How to allow customers to easily request data privacy under the California Consumer Privacy Act
Julie, who recently took up baking cupcakes as a hobby, is furious—and not about her culinary skills. She hadn’t realized how much of her personal information the company from which she bought her supplies had harvested and sold, without her express permission. She wants to know what they know about her, to whom they have sold that data, and that, once the harvesting is stopped, her information will be forgotten.
Until recently, companies took whatever information they could extract from consumers, who had little recourse, and used it however they wanted. But in California, as in much of Europe, laws have changed and strengthened. What obligation do companies that serve customers in California now have to people like Julie?
What the California Consumer Privacy Act requires
The California Consumer Privacy Act (CCPA), signed into law in June 2018, strengthened and unified data protection. California consumers now have the legal right to opt out of the sale of their personal data to third parties; companies that fail to comply face stiff penalties. Enforcement of the law begins in July. If you’re a business covered by the CCPA you must disclose the personal customer information you collect, share, and sell; you must also provide, on websites and mobile apps, a clear method for consumers to opt out of sharing their information and delete any personal data upon a consumer’s request.
Keeping customer data private engenders loyalty
To abide by the CCPA requires having systems and processes to ensure accurate personal information on consumers and current records of which third parties have purchased that data. To provide positive customer experiences and cement customer loyalty, the systems and processes need to allow customers to easily request that their data stay private.
Consider the typical journey that a customer like Julie will take with your business when she makes an opt-out request: