The California Consumer Privacy Act (CCPA) is getting a lot of attention, and for good reason. The Act goes into effect January 1, 2020 and will impact a large number of businesses by requiring greater transparency around the collection, use and sharing of personal data from consumers.
At Wyng, our core value is to provide marketing solutions to our customers — and in doing so, we take our customers’ needs for consumer privacy and data security seriously. We are focused on helping our customers connect with consumers in meaningful ways, while protecting consumer privacy, securing consumer data and complying with the latest government regulations.
The following guide is designed to help our users understand and prepare for CCPA — specifically as it relates to their usage of the Wyng platform. For additional background on the role Wyng plays with respect to consumer data, see our Privacy and Data Security Hub and our Data and Security Primer.
Disclaimer: The information provided here is not intended as legal advice and should not be used to interpret CCPA regulations or determine their applicability to your business. Companies should assess their own data collection, storage and processing practices (including their use of Wyng), and seek legal advice to prepare for, and ensure compliance with, CCPA.
The California Consumer Privacy Act (or AB-375) requires companies to be transparent about how they collect and use personal information, and grants new privacy rights to consumers.
CCPA applies to all companies that collect personal information from any California resident (even if the company has no physical presence in California) and meets at least one of the following criteria:
Personal information is broadly defined as information that identifies, relates to, is capable of being associated with, or could be linked to a particular consumer or household. Among other things, this includes:
CCPA grants new rights for the consumer whose personal information is being collected, giving them more control over who has their data and how it is used. These new individual rights include:
CCPA is sometimes referred to as “America’s GDPR,” and the good news is that companies that are already GDPR compliant have a head start when it comes to preparing for CCPA. However, there are important differences between the two.
As it relates to usage of the Wyng platform, key differences between CCPA and GDPR are summarized below:
There are other differences that extend beyond Wyng-related use cases and may be relevant to your business, especially if your business sells data. For a detailed comparison, see this comparative analysis from The Future of Privacy Forum.
Wyng specializes in providing technology to help brands collect and activate zero-party data at scale. Using the Wyng platform, non-technical users at brands and agencies can create mobile-first digital experiences, called “microexperiences”, designed to engage consumers and ask them questions via interactive visual elements and forms. The zero-party data that consumers self-report and freely share with a brand while participating in microexperiences is securely collected by the Wyng platform on behalf of the brand.
If your business uses Wyng to collect zero-party data, the following obligations may apply under CCPA:
If your business shares or sells personal information with other parties, additional obligations apply, including:
The zero-party data formula enabled by the Wyng platform is based on transparency, consent and trust, and is fully-aligned with CCPA and GDPR.
The Wyng platform makes it easy to disclose what personal information is being collected, how the information will be used, and any other terms relevant to the consumer — all at the point of data collection.
Wyng also supports multiple consent models at the point of data collection, including implied consent upon form submission, and explicit opt-out and opt-in checkboxes for consent. CCPA assumes consent is implied when consumers (over 16 years) participate in a microexperience, while GDPR regulations in Europe require explicit opt-in.
Here are two common examples of how Wyng can help your business comply with CCPA:
In addition, to help keep your microexperiences secure and compliant, the Wyng Platform includes comprehensive privacy and security features and periodic audits to ensure the safe handling of personal consumer data globally, including automatic encryption of data in transit and data at rest, separation of data, OWASP compliance audits, and anti-malware scans.
Businesses will need to update their operational procedures to support the rights of consumers under CCPA — for example, by implementing a framework to accept, track, process and respond to requests from consumers to access and/or delete their personal information.
Businesses that sell personal information must also provide a way for consumers to opt-out of the sale of their personal information. Personal information will also need to be categorized to ensure no information on a resident of California is sold after their opt-out request.
The regulatory penalty for non-compliance with CCPA can be up to $7,500 per violation, while liability to an individual consumer is $750 per incident or actual damages, whichever is greater.
With CCPA regulation primarily targeting third-party data, brands have an opportunity to leverage and benefit from zero-party data. Forrester agrees, noting in a recent report that in 2019, the industry will “say goodbye to third-party data” and shift toward data that consumers are sharing directly with the brands they interact with.
A good starting point in preparing for CCPA is to gather the current status of your company’s capabilities and compare that to the changes required by CCPA. Once you know what changes are required within your organization, you can map them to the months leading up to January 1, 2020. With careful planning and deadline-driven goals, you can make compliance a reality with time to spare.
Some things to consider while updating your processes: