data that you hold about your customers or users. Because if you've been in business for at least a few years, your head is starting to explode as it slowly sinks in that you have so much customer data in so many places and the thought of going through that activity gives you the chills.
This is what their email looked like:
One legal requirement in CCPA that I don't see referenced there is the ability to export your personal information in a readable format. I wonder if this will come into play before January and it's just not ready yet. Regardless, the effort here is again non-trivial.
As an aficionado of productivity, I always want to find faster and better ways to do things, so what, you ask are the ways to do this best?
Two toolsets come to mind here.
The first is a Customer Data Platform tool, such as the likes of Segment. In light of the latest privacy regulations and the pending regulations on the way across the country and the world, Segment have recently released their Privacy Portal. It's a nifty tool that allows you to categorized all the data flowing through it to your other systems. And prior to that Segment had release GDPR functionality about enabling suppression and deletion requests. Currently only a handful of Segment's destinations are able to process these, meaning you will still need to have other ways to implement those in non-compliant destinations.
The second tool is a privacy-specific operations tool like Privacy.ai, that covers a whole slew of functionality - part workflow, part automation and analysis to cater to all your sprawling privacy needs.
Now before you start banging your head against the wall, your company may not need to implement these requirements just yet. The CCPA applies to you if you meet any one of the following criteria:
Note the collective sigh of relief. Of course, most startups should be off the hook here. But it's important to move forward with an eye on these types of requirements as more states and countries are coming on board with new privacy regulations, so in my humble opinion, even if you're off the hook for January 2020 you should start to put a plan in place to set your company up for privacy regulation compliance.
If you'd like to discuss what this looks like for your company, please contact me here.
Please note: This blog post does not constitute legal advice and it is highly recommended that you receive separate legal advice.