How the Starbucks Red Cup Campaign Became a Cultural Phenomenon
Coffee lovers rejoice! Here’s everything you need to know about how Starbucks' simple red cup became a controversial cultural phenomenon.
The new decade began with a bang for online data privacy. On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect. The CCPA is a new data privacy law that changes the way consumer data is collected and processed by businesses — inside and outside of California. Which businesses are affected? How is compliance achieved? What does it mean for data management processes? These questions and more will be answered in this quick guide to the CCPA.
The CCPA is a new law designed to protect consumers’ data privacy. It empowers individual consumers in California to find out what data is being collected about them, to request that companies delete their personal data, and to opt that their data not be sold to third parties.
The CCPA is something of a watershed moment for the United States because it is the most extensive data privacy law yet to be enacted. It marks the beginning of a new era in the way online consumer data is collected and managed. The CCPA gives California residents an unparalleled level of control over their online privacy and creates a template for states that may want to follow.
For business owners, complying with the CCPA is a huge challenge that requires cross-organizational teamwork and substantive changes to data management policies, processes, and communications. Businesses that operate in Europe, or have customers who are EU citizens, have already been through a similar process with the General Data Protection Regulation (GDPR), which was implemented in 2018. Although there are some similarities, the CCPA is its own beast, and business owners must learn about it, understand it, and properly implement it so they can ensure full compliance and avoid penalties and legal complications.
The CCPA is a law protecting the data privacy of residents of California, the most populous state in the U.S., with close to 40 million people. This means that any business that serves customers living in California must comply with the CCPA, not just California-based businesses.
However, not all businesses will necessarily be affected. The CCPA only applies to for-profit entities that do business in California (which includes having any customers in California — even one sale there means the need for compliance) and collect consumer information. The entity must also meet one of three other criteria in order to be bound by the CCPA:
Even if a company does not meet the criteria, making it exempt from the CCPA, it is worth investing the time and energy to get acquainted with the new law now. There will likely be further changes down the road as online data privacy laws become more comprehensive and commonplace.
More importantly, California is a huge market — one of the top 10 economies in the world by GDP — making it incredibly challenging to build a company without doing any business in California. And since implementing many of these required changes can be somewhat time-consuming, it may make sense to simply run them across the board rather than only targeting California customers.
More importantly, California is a huge market — one of the top 10 economies in the world by GDP — making it incredibly difficult to build a company without doing any business in California. And since implementing many of these required changes can be fairly time-consuming, it may make sense to simply run them across the board rather than only targeting California customers.
The consumer data covered by the CCPA includes personally identifiable information (PII), such as names, addresses, usernames, passwords, phone numbers, social security numbers, driver’s license information, sex, religion, race, IP address, geolocation, criminal records, education, employment information, purchase histories, sexual orientation, military status, and biometric data such as facial recognition imaging and fingerprints.
Keep in mind that the law also covers information that can be uniquely associated with a person — things like credit card numbers, physical characteristics, and descriptions, or any other financial, medical, or health insurance information. It does not cover any information which is considered Publicly Available Information.
The CCPA affords certain rights to consumers about the personal data that companies collect about them and how the companies use it:
Businesses working to comply with the CCPA must ensure that their privacy policies and terms are updated in accordance with these rights and that those changes are clearly communicated to customers. This means providing full disclosure at various points during the customer journey, on the website, and through other digital communication methods such as email and chatbots. Before making these changes, however, the company must alter its business processes, revise its data management policies, and implement new data collection protocols that will ensure CCPA compliance into the future.
For NextRoll, the process of implementing the CCPA began at an early stage, even while the law was still evolving. Getting ahead of the game was critical, particularly in the digital advertising industry where consumer data privacy is a central issue. According to Toby Gabriner, CEO of NextRoll:
We know our customers look to how we interpret and follow regulations such as the CCPA for guidance. While we obviously can't serve as their privacy lawyer, our larger mission is to help level the playing field for our customers, so getting out ahead of this, in a transparent way, is yet another way to help them better prepare, compete, and grow.
This forward-looking approach helped ensure NextRoll’s successful compliance with the CCPA and enabled it to learn some lessons along the way.
In 2018, when GDPR went into effect in Europe, it signaled a new era in online data privacy. The CCPA is the next chapter of the story, and a harbinger of what is to come — more privacy, more laws, and more compliance. Rest assured, it will not remain limited to California. Online consumer data privacy is the way of the future, and the CCPA is where it begins for many U.S. businesses. So start learning and implementing the right policies and protocols today.
Last updated on August 16th, 2022.