A Primer on CCPA and Marketing Data Protection Best Practices

The California Consumer Privacy Act (CCPA), effective January 1, 2020, represents the first comprehensive data privacy legislation in the U.S. It sets out requirements for businesses that handle the personal data of California residents.

Which Companies are Governed by the CCPA?

The CCPA applies to for-profit organizations that collect, share, or sell personal data of California residents and meet any of the following criteria:

If your organization does not meet one of these thresholds, the CCPA does not apply to you.

What Does the CCPA Require of Companies?

For businesses covered by the CCPA, several key obligations exist regarding the collection and use of personal information. The CCPA operates as an opt-out statute, allowing the collection and use of personal information provided that businesses:

What Types of Data are Exempted from CCPA?

Certain data are exempt from CCPA requirements, including:

Notably, Assembly Bill 1355 exempts certain B2B information from most of the CCPA’s core requirements.

Can a Business Be Liable for Its Service Provider’s Misconduct Under CCPA?

A business is not liable for a service provider’s misuse of personal information if:

What is ReachStream Doing About Its Own Compliance with CCPA?

As a data provider, ReachStream is committed to CCPA compliance by:

Our compliance measures include:

Product Enhancements: Publishing notice dates for California-based contacts, listing CCPA opt-outs, and improving consumer location data.
Privacy Center Implementation: Allowing consumers to manage their data preferences and profiles proactively.
Privacy Policy and Website Update: Ensuring transparency through updated privacy policies and web assets.
Expansion of Privacy Communication Options: Offering multiple ways for data subjects to contact our privacy team.
Data Team Expansion: Enhancing our data team for proactive management.
Data Inventory Accuracy Analysis: Increasing data accuracy and integrity.
Employee Training and Awareness: Conducting ongoing compliance training.

What Must Your Company Consider Regarding CCPA Compliance?

Data Vendor Selection: Ensure your data providers comply with CCPA, register as data brokers, and respect data subject access requests.
Data Inventory: Maintain a comprehensive data inventory and create policies for off-boarding obsolete data.
Investigate Potential Data Selling: Understand if your company sells personal information and complies with relevant requirements.

What Should Your Company Consider Regarding CCPA Compliance?

To further position your organization for success, consider:

Review Your Compliance Obligations: Consult with your legal team or outside counsel about applicable legislation.
Update Your Privacy Policy: Ensure transparency in your practices and policies.
Appoint a Data Privacy Officer: Designate a point person for compliance-related matters.
Consider Industry Codes or Advisories: Proactively demonstrate your privacy commitments through industry solutions.

For more information on our policies, please visit our privacy page at: ReachStream Privacy Policy

Notice
This document is for informational purposes only and is not intended to constitute legal advice. ReachStream is not qualified to provide legal advice. To understand how the CCPA or any other law impacts you or your business, seek independent advice from qualified legal counsel.