CCPA: Everything you need to know

Two months into 2020, and there isn’t much convergence between firms on California’s new year’s gift to itself, CCPA, or the California Consumer Privacy Act.

Under this act, Californian residents have the right to see all the info companies have on them, how they gather, mine, and apply personal data, access it, delete it, opt-out of third party transfers, and still avail the same service as someone not exercising their rights under the act. This encompasses even the most private categorizations an organization may use.

It should come as no surprise that California, the internet’s epicenter, is the place of the act’s origin, given how it’s savvy residents are the subjects of targeted data breaches. Although, it’s worth noting that the law is still comparatively lax to its first incarnation.

Let’s dive in to see what ‘Don’t sell my info’ really means.

Consensus - Arriving at Interpretations of Selling Data

Still a work-in-progress, so far, no one agrees as to what qualifies as selling personal data. Forums are rife with deliberation as companies are left to wrangle with the new law. Although the variations in remedial measures taken by firms form this point on, would serve as reflections of how they see the spirit of the law.

Of course, it would also serve as an opportunity for Big Tech to put the money where the mouth is.

“Should I worry?”

Who does this apply to?

Simply put, if you’re a business that uses data from Californian residents but also

  • Grosses 25M in earnings, or
  • Gets more than half its revenue in data sales
  • Handles over 50,000 personal Records from devices, households, or consumers directly, then the law applies(Check CCPA Section 1798.140).

The best and worst of it.

All things considered, the worst thing that could come out of this is a never-ending compliance process. The best thing to come out of this is for Compliance to take off as an industry. You should find at least some relief knowing you can delegate major portions of data wipes to third party apps. The bad news is, it should take a while for these capabilities to mature and come baked into platforms.

Till then, it’s advisable to chalk out a clear ‘house-approach’ to privacy regulations, so you don’t leave anything to chance.

Also, if you haven’t already, you’ll need to bifurcate data based on the channels used for collection to account for restrictions on process, retention, and consent. On the bright side, this should also double up for easy segmentation.

Penalties

Because why else would you expect Silicon Valley to fall in line?

On their part, for companies to avoid a penalty, they need to take provably adequate measures to protect data. For size, they’ll need to practice controlled access on a need-to-know basis only. They’ll even need to update access regularly.

If you’re a business operating in multiple countries, you also need to tag data for separate legislations and track for varying retention requirements.

That’s unless you can shell out to the tune of 2500-7500 dollars per user in a month’s notice, besides taking a dent to your brand’s reputation.

So for what it’s worth, we’ll leave you with a list of to consider for socially responsible or, at least, compliant use of your Salesforce instance.

Implementation considerations

  • It goes without saying, among the first steps is comprehensive indexing and tracking of data across the organization.
  • You may need to review how you process data if you deal with Californian or even American data directly, even if you’ve just gotten over with GDPR.
  • Also remember that platform privacy tools cover your Salesforce instances, not processes your firm puts data through internally.
  • Besides location and you’ll need compliance on all 4 fronts: Automation, Processing for Insights, Access, and Opt-outs. That roughly translates to de-identifying, exporting, and deleting.
  • For data where removal has been requested, you’ll need to locate not only relevant data but also all dependent Objects and Records to make sure no Dashboards, Reports, or visualizations querying the data break. Going in unprepared would hurt doubly, both from a penalty, as well as an operations standpoint.
  • Equally, any automation for data requests must also be air-tight to allow only clearly identifiable individuals to download data that belongs to them, but no more.
Share This Blog
Related Articles
Salesforce Introduces A New Payment Feature and Snapchat Integration For Commerce
Salesforce Introduces A New Payment Feature and Snapchat Integration For Commerce

Salesforce has recently announced a series of innovative features in Commerce Cloud for businesses to integrate digital commerce experiences into their sales, service, and marketing channels. These new capabilities leverage AI, Data, and CRM to create personalized purchasing experiences across multiple channels, driving revenue and meeting customer expectations by automating reorders, embedding order support, streamlining […]

Read More
Sales Cloud Implementation: Our Best Practices for Success
Sales Cloud Implementation: Our Best Practices for Success

Salesforce Sales Cloud offers rich features and products that help sales reps build deeper customer relationships by winning more deals. But sales teams often struggle to derive the best out of the platform that can amp their sales revenue. So the question is, how do you get the most out of your Sales Cloud implementation? […]

Read More
Marketing Cloud features, Spring ‘23 release, salesforce, Marketing Cloud Engagement, Journey Builder, Marketing Cloud Intelligence
5 New Marketing Cloud Features From Spring ‘23 Release

The Spring ’23 Release has brought some innovative Marketing Cloud features that help businesses integrate and automate their data, systems, and workflows. As businesses today, need consolidated tech stack and automation to drive growth in a cost-efficient way, the latest updates come as a pleasant surprise to them. With the newest updates in Marketing Cloud, […]

Read More
Salesforce unveils Automation Everywhere Bundle to enable end-to-end automation at scale
Salesforce unveils Automation Everywhere Bundle to enable end-to-end automation at scale

The global CRM leader Salesforce has been on a release spree to bring about new cost-efficient solutions for every segment of the business. The recent announcement of the Analytics Bundle and Marketing Effectiveness Bundle is a glaring example of this. Now, adding another solution to this list is –The Automation Everywhere Bundle, which automates across […]

Read More
Salesforce unveils Marketing Effectiveness Bundle-100
Salesforce unveils Marketing Effectiveness Bundle

Days after announcing the Analytics Performance Bundle, Salesforce launched the Marketing Effectiveness Bundle with the same goal of helping businesses succeed now with cost-efficient solutions. The Marketing Effectiveness bundle is a consolidated tech of three Marketing Cloud tools that help marketers boost efficiency, increase sales, and lower costs while continuing to meet customers’ growing digital-first […]

Read More
How to perform conditional rendering in LWC
How to perform conditional rendering in LWC

Conditional rendering is a technique for displaying components or elements based on a predetermined condition. For example, conditional rendering is used if you want to display different messages at different times. We can render different LWC components or elements if a condition using conditional rendering in LWC is met. In today’s blog, we will show […]

Read More
Our Location worldwide
Indian Flag India
3rd Floor, A-10, Pegasus Tower, Sector 68, Noida, Uttar Pradesh 201301 +91-1203117884
United States of America Flag USA
333 West Brown Deer Road Unit G – 366 Milwaukee WI, USA 53217 +1(262) 310-7818
United Kingdom Flag UK
7 Bell Yard, London, WC2A 2JR +44 20 3239 9428
Canada Canada
HIC Global Solutions INC
43 Lafferty Lane, Richmond Hill, L4C 3N8, CA +1(262) 310-7818