What is the California Consumer Privacy Act (CCPA) and How Does it Affect B2B Marketers?

The golden age for companies to collect consumer data for the purpose of marketing to those consumers is over. Only just a few short years ago, it was the wild west, where many companies cashed in at the expense of you and your data.

The new era of consumer privacy regulations was ushered in by Canadian Anti-Spam Law (CASL) and the General Data Protection Regulation (GDPR) in May of 2018. However, it really hit home when Californians passed the California Consumer Privacy Act (CCPA). In short, this groundbreaking legislation affords consumers protections for how their personal information is collected, stored and used.

In a sense, it has come full circle since the Golden State is the epicenter of the internet, giving birth to tech giants, such as Facebook, Salesforce, Google, and the likes. But the ripple effect goes beyond Silicon Valley, hitting all companies who collect data on residents of California.

Since going into effect on January 1st, 2020, there’s been a lot of confusion around CCPA and what it means for marketers, their organizations, and more broadly, the future of marketing.

That’s why Mara McLean sat down with Brian Babcock, Cofoudner and CTO of Engagio, to dive deeper into CCPA and what it means for you.

Disclaimer: This is not legal advice. To ensure you are complying with data privacy laws, consult legal counsel.

(Watch on YouTube)


– Hey guys, I’m Mara. I’m with the Marketing team at Engagio, and I am here today to discuss CCPA with Brian. Brian, would you like to introduce yourself?

– Sure Mara, I’m Brian Babcock, and I’m the Co-founder and Chief Technology Officer at Engagio.

– Yeah, so just to jump right into it, we’ve got a lot of questions. What is CCPA and how does it affect companies?

– Sure. CCPA stands for California Consumer Privacy Act. It’s a new regulation that was passed in the State of California, which covers California consumers and gives them certain rights and privileges in regards to the way in which their personal information is collected and used by companies. And it’s modeled after the European Unions GDPR, General Data Protection Regulation.

– Okay.

– Which really is a kind of trail blazing piece of legislation about how consumer rights should be expressed with regards to data around the world. And so many of the CCPA’s provisions are based on what’s already there in GDPR.

– Awesome. So a question on probably a lot of people are wondering, is the Engagio Platform CCPA compliant?

– It is, Mara.

– Yay.

– And so the way in which Engagio relates to the CCPA, is that we are taking data that our customers have collected from their prospects or business partners, and we’re taking it into our systems, organizing it, making it available back to our customers, to help them really understand how their prospects are engaging with them, and around what areas and across what time prints and so forth. And so we are basically acting as what’s called a service provider, CCPA terminology to do data processing solely on behalf of our customer, and kind of to meet their specific needs.

– Okay. And so to clarify, if another company needs to be CCPA compliant for instance, because they do business to consumer, or because later on it’s going to kick in for all of us even in B2B, can those companies use Engagio and also be CCPA compliant?

– Absolutely. And what a company that’s using Engagio would want to do, in that case is to put in place with us a data processing agreement, which basically spells out informal contractual terms, the nature of the relationship, which already exists with all our customers, which is that we are processing the data only on their behalf and according to the directions, and that we are being a good suit of it making sure that we’re using industry standard practices around data privacy and security and so forth. But then we’re not sharing the data with others, or selling it or anything like that. And by doing so, they can then ensure that Engagio you is treated as a service provider, rather than the third party CCPA terminology. Which is useful because there’s certain disclosure requirements, that are needed when data is shared with third parties, which don’t apply when data is shared with service providers.

– Okay. If a company wants to be CCPA compliant, and they want to use Engagio as well, they just sign a data processing agreement with us that says, “Here’s how we’re processing your data, or a data service provider,” is that the right terms?

– Yup.

– Okay, and then we’re saying, here’s how we do it, and here’s how we’re following the law, It’s just so that it’s all laid out for them.

– Exactly.

– Okay, cool. And new question does Engagio collect people’s personal data?

– We don’t know, we are more in the line of an efficient aggregator. We’re taking data that our customers already have, but as sprinkled across many different systems around the enterprise, bringing together organizing it, so they can have a clear, consistent, holistic view of their relationships with their prospects and customers.

– Okay. So we’re really not collecting anyone’s data. We’re just making it a lot easier to see the masses of data that they already have.

– Exactly.

– Awesome. And do we sell people’s personal data that way?

– We don’t. Yes! I think that’s something a lot of consumers are very concerned about these days, so just wanted to make sure it was out in the open. We do not tell people’s personal data. And what happens if people ask us to delete their data? I used to look at Engagio is true with our customers, if a consumer wanted one of Engagio’s customer’s to delete data, they would contact that company, not us directly. And then that company would go through all the systems, make sure that person’s data was removed, Engagio being one of those systems. And so the Engagio your customer, could contact our support team just to verify, “Hey, let’s make sure that this person’s information is no longer present in Engagio.”

– Right, okay. Let’s say I was using a service provided by someone else who uses Engagio, and I tell that company, “Hey, I want all of my data deleted. It’s my right under CCPA, don’t want it there,” that company would go through all of their systems, their CRM, anything else they use Engagio, make sure it’s all gone, and I assume part of this would roll up before they got to Engagio. Because for instance, if you’re deleting that person’s data in their CRM and we use data from their CRM, it’s going to affect us as well.

– Definitely. And we synchronize the systems like the CRM, so then that update will automatically flow through to Engagio.

– Okay.

– But from the consumer’s point of view, they probably aren’t even aware that that company’s using Engagio, just that we are one of the many systems that that company is gonna make sure that person’s information is removed.

– Right so that company would come to us and say, “Hey, just double checking to make sure this person isn’t in the database anymore.”

– Exactly.

– Cool. And we integrate with Bambora for intent data, which is awesome., but is the intent data CCPA complainant?

– It is. And so just like a little background of intent data, intent data is really information that’s been collected about how different companies and their plays are going around the internet, consuming the intensive content. And there’s various sources of intent data that different providers use. Bambora, the way they collect intent data, is they have relationships in place with a variety of different content providers around the internet, to basically aggregate together, the web browsing and content consumption behavior, of companies on those providers sites. And all of the providers in the Bambora network, are collecting their data in a way which is kind of conforms with all the privacy laws around the world, including GDPR and CCPA, and it’s very much in an updated basis. By contrast, there are other types of intent data that some of the vendors use, which fall in more of a gray area, where it’s less clear that they are fully in compliance with privacy regulation. In particular, some of the intent providers use online advertising bit stream data, that’s information where really there isn’t necessarily a level of consumer consent there. But Bambora, I think because of the way that they collect the data, falls very clearly in a place where they are covered and they’re doing it in a way that’s compliant with regulations.

– Okay, cool. So we don’t use any of that data that’s sketchy?

– True

– Awesome. And so quick question, as someone who consumes a lot of content online, cause I hope to write our content, if I’m going to one of these content websites, and that little popup shows up and says like, “Hey, like personal information, data, cookies,” all that stuff, when I agree to that, that’s when I’m making sure that the entire data is being collected. I’m giving my consent to that.

– It’s okay, yeah. And as part of the CCPA, you may not be seeing as you said, you were in California, an extra option on those popups that says “Do not sell that personal data,” which allows consumers to specify if they don’t want companies to share that information with third parties.

– Okay cool. And is there anything else you’d like to add on the CCPA or privacy?

– I guess I’d just say that as the world evolves, and information technology continues to grow and expand, the laws and regulations are beginning to catch up I think, but some of what’s going on in the world. It’s great to see that there’s more consistency and uniformity now around making sure that that information is used in a way that’s kind of conforms individual’s desires, to hopefully provide them better surfaces without invading their privacy.

– It’s awesome. All right, well this was very helpful. Thank you, Brian, so much