CCPA (California Consumer Privacy Act) is a comprehensive legislative package that many experts are saying will become standard baseline rules for consumer data practices here in the U.S. – soon. Very soon.
They’re about to become law. What’s more, they’re core and critical to the way you need to be thinking about your customer data.
CCPA (California Consumer Privacy Act) is a comprehensive legislative package that many experts are saying will become standard baseline rules for consumer data practices here in the U.S. – soon. Very soon. (If you’re wondering what the specific regulations look like, you can find a good primer here.)
But CCPA and its older cousin, GDPR are table stakes for how companies should be thinking about the customer data they keep, compile and use. Think of them as the lowest common denominators – the bare minimum you’ll need to consider to keep your organization compliant*.
*Basic CCPA compliance is no guarantee against liability.
Consumer expectations with regard to their personal data (PII) are changing fast. Consumers are becoming more aware of the risks they shoulder. They are becoming more aware of the value of their own data to brands they shop with. And they are becoming more aware of the commoditized buying and selling of their data on the open market. All of which changes the buyer / seller dynamic and gives a lot more weight to the customer in this kind of transaction.
Companies should expect that awareness – and the rights that consumers are demanding – to grow and become more one-sided over time. The wild west days of data are coming to a close, if they haven’t already done so. And to them we say good riddance.
We’ve spoken with several CIOs recently who have expressed that same opinion. The time for corporate hand-wringing is past. But what does this new world look like?
PWC breaks the regulations down into 5 major components. Companies serving or employing California residents may find these five CCPA requirements have the biggest impact on their business plans:
- Data inventory and mapping of in-scope personal data and instances of “selling” data
- New individual rights to data access and erasure
- New individual right to opt-out of data selling
- Updating service-level agreements with third-party data processors
- Remediation of information security gaps and system vulnerabilities
Note – that same article provides a side-by-side comparison of CCPA & GDPR scope & reach.
I think there is a lesson there. Maybe a few of them.
Customer loyalty is hard to come by and Strava has found a way to use something that typically creates a sense of fear and dread (albeit momentarily) and re-frame it in a way that lets me know they get it – that they get me. Not bad, Strava. Not bad at all.
Want to know what the approach the new world of customer data is going to look like? Take a look at Strava. They get it.
This article originally appeared in TheCustomer.