At a time when retailers could do without more stress, the California Consumer Privacy Act (CCPA) compliance deadline of July 1 is fast approaching.
Up until now, many retailers have put off CCPA compliance. COVID-19 and our remote workforces have made meeting the looming compliance deadline even more challenging. Working through the intricacies of CCPA compliance requires cooperation from stakeholders across several key business functions who can no longer gather in a single place, and many retailers are scrambling to implement the necessary data protections and opt-out features before the July 1 deadline.
Despite these challenges, your retail operation needs to make every effort to get CCPA implemented correctly. The alternative? Face hefty fines and penalties down the line. I advise companies that have yet to become fully CCPA compliant to consider these steps as a starting point before the July 1 deadline:
- Connect with your legal team. Many retailers have already achieved compliance with the European Union’s General Data Protection Regulation (GDPR). If you have, then you're well on your way to complying with CCPA regulations. However, be warned: The two sets of regulations are not identical, and CCPA includes unique mandates. Due to these nuances, there's no one-size-fits-all CCPA solution. You must ensure that your organization is appropriately interpreting how best to comply with the regulations. Bottom line: Lean on your in-house experts to navigate the regulations and fine print.
- Be transparent with end users. Make it simple for users to understand what data you're using, why you're using it, and with whom you're sharing it. Most importantly, make sure users can clearly indicate a “do not sell my data” declaration — a critical piece of the CCPA legislation. With CCPA, GDPR and future consumer and data privacy laws like them being considered, customers are in the driver’s seat. Bottom line: if data is critical to your business model, you must be sure to clearly point out the significant benefits that sharing data will have for the consumer experience, like a more personalized customer experience or uniquely targeted offers.
- Clean up and future-proof your data. Data privacy and protection are the core components of CCPA legislation. CCPA requires companies to implement appropriate security measures to prevent hacks and breaches, such as encrypting data or storing it on a blockchain. In addition to protecting and storing legacy data appropriately, you’ll want to make sure that any sources of new data that flow into your ecosystem are in compliance with CCPA, GDPR and other consumer privacy legislation requirements. Privacy policies are not static, “one and done” mandates — they must be continuously updated to provide ongoing compliance as well as providing the necessary functionality and information to your customers.
Find a Partner to Help Navigate CCPA and Future Data Protection Legislation
Data security, storage and maintenance aren't likely “top of mind” core competencies of retailers. But make no mistake, improper handling, storage and use of customer data could result in significant fines and negative publicity for your organization and its brands. Consider looking outside your organization for a service or partner that specializes in data management and security best practices. You want a partner that can help you navigate the CCPA, conduct regular audits and remain current with industry best practices.
If this article has given you reason to pause and think about your organization’s current state of compliance with GDPR and CCPA, good! With other states gearing up to follow in California’s footsteps, it’s even more important to prepare for more widespread consumer data privacy legislation — especially considering how valuable e-commerce has become for retailers during the pandemic. The above steps not only help ensure compliance ahead of the July 1 deadline, but prepare you to address future compliance requirements down the line. As the adage goes, “an ounce of prevention is worth a pound of cure.”
Colleen Thorndike is director of data strategy at Valid, a global technology provider that offers a complete portfolio of solutions in payment, mobile, data and identity solutions, as well as digital marketing and digital certification.
Related story: Your Brand May Be Compliant, But Are Your Tech Partners?