For digital marketers, the vast world of data privacy regulation is a constant source of challenges. From CAN-SPAM to GDPR, new policies focused on data protection are constantly coming together, mixing things up and taking a fresh look at how we collect and process data. This is a major effort in the industry, but each new regulation involves new rules, new impacts and new best practices.
Just as things seemed to have calmed down after the GDPR, May 25, 2018 has become a distant memory, the California law on the protection of privacy of Canadians. Consumers (CCPA) . – California's response to what a stricter data regulation may look like in the United States – has begun to attract attention. Now is the time to think about what CCPA means for email marketers. As a digital marketing specialist, here's what I'll focus on over the next few months:
Review Current Procedures
If you are an international company, and as a Return Path, you have adopted GDPR-based best practices as a reference for your email program, it is possible that you have already done a lot. leg work. You must understand your current policies and procedures regarding the collection, storage and use of your subscribers' data and their shipping preferences. Otherwise, the time has come to delve into the practices in place and identify the areas in which changes are required.
What should you look for in your email program? As explained by another blog post of this series, the CCPA gives Californians the right to personal information about them, including:
Know what personal information is collected about them
Find out if their personal information is sold or disclosed and to whom
Say No to the Sale of Personal Information
Access to their personal information
Equality of service and price, even if they exercise their right to privacy
For an email marketer, this means that you need to understand what data you collect, how it is stored, how a user's preferences regarding their data can be kept and how you should provide documentation of this data. should they ask? A clearly defined approach will help you ensure that all marketing is aligned with agreed procedures and will help you to answer questions that will arise before, during and after the implementation of CCPA.
The CCAC is specific to California, but that does not mean that your approach must be the same. With the GDPR, e-mail marketers had to decide to apply GDPR standards to their entire e-mail program or to treat European subscribers differently from the rest of their list. Because Return Path's e-mail marketing program is relatively large, it made more sense for us to take a holistic approach than to create separate strategies for individual regions. CCPA poses a similar question to e-mail marketers.
When you step back, think about what's best for your business and your email program: apply CCPA standards to your entire program or manage your California subscribers differently? While in appearance, it may seem that the segmentation of Californians is the simplest approach, the reality is that this type of regulation will only gain strength, state by state. A little extra work to put your entire email program into compliance with CCPA now will probably mean that you are in a pretty good position when states like New York, Massachusetts, and Mississippi adopt their own. version. legislation in the future.
Get involved with professionals
At Return Path, we are fortunate to have a talented team of privacy and legal professionals, closely aligned with the marketing organization , especially in situations like this. Their support is absolutely essential to navigate the legal jargon, understand the impacts and determine the steps to follow to ensure compliance.
As in the GDPR, not all aspects of the CCPA affect marketers, and it can be difficult to know what matters and what is not when it comes to legislation as vast and with major financial implications. If you have not already done so, check with your privacy and / or legal teams for their views on CCPA compliance. They can highlight nuances that you do not have. have not considered and help you develop plans to make your program fully compliant.
And their support will also be essential after January 1, 2020, the date of entry into force of the ACCP. I learned first-hand from the GDPR that the regulatory issues and what that meant for our courier program was not stopped on May 25, no matter how much I'd talked about our mailing policies to date. 'on the date of implementation! Knowing how much I still use our privacy team to help us ensure that our shipping practices are compliant with the GDPR, I anticipate so much collaboration to ensure compliance with the GDPR. 39; ACCP.