Preparing for CCPA as a Digital Marketer

For digital marketers, the wide world of data privacy regulations is a constant source of challenges. From CAN-SPAM to GDPR, new policies focused on data protection are always coming onto the scene, mixing things up, and making us take a fresh look at how we collect and handle data. It’s an important effort in the industry, but each new regulation means new rules, new impacts, and new best practices.

Just when things felt like they’d calmed down post-GDPR, and May 25, 2018, has become a distant memory, the California Consumer Privacy Act (CCPA)—California’s answer to what stricter data regulations can look like in the United States—has started commanding attention. The time has come to think about what CCPA means for email marketers. As a digital marketer myself, here is what I’m focusing on in the coming months:

Review current procedures
If you’re a global company and, like Return Path, adopted GDPR-driven best practices as the baseline for your email program, it’s possible you’ve already done a lot of this legwork. You need to understand your current policies and procedures around collecting, storing, and utilizing your subscribers’ data and mailing preferences. If not, now is the perfect time to take a deep dive into the practices you currently have in place and identify where changes might need to be made.

What should you be looking for when it comes to your email program? As is explained in another blog post in this series, CCPA gives Californians rights to the personal information about themselves, including:

  • Knowing what personal information is being collected about them
  • Knowing whether their personal information is sold or disclosed and to whom
  • Saying no to the sale of personal information
  • Accessing their personal information
  • Equal service and price, even if they exercise their privacy rights

For an email marketer, this means you need to understand what data you are collecting, how it is being stored, how a user’s preferences about their data can be retained, and how you would provide documentation of a user’s data should they request it. A clearly outlined approach will help you ensure all of marketing is aligned around agreed upon procedures and help you answer questions that will arise before, during, and after the implementation of CCPA.

Think long term
CCPA is specific to California, but that doesn’t mean your approach has to be. With GDPR, email marketers had to decide whether to apply GDPR standards to their entire email program, or handle European subscribers differently than the rest of their list. Since Return Path’s email marketing program is fairly expansive, it made more sense for us to have one overarching approach, rather than creating separate policies for individual regions. CCPA presents a similar question for email marketers.

When you step back and think about it, which makes more sense for your business and your email program: applying CCPA standards to your entire program or handling your California subscribers differently? While on the surface it may seem that segmenting Californians is the most straightforward approach, the reality is that these types of regulations are only going to gain more traction state by state. A little extra work to get your entire email program in compliance with CCPA now will most likely mean that you’re in a pretty good position when states like New York, Massachusetts, and Mississippi adopt their own versions of this legislation in the future.

Get buy-in (and support) from the professionals
At Return Path, we’re lucky to have a talented team of Privacy and Legal professionals that is closely aligned with the marketing organization—especially during situations like this. Their support is absolutely critical when it comes to navigating the legalese, understanding the impacts, and determining what steps we need to take to guarantee compliance.

As with GDPR, not every aspect of CCPA impacts marketers, and it can be hard to know what matters and what doesn’t when it comes to such a vast legislation with major financial implications. If you haven’t already, check in with your privacy and/or legal teams for their insights and direction about CCPA compliance. They can bring to light nuances you haven’t considered and help you work through plans to get your program fully compliant.

And their support will also be critical after January 1, 2020, when CCPA goes into effect. I learned first-hand with GDPR that questions about the regulation and what it means for our email program didn’t stop on May 25th, no matter how much I talked about our sending policies leading up to the implementation date! Knowing how much I still call on our Privacy team to help ensure our sending practices are GDPR compliant, I anticipate as much collaboration with ensuring CCPA compliance moving forward as well.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time