A CCPA Compliance Checklist for Marketers

As a digital marketer, the first thing you need to consider right now is whether you are CCPA compliant. January 1, 2020 is almost here and according to Bloomberg Law, California Attorney General Xavier Becerra said there will be no extensions for companies that do not meet the new data collecting guidelines by the start of January. If your company has gross revenue of over $25 million, has data on more than 50,000 consumers, or earns over 50% of your revenue by selling consumer data you need to make sure you are CCPA compliant. Here is a simplified list for marketers to help manage their CCPA compliance:

  • Create a CCPA compliance plan in conjunction with colleagues in legal, information security and IT functions. Proper protection of data can only be done by addressing all three areas. Having an employee in charge to ensure the process is as transparent as possible will be crucial in future consumer relations and building trust.


  • Update your domain’s privacy policy on your website. The CCPA has made it mandatory now to display the new rights of California residents on your website. The process of collecting the data and personal information needs to be as transparent as possible. Consumers who request a deletion or opt-out of the sale of data, need to be able to do so easily and it needs to be easily found on the page.


  • Review all marketing channels such as digital advertising, emails and landing pages to ensure that all of your data collection is CCPA-compliant. The CCPA’s list of data considered personal or private is very extensive. For example it includes obvious metadata points such as name, email, telephone, social security number, but also the personal details about products or services purchased, biometrics, browsing history, geolocation, and audio-visual information.


  • Create an obvious and simple process for a consumer to delete their individual data if requested. Your average consumer is more worried about their data privacy and protection than ever before, the CCPA has brought consumer data privacy issues into the forefront. It is also critical for companies to retain consumer data for a certain length of time as consumers may request past records of their data.


  • If your company collects data through purchasing third-party contact lists, your company needs to check whether the third-party you are purchasing these lists from are also CCPA compliant. An easy way to do this is to simply discuss CCPA compliance with these vendors and contractors who are collecting data on your behalf. A lot of marketing companies will need to modify and adjust contract terms to ensure their consumers’ data security.


  • Notify your customers via email, a message on your domain’s homepage, some sort of communication to inform consumers that your company has updated privacy policies to align with the new CCPA regulations. The CCPA was created in the hopes of bringing transparency to the industry of data collection, providing your consumers with CCPA confirmation will only be beneficial in the present and future.


  • Display extreme sensitivity and caution in regards to the management and collection  of the data of minors. The Children’s Online Privacy Protection Act (COPPA) along with the CCPA ensure that all violations regarding the mismanagement of a child’s personal data and information will be met with swift and severe punishment. The CCPA determines for collecting the data of adults, you only need to provide the consumer with the option to opt-out. For children though, data can only be collected if consent is collected on an ‘opt-in’ basis. Children have to actively choose to have their data collected.


For marketers CCPA compliance brings a whole new realm of regulation and protection for consumers, which also means a lot of new challenges and rules to adhere by. CCPA compliance is complicated, but it presents an opportunity for America’s data collecting industry to become both ethically more transparent and fiscally grow larger. As time goes on the CCPA will change with it, make sure your privacy and data collecting policies are changing with it.