The new California Consumer Privacy is now in effect. What does it mean for your business? How can your company survive and thrive in this new regulatory environment?
The CCPA is one more extreme law enacted by California. One that may ultimately affect every company who is accessible to California residents. What does it do? What are the potential effects? What new burdens of compliance does it put on you? What solutions and alternatives are there for thriving despite these new rules and more like them?
California may be heaven for lawyers, but the Golden State has continually proven it is not business friendly. It’s certainly not friendly to most of its residents either. At least that’s the most obvious conclusion to draw from the statistics showing a massive exodus of residents and companies to Texas, Nevada and Idaho.
Over the past couple of years we’ve seen a variety of anti-business laws come out of CA. In addition to the state’s reputation for notoriously high taxes, we have also seen tough new environmental rules. This includes net zero laws for buildings and emission free transportation. Many of these rules may have some good intentions attached to them. Like protecting consumers, workers and the planet. Yet, like CCPA and the recent freelancer law, they have also proven to be incredibly counterproductive and crushing for those most vulnerable.
The freelancer law which also just went into effect is the perfect example of this. With around 60% of the workforce now working in remote positions, the implementation of this rule threatens to create record setting unemployment, and derail many businesses. At least tens of millions of workers are already being impacted. The world’s largest outsourcing platform has seen its stock price now plunge by over 50%.
This is all in addition to sweeping rent controls, real estate costs, and a highly litigious environment which rarely sides with business owners.
The California Consumer Privacy Act went into effect on January 1st 2020.
Also known as AB 375 and CCPA, the act officially passed in 2018, but is only now being enforced.
CCPA was heralded as a bill with the intentions of giving California residents more control over their data.
This includes:
● Knowing what personal data companies are collecting about them
● Understanding whether companies are selling their data and to whom
● Being able to stop your personal information from being sold between companies
● The ability to demand a company delete personal data
● Preventing discrimination based on refusing to provide personal data
CCPA includes a very broad description of what personal data is. It can apply to:
● Names
● Mailing addresses
● Email addresses
● Identification
● IP addresses
● Physical descriptions
● Employment history
● Bank, credit and debit card numbers
Business are required to:
● Keep all personal data and identifiers secure
● Obtain parental consent for users who are minors
● Add a “Do Not Sell My Personal Information” link to your company home page
● Provide a toll free phone number for related consumer requests
● Not request opt-ins from consumers for 12 months after they opt out
● Provide consumers all data held on them
● Remove data as requested by consumers
● Facilitate opt out requests on behalf consumers by third party associations and companies
Fines for non-compliance with CCPA can be up to $7,500 for each violation. Class action lawsuits are also permitted.
Like its rent controls, California is infamous for spawning laws that end up spreading. Often first to New York and then wider. There may be a federal law which tries to tackle this and unify regulations instead of 50 different rules by state.
Law firms are clearly the biggest winners from this law. It probably won’t be long before we see the billboards and get the letters in the mail inviting us to join in a lawsuit.
Between updates to privacy policies, websites, phone systems, data storage, cyber security, customer service, and marketing, the costs of compliance are going to be very high.
While CCPA is currently designed to apply to those with revenues of $25M or more, or who buy or sell data of 50,000 consumers or more, or who generate 51% or more of their revenue from selling data, it’s something every company needs to stay on top of.
On top of all of these costs and limitations on marketing is the risk of consumers erasing their data. Imagine you’ve just bought 100,000 email addresses, and they all mass opt-out tomorrow.
Like Europe’s GDPR, the most natural reaction for many businesses seems to be avoiding selling in these environments. Many, including some sizable retailers and credit card companies have blocked their websites from being available in Europe as a response. Now, many may find it simpler to just not serve Californian residents. That will again further compound the cost of living in California.
These are some of the solutions for businesses to continue to do well in this new landscape.
The easy fix for now just appears not to do business with California residents. Block your website for Europe and California to avoid litigation and costs. Don’t hire Californians. If you have offices in CA, relocate out of state.
While companies are banned from discriminating and restricting services depending on consumer data choices, they are still allowed to offer incentives for those who do choose to provide personal data. This is clearly an advantage for larger tech companies and retailers, but it is an option.
Alternatively businesses can turn to more creative and less regulated marketing channels. Ringless voicemail drops are one of these tools. Use them to gain interested customers, even in California, without the worry and risk of outbound calling. It’s far more efficient, less regulated, and can produce some of the highest conversion rates.
