Commentary: How to comply with the CCPA — and why retailers’ reputations are at risk

With the California Consumer Privacy Act, or CCPA, now in effect, it’s a must that merchants and retailers get fully compliant or face consequences in the form of steep fines and damaged reputations. More than 500,000 businesses are said to be impacted by the ‘Californication’ of GDPR, Europe’s General Data Protection Regulation.

At its core, CCPA is an uncharted legislature telling retailers to be a lot more responsible with consumer data. We’re living in a time where retailers must view data collection differently. It’s no longer a boardroom discussion or moral conversation, it’s a law. 

It’s worth noting that, compared to GDPR, CCPA takes a broader view of what “consumer” data means. The full scope of the law will be revealed by July 1, when enforcement of CCPA by the California Attorney General will begin. But we do know that CCPA allows Californians to request businesses delete their personal information and not sell it.

In addition, retailers will face large fines if data breaches occur, whether intentional or not. Even CCPA's predecessors, take 2003's law CalOPPA (California Online Privacy Protection Act) for example, didn’t have such financial consequences.

To avoid non-compliance and fines of up to $7,500 for each violation, retailers must tackle seven tasks.

• Locate data with vendors
Retailers need to conduct a full audit of where consumer data lies with third-party vendors and exactly what data they're gathering. The good news is there are several newer technology stacks to lend a helping hand. Additionally, partners of retailers who’ve mined valuable insights from consumer data should know where their clients’ data protection stands.

• Contact an attorney
Amending vendor contracts has been commonplace for retailers since GDPR was adopted. Retailers shouldn’t procrastinate. Instead, they should be on speed dial with their legal team there to ensure that vendors are staying compliant.

• Update privacy policies
If retailers show a commitment to protecting consumer data by updating their privacy policy accordingly, it should bode well with shoppers. Retailers can be proactive by sending an email to consumers informing them of their right to have personal information deleted. With GDPR, shoppers have to opt in for a newsletter and can’t be added to a mailing list just because of a purchase. Wise retailers will turn this into a win by highlighting the benefits of signing up.

• Watch for rising implementation costs
It’s projected that the total cost of compliance with CCPA will reach $55 billion. Since retailers are scrambling to get CCPA compliant, implementation costs have risen. In the coming months, there’ll be even fewer resources. Tip: find partners with GDPR experience and leverage their knowledge before the crowds come.

• Get ready for questions
Pre-document answers to consumer questions about how their personal data is stored and used. Be sure to have the communications departments and legal teams collaborate when crafting the language so it matches the brand voice.

• Reputation protection
We don’t know what the accusatory CCPA hashtag will be, but it’ll surely pop up on social platforms. Retailers are aware that an upset consumer or employee can damage a brand in minutes, so staying vigilant via social listening tools is recommended. A no-brainer: this should already be activated.

• Think beyond California
CCPA may become California’s next big export as other states adopt the law. Since states are not unified on how for-profit organizations should protect consumer data, things will get complicated. Other states will pass laws that penalize businesses with data breaches, so getting a grip on data housing and usage now is key. Over time, consumers outside California may find they can ask businesses to delete their personal info as well.

• Walking the walk and seizing opportunity
If retailers are truly “customer-obsessed,” they’ll view CCPA as a golden opportunity and not a burden. Brands are urged to illustrate how they protect what matters most—the use of personal data. By July 1st, the smartest retailers won’t only be CCPA compliant, but they’ll be boasting to customers how they abide by laws that look out for them.

As retailers of all sizes continue to put effort into building and gaining consumer trust, increasing lifetime value (LTV), and retaining customers, this new legislation—and future versions of CCPA—will allow for consumers to see them back-up all those brand missions.

Alex O’Byrne is director and co-founder of We Make Websites.