CCPA Penalties Target SaaS & Digital Marketing Starting July 1, 2020
The Article in 60 Seconds
Fines for non-compliance to the California Consumer Privacy Act go into effect July 1, 2020 despite our culture’s response to the coronavirus and appeals from over 60 business groups. California Attorney General Xavier Becerra has communicated that, unlike the early days of GDPR in Europe, he expects to bare his teeth early and enact enforcement penalties early.
Market segments in the crosshairs include:
- Digital marketers
- Data analysts
- SaaS companies
- Companies targeting children
Think About This
- The CCPA went into effect January 1, 2020 but penalties are not enforceable until July 1, 2020
- More than 75% of California businesses are affected plus every company doing significant work with a number of California residents and companies
- Zoom and Houseparty have already been sued under the CCPA’s “private right of action”
- Penalties have still not been confirmed, but are expected to include a 30-day notice and cure period seeking penalties of up to $2,500 per violation, or up to $7,500 per intentional violation.
- Only 14% of California companies report they are ready for CCPA.
What Constitutes a Violation?
Language in the CCPA is unclear; no consistent definition of violation exists, but many experts believe that each citizen’s data that is compromised will constitute a violation.
For example, if you collect data on 500 California citizens but fail to fully and completely notify them of your intention to use their data, you have committed 500 violations.
500 consumer records x $2,500 fine = $1,250,000 total owed
Why are Digital Marketers Targeted?
If your company uses, buys, or sells large customer databases, you are considered a “data broker” under California law. Data brokers are subject to more laws and regulations and must register annually with the state of California. Because of the business model, including the collecting and selling of data, AG Beccera will likely target these companies.
One such company, Bombora, has been sued by its competitor, ZoomInfo.
Why are SaaS Companies in the Crosshairs?
SaaS and technology companies are known to deploy large data subsets. How they protect their consumers’ privacy is of great concern under CCPA. The Attorney General’s office has released CCPA notices for citizens and made public statements about his priority for investigating tech platforms, social media, financial services, telecom, connected cars, and more.
The more your company handles consumer data, the more scrutiny you will receive.
- Payroll processing
- HR benefits
- Payment processing
- Document and email management
- Customer analytics
Are You Ready?
Thousands of SaaS Companies have downloaded our checklist to make sure.
Companies that must comply with CCPA include every for-profit companies doing business in California who meets one of these criteria:
- Gross revenue exceeds $25 million
- Receive and/or share personal information for least 50,000 California residents annually.
- Derive at least 50% of annual revenue from the sale of personal information
If that describes your company, make sure your website and data collection procedures are in compliance.
Our friend, Tony Anscombe of ESET, also highlights in this video the need for your company to be able to “look back” 12 months at every digital touch each consumer has had with your company.
The First Thing to Do After Reading This Article
If you meet the requirements, don’t assume your company is compliant. Download our checklist and spend a few minutes double checking the work of your team. As a marketing leader, you are at the forefront of this act.
If you don’t yet meet the requirements, beware: this will be the first of many such protections enacted in the US. Prepare the foundation of your data collection procedures for stricter standards.