Playing now

Playing now

California Consumer Privacy Act (CCPA): How to win & regain trust

Strategy, Legal & Operations

California Consumer Privacy Act (CCPA): How to win & regain trust

The key provisions of the California Consumer Privacy Act (CCPA) require businesses, that meet specific requirements, be transparent about the consumer or household data they collect and sell relating to Californians. The act also provides rights to California consumers to view their data, or have it deleted.

There’s significant preparatory work required before the implementation date of January 1, 2020—everything from ensuring there’s a toll free phone number for inquiries, to organizing data so it’s in an acceptable form for access requests.

However, the CCPA also delivers golden opportunities to do things better across the business—yet within the same expenditure as already required for these compliance measures.

“Trust, like any asset, can be grown, measured, and lead to a healthier bottom line,” says Mike Harrigan, legal expert on data privacy laws and founder and CEO of DPO Adviser, based in Irvine, CA. “For example, Apple is currently using privacy as a way to differentiate itself from its competition. It’s capitalizing on the lack of consumer trust in the marketplace and recognizing the value of creating trusted experiences with its customers.”

How the CCPA can elevate marketing

Creating marketing assets out of the fact your business is fully prepared for the CCPA is an obvious first step. One example is that businesses might want to display prominent notifications that indicate CCPA compliance, similar to the existing TRUSTe.

“There are no official certifications for CCPA compliance,” comments Blake Oliver, Director of Marketing at Jirav and a CPA. “But there’s no reason a business couldn’t promote its compliance in its marketing activities. The CCPA is potentially burdensome and costly, so businesses should try to benefit from it.”

Mike adds that marketing and compliance are most successful when working hand-in-hand: “Practically speaking, marketers must design their compliance strategy toward achieving consumer trust and loyalty. For example, companies should spend time designing privacy policies that match their brand of trust rather than having one that looks like it was created by another agency.”

There might be a desire to imply the business exceeds the CCPA’s requirements, but care must be taken, says Alex Schneider, an Associate at Kelley Drye, where he’s a specialist in information privacy and security: “The CCPA envisions that companies will update their privacy policies to provide required notices. Anything more than what’s contemplated in the law needs to be substantiated by the privacy policy and the company’s compliance practices.”

How the CCPA can build loyalty

The CCPA requires that any individuals within the business who handle customer inquiries about privacy practices must be trained in the CCPA. More than this, however, it implies that these individuals must be proactive—they must inform any inquirers about how to exercise their rights.

Section 1798.135.3(a)(3) says the following (bold added for emphasis):

“[Businesses must] ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements […] and how to direct consumers to exercise their rights under those sections.”

Any attempt to deny knowledge or deny rights to consumers could be viewed as noncompliant.

“I would encourage companies to carefully plan how to train employees on handling CCPA issues,” says Alexander, “Employees will often be at the front lines of receiving and processing consumer requests.”

While this burden could again be substantial, there’s also potential to use it to boost that bottom line. Making it clear to customers that their privacy is at the heart of what you do is one of the best ways to encourage repeat business. As Mike says above, respect for privacy is an asset that can be sold to customers, just like your product or service—and it should be sold at every customer touchpoint.

Mike adds that it’s not just customers who perceive value in a business’ respect for privacy.

“An effective CCPA compliance program can improve an organization’s ability to attract and retain highly principled and higher-quality employees. This increases employee morale, job satisfaction, and retention rates. Prospective employees are most interested in working businesses that take ethics and compliance seriously.”

How the CCPA can improve processes

If a business is focused on providing the best experience for customers or clients then the CCPA offers an opportunity to improve processes.

“Businesses should run internal tests to assess how prepared they are to respond to a consumer request to access and/or delete her personal information,” says Mike.

But CCPA compliance could even drive digital transformation, again without the need for any additional expenditure outside of that already budged for the process.

Blake comments: “Rather than seeing the CCPA as a burden, businesses can view it as an opportunity to unify disparate information systems for managing customer data. The law requires businesses to allow customers to access and potentially delete their personal data. The most efficient way to accomplish this is through a customer web portal and a unified customer database. But a customer portal could be used for all sorts of things other than just CCPA compliance—viewing order history, placing new orders, and viewing promotions, resulting in better client experiences and potentially greater sales.”

Conclusion: Allow the CCPA to improve your businesses

“With the CCPA’s deadline imminently approaching, and customer attention to privacy growing, companies must start their compliance journey now,” says Mike.

What’s required, even at this relatively late stage, is a holistic plan to implement the CCPA across the business—but also for the benefit of the business. Leaders need to create individual plans demonstrating how the CCPA can add value to their functions. The rank and file need to be aware that the CCPA is another tool in their armament that they can use to delight customers and encourage repeat trade.

CCPA compliance is not just a label that needs to begrudgingly achieved. It’s an opportunity.

The culture within the organization should reflect not just CCPA readiness, but also ensure 2020 is begun with a fresh view of customer data and how privacy can benefit both the business—and its customers.


Note: We would like to stress that there is no substitute for customers making their own detailed investigations or seeking their own legal advice if they are unsure about the implications of the California Consumer Privacy Act (CCPA) on their businesses.

California Consumer Privacy Act (CCPA): How to win & regain trust

Ask the author a question or share your advice

When you leave a comment on this article, please note that if approved, it will be publicly available and visible at the bottom of the article on this blog. While your email address will not be publicly available, we will collect, store and use it, along with any other personal data you provide as part of your comment, to respond to your queries offline, provide you with customer support and send you information about our products and services as requested.  For more information on how Sage uses and looks after your personal data and the data protection rights you have, please read our Privacy Policy.