Expert: With CCPA in full swing\, what\'s next for marketers


Expert: With CCPA in full swing, what's next for marketers

The CCPA grace period is over and now that the regulations are being enforced around the US many marketers are wondering what is next. How do they provide the secure privacy consumers want while also providing them with relevant ads and content? We asked a digital expert to weigh in.

Kristina: What does the CCPA mean for small businesses?

Logan Kipp, Director, SiteLock: The California Consumer Privacy Act, or CCPA, encourages transparency in businesses and requires these companies to report data breaches to consumers with the aim of better protecting these consumers and their personal information. This law applies to any business worldwide that receives personal details and data from any California residents either directly or indirectly. The law also applies to business that meet at least one of the following additional criteria:

▪ Make an annual revenue of more than $25 million (USD) in total (not just in CA)
▪ Receives personal data from at least 50,000 California residents consumers, devices, or households per year, and lastly
▪ Obtains 50% more of its annual revenue from the sale of personal information about California residents.

Due to the CCPA parameters, small family-run stores are likely in the clear and won't be affected by enforcement, but high-growth small businesses will need to take action to become CCPA compliant.


Kristina: What are these SMBs now responsible for?

Logan: Even if SMBs do not meet the CCPA compliance criteria, cybersecurity should be top of mind. But for those who need to ensure they comply, SMBs should enhance their privacy protections and update their privacy policies. Organizations must also implement reasonable security measures in order to protect their consumers' personal information. And, to ensure that no missteps are made, training employees on CCPA compliance is key.


Kristina: What penalties do they face for failing to comply?

Logan: Now that enforcement has begun, these businesses will be held accountable if they fail to follow the CCPA and report breaches. They can be fined up to $2,500 per negligent violation or up to $7,000 per intentional violation.

Additionally, businesses need to be aware that the CCPA allows consumers to take better control of their data and control whether companies can utilize or sell it. If a consumer finds that an organization does not comply, and has proof that their information was taken or accessed, they can sue the company for its failure to maintain reasonable security procedures. With non-compliance posing such a large financial risk, companies that are not prepared need to act quickly before it's too late. Walmart, Houseparty and Zoominfo realized these consequences and have already been sued for allegedly failing to comply with the CCPA. 



Kristina: What other steps should SMBs take to protect their security and privacy on the web as well as reduce their desirability to hackers?

Logan: First and foremost, SMBs should follow CCPA guidelines and update their privacy policy and include the famous "Do Not Sell My Personal Information" opt-out link on their homepage if any personal information is being sold. Cybercriminals tend to target those who are least suspecting it, making ill-prepared businesses that much more desirable. To combat this, organizations should consider implementing top-notch security tools, patching vulnerabilities and training employees to be more cyber aware in order to ensure their customers' personal information is safe.









Tweet