CCPA and Email Marketing Guide: Everything you need to know.

Introduction

Ever since the Cambridge Analytica and Facebook scandals, people and legislators have become a lot more interested in their privacy.

People want to know what data companies collect about them, what they do with this data, who they share it with, and who they sell it to.

The California Consumer Privacy Act (“CCPA”) is California’s solution to this industry trend. This law aims to protect consumers from the endless data abuses that have been so frequent as of late.

California set the precedent for the rest of the nation, and numerous other states such as Nevada are following in its footsteps. As of right now, California’s law is the most comprehensive so it will serve as an excellent benchmark for compliance.

In a recent study of 250 professionals who are responsible for privacy matters at companies with more than 500 employees, 86% of respondents stated that they have not completed preparations to be compliant with the CCPA.

How does the CCPA affect email marketing?

As an email marketer, you may be thinking “how does this affect me and my work?”

The CCPA requires you to:

• Provide adequate notice when collecting data that you will be using for email marketing purposes;
• Disclose to consumers if you share that data with any third party tools (e.g. Mailchimp);
• Respect the rights of Californian consumers and not email them if they have requested you delete their data.

What is the CCPA?

CCPA is a California privacy law that was created to protect the privacy rights of Californian residents. The law goes into effect on January 1st, 2020 and will start to be enforced by the California Attorney General on July 1st, 2020.

Who does the CCPA apply to?

The CCPA applies to for-profit companies that do business in California and meet one of the following thresholds:

• Has annual gross revenue in excess of $25,000,000;
• Annually buys, receives, sells or shares, for commercial purposes, the personal information of 50,000 or more Californian consumers, households or devices; or
• Derives 50% or more of its annual revenues from selling the personal information of Californian consumers.

What rights does the CCPA give to consumers?

The CCPA gives the following rights to Californian consumers:

• To know what personal information is being collected about them;
• To know if their personal information is being sold or disclosed and to whom;
• To say no to the sale of their personal information;
• To have access to their personal information;
• To equal service and price, even if they exercise their privacy rights.

The requirements of the CCPA:

One of the main requirements of the CCPA is to provide the consumer with adequate notice and disclosures at the time of collection of information.

What are the notice and disclosure requirements?

The CCPA requires businesses that collect the personal information of Californian consumers, to, at or before the collection of such information, inform the consumers of the categories of personal information that will be collected, and the purposes for which the personal information will be used.

If you plan on using personal information for email marketing, you must disclose this in your Privacy Policy prior to collecting the information.

If you did not disclose that you are using the information for email marketing, but want to start using the information for that purpose, you need to provide additional notice to the consumers letting them know of this new purpose for the collection.

Your Privacy Policy must also disclose the following:

• Whether you will be disclosing the personal information to the others;
• Whether you will be selling the personal information to others; and
• The rights of Californian consumers with respect to their data.

The importance of email verification

Email verification is the process of determining the deliverability of an email before sending. This is a crucial step in ensuring the success of any email marketing campaign, but it can also help you prepare your data for CCPA regulations.

What is email verification and how can it help manage customer data?

The main purpose of verifying an email list is to provide users with more information about the data they collect. Sending emails to undeliverable addresses can cause a multitude of problems for a business, so email verification services will categorize addresses to help users remove bad emails from their lists before they send.

However, identifying outdated, useless data is also a key step in preparing yourself for CCPA compliance.

The more personal information you store, the more you are at risk of non-compliance. Businesses should only save valuable, necessary data to limit their liability. Email verification can help determine what is and isn’t worth keeping and allow you to focus on the data that really matters.

Key takeaways

1. Penalties for non-compliance

Penalties for non-compliance with the CCPA can range between $2,500 (non-intentional) to $7,500 (intentional) per violation.

2. Provide adequate disclosures

The CCPA demands transparency and honesty from companies that collect personal information. There is no better way to comply than to be transparent about what data you collect, why, who you share it with and who you sell it to. Make sure that you have a Privacy Policy that is compliant with the CCPA and make sure to update it when the law goes into effect and when other states pass laws on privacy as well.

3. Only collect the information that you need

The more data that you collect, the more obligations you have and the more at risk you are in of non-compliance. Re-evaluate your contact and lead generation forms to determine whether you really need to collect all of that information.

4. Re-evaluate the purchasing of data

If you are purchasing data emails of consumers from third parties, that fact will become general knowledge when a consumer requests that third party to disclose who they sell that information with.

Considering the fact that consumers are interested in their privacy, this could lead to some bad PR for your company. Re-evaluate whether you really need to purchase data and, if you still feel like you need to buy it, make sure you have a good response to customer questions about this practice.

5. Re-evaluate the selling of data

If you are currently selling the data of consumers who provide it to you, re-evaluate this practice to determine whether it is the best thing to do for your company. You may get some bad PR for this practice so it’s best to determine now whether you want to continue.

6. Clean your data

Sending campaigns to unverified email addresses is a risky practice for many reasons. It can hurt your domain reputation, making it less likely your emails will land in the inbox of real customers, and kill your ROI. Holding on to those useless emails can also increase your liability in regards to CCPA compliance. Consistent email verification is a crucial step in following both email marketing best-practices and CCPA guidelines.

This guide was created in partnership with Termageddon, LLC and its President, Donata Kalnenaite. Termageddon is a Privacy Policy generator that automatically updates its policies whenever the laws change. Termageddon offers free policies for web design, development and marketing agencies through their partnership program.