For digital marketers, the wide world of data privacy regulations is a constant source of challenges. From CAN-SPAM to GDPR, new policies focused on data protection are always coming onto the scene, mixing things up, and making us take a fresh look at how we collect and handle data. It’s an important effort in the industry, but each new regulation means new rules, new impacts, and new best practices.
Just when things felt like they’d calmed down post-GDPR, and May 25, 2018, has become a distant memory, the California Consumer Privacy Act (CCPA)—California’s answer to what stricter data regulations can look like in the United States—has started commanding attention. The time has come to think about what CCPA means for email marketers. As a digital marketer myself, here is what I’m focusing on in the coming months:
Review current procedures
If you’re a global company and, like Return Path, adopted GDPR-driven best practices as the baseline for your email program, it’s possible you’ve already done a lot of this legwork. You need to understand your current policies and procedures around collecting, storing, and utilizing your subscribers’ data and mailing preferences. If not, now is the perfect time to take a deep dive into the practices you currently have in place and identify where changes might need to be made.
What should you be looking for when it comes to your email program? As is explained in another blog post in this series, CCPA gives Californians rights to the personal information about themselves, including:
For an email marketer, this means you need to understand what data you are collecting, how it is being stored, how a user’s preferences about their data can be retained, and how you would provide documentation of a user’s data should they request it. A clearly outlined approach will help you ensure all of marketing is aligned around agreed upon procedures and help you answer questions that will arise before, during, and after the implementation of CCPA.
Think long term
CCPA is specific to California, but that doesn’t mean your approach has to be. With GDPR, email marketers had to decide whether to apply GDPR standards to their entire email program, or handle European subscribers differently than the rest of their list. Since Return Path’s email marketing program is fairly expansive, it made more sense for us to have one overarching approach, rather than creating separate policies for individual regions. CCPA presents a similar question for email marketers.
When you step back and think about it, which makes more sense for your business and your email program: applying CCPA standards to your entire program or handling your California subscribers differently? While on the surface it may seem that segmenting Californians is the most straightforward approach, the reality is that these types of regulations are only going to gain more traction state by state. A little extra work to get your entire email program in compliance with CCPA now will most likely mean that you’re in a pretty good position when states like New York, Massachusetts, and Mississippi adopt their own versions of this legislation in the future.
Get buy-in (and support) from the professionals
At Return Path, we’re lucky to have a talented team of Privacy and Legal professionals that is closely aligned with the marketing organization—especially during situations like this. Their support is absolutely critical when it comes to navigating the legalese, understanding the impacts, and determining what steps we need to take to guarantee compliance.
As with GDPR, not every aspect of CCPA impacts marketers, and it can be hard to know what matters and what doesn’t when it comes to such a vast legislation with major financial implications. If you haven’t already, check in with your privacy and/or legal teams for their insights and direction about CCPA compliance. They can bring to light nuances you haven’t considered and help you work through plans to get your program fully compliant.
And their support will also be critical after January 1, 2020, when CCPA goes into effect. I learned first-hand with GDPR that questions about the regulation and what it means for our email program didn’t stop on May 25th, no matter how much I talked about our sending policies leading up to the implementation date! Knowing how much I still call on our Privacy team to help ensure our sending practices are GDPR compliant, I anticipate as much collaboration with ensuring CCPA compliance moving forward as well.