When it comes to California’s new consumer privacy law, companies are most focused on complying with the regulation, guarding their customer information, and maintaining quality data.
That conclusion comes from a new ZoomInfo analysis of business projects related to the California Consumer Protection Act (CCPA), which gives consumers who live in the state the right to know what information about them businesses collect and use.
When CCPA went into effect on January 1, 2020, it grabbed headlines because many observers saw it as a smaller, American version of the sweeping General Data Protection Regulation (GDPR) in Europe.
ZoomInfo’s review shows that compliance, information security, and data management are the top focuses of companies that began CCPA-related projects in 2020.
Interest driven by compliance and data quality concerns
Despite the pandemic, California started enforcing CCPA as scheduled on July 1, 2020, the Washington Post reported.
“[The attorney general’s] office is able to start sending businesses warnings that they might be in violation of the law and give them 30 days to fix the issues before facing possible fines or lawsuits,” according to the Post.
However, fixes that might bring a company into CCPA compliance typically are not quick projects that an organization can complete in 30 days. Therefore, it is important for businesses to get ahead of potential CCPA problems.
With that said, it is not surprising that compliance tops the list of topics that garnered the most interest as companies navigated CCPA in 2020. ZoomInfo analyzed its Scoops data to arrive at this conclusion.
Information security took the second spot in interest, but it is the third-place topic — database management — that is perhaps the most revealing. Database management involves a variety of activities, including maintaining data quality and cleaning up records that may be outdated, irrelevant, or duplicate.
“Looking back, GDPR forced marketers to spend money on data quality in order to comply, marketing technology,” expert Scott Brinker told ZoomInfo.” In that process, marketing teams saw the greater benefits of using quality data, and that trend will likely continue with CCPA.”
“My lists might be smaller now, but I actually know who these people are. I’m getting better engagement from them,” Brinker said about higher data quality. “Now when I feed this stuff into my lead-scoring mechanisms, the accuracy that’s coming out on the other end is just a lot greater. I think marketers have started to get real religion around not just quantity of data, but quality of data.”
In other words, while improved data quality helps ensure compliance with privacy laws, it also boosts overall business by providing a tighter, more accurate roster of customers and prospects.
Marketing, advertising, and retail lead CCPA projects
Business services and retail were the two industries with the most projects related to CCPA in 2020, according to ZoomInfo’s data.
Business services covers a wide swath of sub-industries, but in this case, most of the CCPA projects came from the advertising and marketing field. Those functions typically deal with existing and current customer information.
The high interest from retail initially seemed like a surprise. However, children’s clothing retailer Hanna Andersson was the subject of an early CCPA class-action lawsuit, and in December 2020, a $400,000 settlement fund was approved by a court.
The suit stemmed from an information security breach caused when hackers infiltrated Hanna Andersson’s third-party eCommerce site and stole customer information, according to the Consumer Privacy World blog.
“The settlement in this case will provide a benchmark for future litigants bringing claims under the CCPA,” Consumer Privacy World wrote.
Walmart has also been sued for alleged CCPA violations, although no court decision has been made and the company disputed the suit’s claims, according to Bloomberg Law.
The future of data and compliance
It’s likely that additional lawsuits, as well as investigations from California’s government, will be filed related to CCPA.
Based on ZoomInfo’s past analysis of GDPR, the European privacy regulation garnered widespread attention from companies once regulators started issuing fines related to non-compliance — although that reaction took years to happen.
With that in mind, business projects related to CCPA will probably increase as more fines and settlements occur.
Meanwhile, a successor to CCPA is already in the works. In November 2020, voters in the Golden State approved the California Privacy Rights Act, which will increase options for consumers to opt out of having their data collected, the Los Angeles Times reported. The new law goes into effect in 2023.
If they aren’t already, companies interacting with consumers in that state should monitor the upcoming regulation while also focusing on compliance with current privacy requirements.