As the clock struck 12.00am on January 1st this year, legislation came into effect in the US that will set new standards for data privacy and how organizations handle customer information.
Launched in California and Virginia, these privacy laws will soon have siblings in Colorado, Utah and Connecticut.
It’s all part of a growing demand for stricter data privacy regulations across the US and the world – and requires that customers can access, modify, or delete their personal information with businesses they interact with.
Wherever you do business, you need to understand the changes and adapt – as this is one new year’s resolution no business can afford to break.
Do these laws affect my business?
It’s important to be aware that the legislation doesn’t just impact businesses based in California and Virginia.
Companies (subject to revenue or database size) that do business in either state – or handle the personal information of residents – must abide by the new regulations.
California is the world’s fifth largest economy, so this legislation already affects many businesses around the world. As more states and countries follow over the next 12 months, these tougher laws will truly go global.
US legislation joins the GDPR in the UK and European Union
The new privacy laws join the General Data Protection Regulation (GDPR) in protecting customer privacy.
The GDPR is a regulation that was implemented by the European Union (EU) in May 2018. Its main goal is to give EU citizens more control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The laws have been retained in the UK as the UK GDPR.
One of the key areas that the GDPR affects is customer consent data.
Under the GDPR, companies are required to obtain explicit consent from customers for the collection, use, and storage of their personal data. This means that customers must be informed about what data is being collected, why it is being collected, and how it will be used.
They must also be given the option to opt-out of data collection or to have their data deleted.
The California Privacy Rights Act (CPRA)
The CPRA, or California Privacy Rights Act, is a new privacy regulation passed in 2020. It amends the state’s existing privacy laws (mainly the California Consumer Privacy Act or CPPA).
It gives Californians more control over their personal data while introducing a state regulatory body (California Privacy Protection Agency or CPPA).
The CCPA gave the right to know, access, consent, equality, retention of information, deletion, and portability.
Under the new CPRA, individuals have the right to update or correct information, the right to opt-out, and the right to limit how sensitive information can be used.
Consent to the processing of personal data must be freely given, specific, and informed by each person.
Virginia Consumer Data Protection Act (CDPA)
The CDPA gives Virginia residents similar rights and protections to everyone living in Europe under the GDPR.
Among other things, businesses will now have to:
- conduct data protection assessments
- implement data security measures to protect personal information
- notify consumers of data breaches within 45 days of discovery.
Consumers have the right to:
- access, correct and delete their personal information
- opt-out of the sale of their personal information
What happens to businesses that don’t toe the line?
Investigators will be handing out fines. Beyond that, customer trust and brand reputation are at risk.
Do you have systems in place that allow customers to be able to modify, update or delete their data? If not, it’s time to start thinking about it now.
Personal and profitable marketing in privacy-first world
Far from doom and gloom, 2023 is shaping up as an exciting and profitable time for companies that get on the front foot with these new regulations.
Plezed can help you be compliant with these new regulations.
Using Plezed, you can collect highly accurate customer information through the most reliable source – the customers themselves. Research shows that over 90 per cent of people willingly and actively share their information in exchange for personalized experiences.
This information can be used to drive personalization at scale, enhance loyalty programs, ensure that your CRMs are accurate, and give you a major competitive advantage.
Importantly, customers can also modify, update or delete their information at any time, ensuring that your organization is compliant with the privacy laws around the world.
Receive exclusive, free access to Plezed
If you’re ready to thrive in the new world of business, marketing and privacy – before your competition does – get on the waitlist today for free access to Plezed when we launch in February 2023.
