Building trust and transparency is at the core of consumer rapport in retail and beyond. Every day customer information is collected to personalize an individual’s shopping journey, from online and offline transactions to building loyalty programs. According to a PwC survey, 38% of respondents said that customer data – preferences, behaviour, health-related, and geolocation – is the most valuable type of data. Collecting this data is important to every business, but protecting it is paramount.
How customer data is being used, shared and collected are essential elements of the recent California Consumer Privacy Act (CCPA) that came into effect earlier this year. Retailers need to review their data and privacy practices and implement the actions needed to become CCPA compliant and protect customer data. By guarding the integrity of the data collected, retailers build trust with the consumer and in return, they can deliver the in-demand personalized customer experience.
Here are some items you need to know about CCPA:
What is the CCPA and when does it come into effect?
The California Consumer Privacy Act (CCPA) ensures that residents of California have control over sharing their data and have the opportunity to opt-out if they so desire. The Act went into effect on January 1, 2020, however, the California Attorney General’s Office will not start enforcing the CCPA until July 1, 2020 or six months after they publish the final regulations, whichever date is earlier. Individuals can submit a complaint anytimes from January 1st onwards.
What is considered personal data?
Personal data under the CCPA has a broad description including information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
CCPA also considers the inferences drawn from personal information “to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes” to be considered personal data.
What are consumer rights?
CCPA protects the right of consumers to:
- Know what personal data is collected, used, shared, or sold
- Require the deletion of personal information that businesses possess
- Opt out of the sale of their personal information
- Not be discriminated against based on price or services when exercising their privacy rights under the CCPA
Who is impacted?
The CCPA applies to business that collects consumers’ personal data and does business in California as well as applies to one of the following:
- Has annual gross revenues in excess of US$ 25 million
- Buys or sells the personal information of 50,000 or more consumers or households
- Earns more than half of its annual revenue from selling consumers’ personal information
What are the consequences?
If a business, service provider or any other person violates the CCPA, they are liable for a penalty of up to US$2,500 for each violation or $7,500 for each intentional violation.
What does this mean for businesses?
Businesses will have to disclose data collection and sharing practices to consumers and are prohibited from selling personal information of consumers under the age of 16 years old without explicit consent. As well, businesses are required to provide easy access to an easy-to-see “Do Not Sell My Personal Information” option so consumers can opt out from having their data collected.
It is essential for retailers to know what CCPA is and its implications so that businesses can provide transparency of data use and make data privacy options available to customers. It may increase their customers’ willingness to share data knowing how their data is being used and stored and increase overall customer trust.
You can also learn more about the CCPA law by visiting the CCPA website.
Disclaimer: The information presented here is for informational purposes only and should not be relied upon as legal advice. You should consult with your legal counsel to understand your specific obligations under the GDPR. It is your responsibility to review Tulip’s functionality and tools and assess whether your use of the Tulip solution is compliant with laws and regulations applicable to you.