On Thursday June 28, the state of California signed into law new consumer protection rules aimed directly at businesses that handle or store customer data. This law comes in the wake of the General Data Protection Regulation (GDPR), which went into affect in May. While many have speculated (including us) that legislation similar to the GDPR would make its way to the U.S., it has now officially arrived.
What exactly does this new law entail and what does it mean for lead generation companies?
What: California Consumer Privacy Act of 2018 When: The law goes into affect on January 1, 2020 Who: The law protects all California citizens. This means that any business that handles California data is affected.
The Most Important Takeaways
Information Requests And Disclosure
The bill would grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.
Consumers have the right to not only request the personal information stored by the business, but also the sources of the information, the purposes of collecting it and the details of any 3rd parties it is sold to.
Make available to consumers two or more designated methods for submitting requests for information…including, at a minimum, a toll-free telephone number, and if the business maintains an Internet Web site, a Web site address.
Specifically, you should allow a customer to easily request their information via phone and online.
The bill would grant a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request, as specified.
Businesses that store customer data need the ability to delete this data upon request.
Request Not To Sell
The bill would authorize a consumer to opt out of the sale of personal information by a business and would prohibit the business from discriminating against the consumer for exercising this right.
It’s more important than ever to be completely transparent with your service offering. If you are generating leads and selling them to a 3rd party, your customers should be well aware of the process. Even if you never plan to sell the same customer data again, you will need to provide an opt-out process to ensure the customer you will never sell their data.
Provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My Personal Information,” to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information. A business shall not require a consumer to create an account in order to direct the business not to sell the consumer’s personal information.
A standard opt-out link on each of your web properties will likely be required to remain compliant.
What If You Don’t Comply?
Like the GDPR, punishments for non-compliance of the California Consumer Privacy Act can be administered for each offense. California Consumer Privacy Act infractions carrying a maximum penalty of $7,500 for each violation.
What Do We Think At boberdoo
The consumer protection movement is still at its beginning stages. As the GDPR was the standard for the California Consumer Privacy Act, this law will likely provide a framework for additional state-level legislation. It will be important for all lead companies to pay close attention to new laws to ensure total compliance.
However, instead of building your business practices solely around legislation, we strongly urge all lead companies to think first about consumers. Does your business provide a valuable service to consumers? Do you take all measures to ensure no unauthorized access to customer information is obtained? Do you delete your customer information as soon as you no longer need it?
These questions should be top of mind for everyone that operates in the lead industry. If every new piece of legislation is forcing you to overhaul your entire business model, then you’re probably not operating with the customer’s best interest in mind.
We will be closely monitoring all news regarding consumer data protection and any new legislation that is passed. We encourage you to use us as a resource for consumer protection and data security in the lead industry. Please subscribe to our newsletter to stay in the loop.
This post is not intended to convey or constitute legal advice. We are not lawyers and encourage you to seek legal counsel to ensure total compliance with the law.