Blog ⁄ The Looking Glass

CCPA Marketing & Your Brand Under New Privacy Laws

The California Consumer Privacy Act has major implications on how businesses across the country operate, with the most drastic effect seen in marketing. The new data privacy laws serve as a wakeup call, forcing business owners to determine how CCPA and marketing can coexist.

Does the CCPA signal the end of targeted marketing?

Can you still use 3rd party data?

Do you have to delete your current database?

Marketers are faced with a lot of questions as the CCPA looms closer and closer. Here is a closer look at how the CCPA affects marketing and what it means for your business now and in the future.

The Basics of CCPA Data Privacy Laws

It’s time to stop ignoring the inevitable and realize that major changes to how you market your brand are on the horizon. The first of its kind in the US, the California Consumer Privacy Act puts control of personal information back in the hands of the public.

It basically regulates what data you can collect from consumers, what you do with it and what consumers are allowed to do about that. Technically, the CCPA does not affect all businesses in the US. Per the specifications of the CCPA, affected companies meet the following criteria:

• Annual revenue of $25 million in California
• Receive data from 50,000 or more individuals, households or devices in California each year
• Earn at least 50% of revenue from selling personal data

There are some other contributing factors that determine whether or not companies fall under the auspices of CCPA, but the above three are the major ones.

So, if you are not a mid to large company operating in California, you are probably thinking that you are in the clear.

That would be a mistake.

While you are not technically regulated by the CCPA, states across the country are proposing data privacy laws. In the near to mid-future, more legislation is guaranteed to pass in at least several states, if not Federally. It is much easier to be proactive and start working on your operational strategy now, than be forced to scramble over and over as new laws in your geographic region pass.

Marketing and CCPA

Marketing is both a short and long term issue under the CCPA. However, there are immediate issues that companies need to address, including operational policies and website structure. Before looking ahead to marketing, make sure you follow this CCPA checklist for businesses and their websites under CCPA regulation.

Right away, CCPA restrictions will force companies to make some hard choices, particularly when it comes to their marketing. Even more specifically when it comes to their lists.

Lists – Love Them or Leave Them

Every company needs lists in order to operate. From simple mailings to email campaigns to more elaborate digital profiling, quality lists are the bread and butter of marketing programs.

What marketing relies on lists? There are many, but here are the biggest:

• Direct mail
• Email blasts
• Retargeting
• Programmatic channels

As a company, you need to take a careful look at your lists, both customer and prospect. Where are you getting your data – did you carefully build it yourself? Or did you purchase it from a third party? Or, do you capitalize on your customer list and sell it to other people?

Set up a meeting with all of the stakeholders in your organization and iron out how exactly they are using lists. This will likely include sales, marketing, customer service, operations, possibly human resources or any ad tech departments. Carefully outline where each of their lists are coming from and what they are doing with them.

Do they cultivate the lists themselves? Great! Your job is easier – slightly.

Do they purchase, rent or borrow lists from a third-party? If so, you have some additional things to consider.

Third-Party Lists

Ok. Sit down for sec. This is gonna hurt.

If all, or the majority of your marketing lists come from external sources, the CCPA is not going to be your friend.

First of all, you should probably stop doing this — or at least limit it — regardless of the CCPA. Third-party lists, especially affordable ones, are notoriously dirty.

Unless you have a close relationship with your list provider, ensuring that you don’t have an old, outdated list is impossible. Chances are the list you purchased is not even close to accurate, not to mention that the most reputable email services won’t even allow you to use these lists.

The CCPA does not explicitly forbid usage of third-party list, but it does make it significantly less appealing. Your business is responsible for all of the data you use that comes from a third party. If they don’t want a broker selling their data, you both lose.

Think about it. Consumers now have the ability to find out who has their data, how they got it and what they are doing with it. Third party list brokers are selling their data to anyone who can pay for it. Who do you think consumers are going to remove PI access from first?

If your data comes from a third-party vendor, you will also be responsible for deleting their data. This could potentially be a lot of work.

After assessing your list, if you still think you need third-party data in order to grow, you need to make some changes fast.

1. First, set some rigid guidelines that all third-party list brokers must comply with. They are in crisis mode right now and will likely be making similar adjustments on their end.
2. Discuss how they are preparing for CCPA and what their action plan is for moving forward. Identify which vendors are most reliable — and worth the hassle — and set up a system to ensure both parties are compliant and benefiting.
3. Adjust your contract language to protect yourself from any faults on the third-party’s side. CCPA comes with significant financial penalties and class-action risks for failure to adhere to regulations and you don’t want to be left exposed.
4. Set up a process for ongoing monitoring and evaluation to protect your company.

Even taking all of the precautions listed above, your data is going to be seriously compromised. Obtaining lists of both volume and quality will be significantly harder. Not to mention, your company will need to spend many many hours of ongoing effort ensuring compliance and responding to consumer requests for information and deletion.

It makes sense to take another look at how much you value this data, given the additional costs associated with using and maintaining it. The cost per valid name will likely have skyrocketed beyond a viable CPA.

 Internal Lists

If you built your lists yourself, you are in a much better position, but still not off the hook. You are going to need to audit your current lists and pay careful attention to how you obtained each contact. Tag each name with a source that stays with the consumer through the lifetime of their record in your database.

After updating your privacy policy, you will want to send this to your list. The updated privacy policy will need to inform your list of their rights under the CCPA, as well as detailing how you will be using their personal information.

Do you have a newsletter or other email subscription? Find out how the subscribers were added to your list. Was it a pre-checked box or an automatic process? You are going to want to send an email to them asking them to re-consent to being a part of your list. Do this before time runs out.

Some sites are being creative and using clever, incentive-based pop-ups that appear when visitors arrive at a site. These are pure email address captors, which 1) allow people to easily opt-in, 2) inform them that they can change their email settings at any time, and 3) direct them to the privacy policy.

Some great examples include, Neil Patel’s site:

Or Wayfair.com

Alternatively, you could start a new list from scratch that is CCPA compliant from the start. Use this for your emails going forward and add to it as new permissions arrive. It will be smaller to start, but your corporation will have no financial risk.

Investigate what services MailChimp and Constant Contact or your email provider offer in order to improve email opt-in in order to increase your list compliance.

 Data… You Need It, You Need It, All of the Time

Lastly, you are going to want to really think about the data that you are collecting from consumers — and whether or not you really need it. Prior to GDPR and CCPA, standard policy was to just collect as much data as possible, because who knew what you might want to target in the future. And data is king, right?

In the new CCPA-regulated landscape, that mentality needs to change. Pare down the data you collect. If you don’t have an immediate need for it, don’t ask for it.

The more personal information that you collect, the bigger the red flag in consumers’ minds — especially if you don’t have an obvious, mutually beneficial reason for needing it.

Most consumers won’t flinch nowadays at giving out their name and email address. But when you start getting into specifics like HHI, children, or personal interests, their attention starts to perk up.

If you sell baby products, asking for their children’s age makes sense. If you are an electronics brand, the connection is a little more nebulous.

Determine exactly what you need to enhance the customer experience or to provide a business service to the customer. Then only ask for that information.

Hungry for Cookies?

Cookies are going to be every marketers new old best friend.

You may have noticed more prominent cookie permission forms on websites that you visit lately. This will only become more prevalent as the CCPA becomes closer to reality.

CCPA considers cookies to be personal data and requires disclosure. If the cookies are being used solely to make a website function, organizations do not need to seek consent. However, if the cookies are being used for anything else – customization, tracking, analysis, etc. consumers must be notified and allowed to opt-out.

So sites like Lego.com are adding a cookie disclaimer that notifies visitors their purposes for collecting PI: 1) compiling statistics and 2) personalizing marketing data.

SaaS providers, like Marketo are prime examples of using the cookie-disclaimer. Marketo’s banner states they use cookies to 1) enhance your experience 2) display custom content and 3) better understand how you use their site.

Other sites, like IKEA, take a different approach. They are not using cookies except to make their site function. Technically, a cookie-disclaimer is unnecessary in this case, but by providing notification regardless, IKEA demonstrates transparency and builds goodwill in their site visitors. Notice that there is no option to opt-out of site cookies here.

Long Term Marketing Benefits of CCPA

While it may seem like the CCPA is all fire and brimstone and the end of digital marketing as we know it, that is far from the case. In fact, many companies will come out ahead as a result of CCPA, particularly those that embrace it.

Ultimately, CCPA is about forming a relationship with customers. Be open about what you are asking and why. Give consumers the choice. Create a mutual benefit  – an exchange of personal data for a more customized, relevant experience.

Afterall, CCPA is what consumers want. Everyone is at least a little bit worried about how their personal information is being used in the world. From hackers to big business to endless robo-calls, consumers are wary of who knows what about them.

Companies that realize this and take steps to reassure their customers that they will not violate their privacy and that they understand the need to keep personal information personal, will benefit in the long run.

A strategic marketing plan post-CCPA actually presents the opportunity to benefit businesses and organizations.

Strategic Marketing and CCPA

Consumers want transparency. Every recent study supports this. Nine out of ten consumers will actually patronize businesses that are transparent, even if they have made mistakes.

In the minds of consumers, transparency = brand integrity. So, brands that are upfront about how they are using consumers’ PI have a better chance of improving their reputation.

It may seem daunting – and scary – to tell consumers why you want their information and how you are using it. But it shouldn’t be. If you trim down the unnecessary data collected, and focus just on the relevant data you need for your business, customers will not only stick with you, they will become more entrenched in your brand.

For example, one way to use CCPA in your strategic marketing is to focus on providing a truly custom experience for your customers.

Do you want to know the age ranges of your site visitors’ household? Offer to send them curated gift ideas by age.

Want to know consumer occupations? Curate an industry news and research digest for them.

The key is to personalize their experience.

Brands that build personalized experiences for consumers will find customers that actually want to provide their personal information. No shady cloak and dagger routines needed.

Building that customized brand experience for consumers is the key objective for strategic marketing under CCPA.

Getting Your Marketing Ready for CCPA

Beyond the logistical transformation your company may need to make for CCPA compliance, developing a strategic marketing plan for CCPA is next most important step. Companies that thrive will take a careful, 360-degree view of their current marketing plan, data requirements and sources, as well as future goals.

If you are looking for help analyzing your current and future marketing opportunities, turn to the strategic marketing experts at CMDS. CMDS’ team of experienced digital marketers and developers can do more than get your website ready in time for CCPA. We can help plan the best marketing strategy to flourish under the CCPA, including development of custom marketing lead-drivers, streamlining your data to find cost-efficiencies and build your reputation as a transparent, honest organization.

Contact CMDS today to get started at 732-706-5555 or via our website.

Other Relevant Articles

Ensuring Website Compliance with CCPA

Understanding the California Privacy Laws – Who it Affects & How

Tagged as CCPA, CMDS, marketing