What the CCPA Means for Marketing Automation in 2020 and Beyond


As the beginning of a new year looms closer, marketers are counting down the days until something bigger, and possibly scarier, than a new decade comes along – the California Consumer Privacy Act (CCPA). 

With General Data Protection Regulation (GDPR) only recently in the rear view mirror, January 1st, 2020 will usher in the latest data compliance and privacy regulation: CCPA. And like the new data regulations that came with GDPR in 2018, CCPA gives consumers more control of their data protection, including how it is shared, sold, processed and collected. 
Who does CCPA effect?

CCPA specifically applies to any of the 40 million residents of California. If you are a for-profit company doing business in California, which is likely many of you since California is also the fifth largest economy in the world, and meet any of the criteria below, you’ll need to comply with the regulations.

Criteria according to the American Bar Association:

  • annual gross revenues of $25 million
  • annually buy, sell, receive, or share for commercial purposes the personal information of 50,000 or more consumers, households, or devices; or
  • derive 50 percent or more of its annual revenues from selling consumers’ personal information

According to this Marketo University blog, “the consumer must be aware—at the point of data collection—that information is being collected, informed as to how the data will be used and then given the option to opt-out from sharing or selling that personal data.”

In the case of CCPA compliance, personal data applies to personal identifiers like name, email and address, down to IP address, purchase and browsing history. Basically, anything that could be used to identify or be attributed to an individual, is protected under CCPA. 
Here are three areas to pay attention to in your Marketo instance to make sure you’re covered!

Do You Have A Privacy & Subscription Management Center?

If not, it’s time to start one. Lean on your legal team to ensure you’re in good standing and make sure you’re accurately depicting how you collect, store, and use your visitors’ data. Subscription management centers need to allow an opt out from selling or sharing data. And an explicit opt in to your communications is a given.

Have You Put Data Processing Best Practices in Place?

Have you recently audited your data for old, incomplete or junk information that should be deleted? Have you documented what you do with your data, and any requests for opt outs and deletion that you receive? Make sure your marketing automation staff is trained on best data practices, or bring in a partner to help you audit, clean up, and train or maintain your database moving forward! 

Are You Following Best Cookie Practices?

This one is a little easier for Marketo users. In the last year, Marketo has removed pre-fill form functionality from its forms, using data stored in Munchkin cookies. Now, the only time a form will pre-fill in Marketo is when someone clicks a link in a Marketo email. Make sure you’re applying similar cookie practices across your digital marketing. 

The Impact of Non-Compliance with CCPA

The full impact is yet to be seen, but violating the CCPA and not complying within 30 days of notification from the state incurs a civil penalty of up to $7,500 per violation. On top of that, non-compliance of CCPA can mean facing civil damages of up to $750 per violation, per user. According to PrivacyPolicies.com, this means that “sizable data breaches for companies with thousands of customers in California could quickly total up to around $1 million in CCPA fines.”

Data Regulation Beyond California

Not affected by the passing of CCPA? Don’t ignore this one just yet. States including New York, New Jersey, Massachusetts and Washington are already considering (or have passed) similar legislation. It’s also important to remember that California passed the original form of the CAN-SPAM act, before it was later enacted federally. So it’s possible some form of CCPA will turn into federal law in the future. 

To net it all out, compliance and data privacy are here to stay, no matter what regulations you comply with currently, you need to get your data processing plans in order!

Leadous is here to guide you through any questions. 


View More Posts >>