Earlier in the year, there was a ton of focus put on GDPR, the European Union’s new consumer data privacy law that went into effect earlier this year, and now a similar type of law is going to commence on January 1st of 2020. The new California Consumer Protection Act (CCPA) is expected to go into effect less than 2 months from now. Some have said this is the American version of GDPR.
Since we are so close to it being enforceable, here are the five things you need to know:
The new law allows consumers to request and see all the information an organization has collected on them, including a full list of any third-party organizations the information was shared with (or sold to).
What remains to be seen is how this applies to survey data. Can they request segmentation classifications they belong to? Will they be allowed to see what validation methods were utilized? What about information pertaining to their zip code?
The CCPA considers sensitive information to be fairly broad compared to GDPR. The information covered includes:
While this is California law, it does impact all organizations. According to the law, an organization falls under the CCPA enforcement if it meets any one of the following requirements:
With this being said, pretty much everyone in the market research industry or at least any quantitative research provider is going to need to be compliant.
CCPA enforcement has the potential to be two-pronged. The first enforcement option is the California Attorney General to file charges and fine a company $7,500 per violation. If the Attorney General declines to fine the offending organization, consumers have the option to sue the organization for $100 to $750 per violation. While marketing research companies will not be the initial targets of fines, it is important to comply as soon as possible to avoid these fines.
Part of the CCPA indicates that when a consumer requests their data from an organization, the organization is required to provide 12 months of data within 45 days of the request. This means that your process to pull consumer data from the myriad of systems that houses it, and how to pull from any third parties, needs to be in place by the start of next year.
We are working to ensure we are compliant with CCPA and other privacy legislation in other states. If you want more details on the CCPA, you can read the full bill here.
The Insights Association has also released a CCPA checklist, you can review it on their website. (Note: You will have to be an Insights Association member to read it.)