GDPR and the recently passed California Consumer Privacy Act (CCPA) are similar but not the same. So preparation for CCPA will require a few different action points. Attorney Lothar Determann, with the International Association of Privacy Professionals, provided a list of tasks that companies dealing with California residents should consider to become compliant by January 2020. They include:
- Prepare data maps, inventories and other records pertaining to the personal information of California residents, households and devices.
- Consider alternative business models, including California-only sites and offerings.
- Establish designated methods for submitting data access requests.
- Provide a clear and conspicuous “Do Not Sell My Personal Information” link on your website’s homepage.
- Fund and implement new systems and processes to verify the identity and authorization of people who request data access, deletion or portability.
- Update privacy policies with newly required information, including a description of California residents’ rights.
- Establish policies to avoid charges that your business “willfully disregards the California resident’s age” by implementing methods of obtaining parental or guardian consent for minors under 13 and direct consent of minors between 13 and 18.
Determann recommended that organizations manage this growing complexity generated by these new privacy regulations with a Customer Data Platform (CDP). This is a flexible, centralized platform to manage data across channels and devices, allowing organizations to get a handle on all of those different customer consent preferences. It will also help companies beyond the privacy laws we know about today because you know more are coming. As Determann explained:
CDPs were first developed as the next evolutionary step up from customer relationship management (CRM) systems and data management platforms (DMP), to help marketing improve targeting, relevance, and personalization. However, the inherent functionality of a CDP as a data unifier and processor makes it ideal for managing consumer consent preferences and complying with new data protection laws.
Fortunately, he added, with the right enterprise CDP, organizations can better consolidate data from specific individuals across many disparate systems. That’s because CDPs are designed to break down the silos that separate data, instead integrating information data from multiple sources — including IoT devices — for better visibility.
I agreed with Determann when he told me that data protection compliance is the new normal, and that organizations need to up their game in order to respond to new rules and regulations. How they go about this can make or break the customer relationship. In the end, isn’t that what running a business is all about, the customer relationship?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba