Guest post by Jake Fabbri, CMO of Fonteva
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) is a new data privacy law that will impact associations throughout the US.
Jake Fabbri, CMO of Fonteva, recently led a webinar discussing the details of this new legislation and best practices to prepare. Here’s how to ensure that your association stays compliant and fully equipped for CCPA’s arrival.
Understanding its Impact
CCPA was passed in California earlier this year with strict data protection provisions similar to The General Data Protection Regulation (GDPR) in the European Union. The legislation protects California residents, as well as organizations conducting business in the state.
The following companies will be impacted by CCPA:
● Companies who conduct business in California with $25 million or more in annual revenue
● Companies who sell the personal information of 50,000 or more contacts
● Companies who derive 50% or more of annual revenue from selling consumers’ personal information.
While your association may not be directly impacted by CCPA, additional states are likely to enact similar privacy regulations with varying requirements in the future. Therefore, it’s always best to stay educated and prepared to adjust strategies and take action. Being proactive about compliance is also a good business practice that will help you secure and maintain a high level of trust with your membership.
What Compliance Looks Like
Under CCPA, organizations are required to provide individuals with a minimum of two ways to submit requests for information to be disclosed. This could be done through an email, a web form, or various other methods.
When an individual requests information, CCPA also requires organizations to disclose this information free of charge within 30 days of receiving the request. The disclosure must precede 12 months of the information collected on the requestor. For instance, if the request is received on January 1, 2020, the information must go back to January 1, 2019.
While association software may make it easier to comply with these requirements, it’s also up to your people to pay attention. Implementing standard processes within your team will help eliminate compliance issues down the road.
Prepare to Protect
To prepare your association for CCPA, it’s important to assess your data collection processes. Start by asking these four questions:
1. What do you know about your data processes?
Understand what data you’re collecting, and what systems you’re using to do so. If it’s not in a readily accessible place, think about making your systems more intuitive.
2. Why are you collecting this particular data?
Many organizations collect data that they don’t end up needing or using. Evaluate your data to make sure there’s a good reason for it, and reassess when necessary.
3. How are you using the data?
Whether your data is being used to target audiences or improve the user experience, pay attention to it. Don’t forget about the data shared with third-party partners or internal team members, as these can be additional liabilities.
4. Are you being transparent with your members with all of the above?
When gathering information, make sure to always include a checkbox that indicates the purpose of why you’re collecting this data.
Go the Extra Mile
Privacy regulations have multiple layers, and proactive measures can go a long way.
Consider conducting a gap analysis within your association, and audit the technology and processes that are currently in place for managing customer data. This will help you identify the parts of your processes that need work.
Looking ahead, plan an annual audit of your compliance. This will ensure that your business won’t outgrow your processes, and you’re consistently prepared to adapt.
Be Fully Equipped for CCPA’s Arrival
If you missed the free Fonteva & ReviewMyAMS webinar The California Consumer Privacy Act & its Impact on Associations and want to learn more about how to prepare for this new legislation, access the free recording HERE.