As I prepare the content for this article, I am sitting in my apartment in West Palm Beach, Florida, observing the wind and rain through the glass door of my balcony as Hurricane Dorian slowly approaches.

In anticipation of Hurricane Dorian, the management of my complex has sent out numerous emails regarding preparations for the building, and some of my neighbors helped me pull my balcony furniture and plants inside as well as lay down tarp and sandbags to cover other, semi-permanent fixtures.  I’ve bought groceries, prepared a lot of extra ice, washed all my laundry and dishes, and made sure my cat has plenty of food and provisions.  Pretty soon, I’ll unplug everything, make sure that my laptop and phone are fully charged and that I have backup power sources and a flashlight with extra batteries.  We prepare like this in order to protect ourselves and personal property in the event that this category 4 hurricane slams into our coastline, bringing with it the potential for great loss and devastation. 

It is not lost on me how preparing for a hurricane is ironically similar to how businesses and marketing departments need to prepare for the impact of new data privacy laws, like GDPR and CCPA.  The following is a quote directly from the California Consumer Privacy Act of 2018, which will go into effect on January 1, 2020.  

The unauthorized disclosure of personal information and the loss of privacy can have devastating effects for individuals, ranging from financial fraud, identity theft, and unnecessary costs to personal time and finances, to destruction of property, harassment, reputational damage, emotional stress, and even potential physical harm.

What kind of information is your business collecting about its prospects and customers?

Personal information could include first name, last name, phone number, email, signatures, social security number, address, physical characteristics, driver’s license number, passport number, education, employment history, bank account number, credit/debit card numbers and other financial information. 

The CCPA provides the following rights to consumers regarding their online, personal information:

1.  The right to know what personal information is being collected and/or sold about them.

2.  The right to request that a business delete personal information that has been collected about them.

3.  The right to “opt out” of the sale of their personal information.

4.  The right to prohibit a business from selling the personal information of consumers under 16 years of age.

5.  The right to not be discriminated against by the business for exercising their right to “opt out.”

6.  The right to sue in connection with unauthorized access, theft, disclosure and/or breach of their personal information.

Regardless of whether your consumers are in California, your marketing department should be preparing your business for the impact of new data privacy laws that are sure to follow the lead of the CCPA.  Here are five basic suggestions to get your marketing department started on the road to privacy compliance:

1.  Website:  Provide clear and concise online privacy and cookie policies.

2.  Webforms:  Include an opt-out checkbox on all web forms titled “Do not sell my personal information.”

3. Emails:  List dedicated contact information (at minimum, a Web address and a toll-free phone number) for consumers to submit requests for their personal information.

4. Social Media:  When uploading a Custom Audience (Facebook) or Matched Audience (LinkedIn), make sure you have explicit and documented consent from the consumers to share their data with these platforms.

5. CRM:  Make sure that 1-4 are all mapped to your CRM, as we discussed in our article, “5 Technologies for Lead Generation”, so that the consumers’ information is stored in one, central location for easy access and privacy compliance.

“Privacy by default is no longer a concept or an abstract idea,” states Christopher O'Connor, Esq., CIPP-US, one of RPC's Advisory Board Members. “It is adherence moving forward to principles and rights enumerated now by statute. Marketing teams, like other components of the business, must understand the weight of the data they collect, leverage, maintain and protect—and bake that understanding into policies, procedures and processes.”

At RPC Strategies, we take privacy seriously.  The founders of RPC Strategies have been providing education about cybersecurity and data privacy since 2014 with our former company, ESI Roundtable.  (Click here to watch some of the those programs.)  Make sure that your marketing team has a seat at the table with legal, human resources, operations and sales and that they are designing, implementing and managing consumer data and privacy cohesively.  Contact RPC Strategies, and let us know how we can help you.