List Your Business For Free

A Primer on CCPA and Marketing Data Protection Best Practices

Table of Contents
The California Consumer Privacy Act (CCPA), effective January 1, 2020, represents the first comprehensive data privacy legislation in the U.S. It sets out requirements for businesses that handle the personal data of California residents.

Which Companies are Governed by the CCPA?

The CCPA applies to for-profit organizations that collect, share, or sell personal data of California residents and meet any of the following criteria:
  • Annual gross revenue of $25 million or more,
  • Processes personal information of 50,000 or more California consumers, households, or devices,
  • Earns more than half its annual revenue by selling personal information.
If your organization does not meet one of these thresholds, the CCPA does not apply to you.

What Does the CCPA Require of Companies?

For businesses covered by the CCPA, several key obligations exist regarding the collection and use of personal information. The CCPA operates as an opt-out statute, allowing the collection and use of personal information provided that businesses:
  • Provide notice to consumers
  • Respect consumer rights to opt-out of data collection
  • Allow consumers to know what data is held about them
  • Enable consumers to request data deletion

What Types of Data are Exempted from CCPA?

Certain data are exempt from CCPA requirements, including:
  • Employee data,
  • Data needed to perform a contract or legal obligation,
  • Publicly available information.
Notably, Assembly Bill 1355 exempts certain B2B information from most of the CCPA’s core requirements.

Can a Business Be Liable for Its Service Provider’s Misconduct Under CCPA?

A business is not liable for a service provider’s misuse of personal information if:
  • There is a written contract with the service provider that complies with the Act,
  • The business does not have actual knowledge or reason to believe the service provider intends to violate the Act at the time of disclosure.

What is DataCaptive Doing About Its Own Compliance with CCPA?

As a data provider, DataCaptive is committed to CCPA compliance by:
  • Registering with the state,
  • Providing clear notice regarding data collection and usage,
  • Implementing a comprehensive notice and choice program,
  • Ensuring that all data in its database is compliant with CCPA regulations.
Our compliance measures include:
  • Product Enhancements: Publishing notice dates for California-based contacts, listing CCPA opt-outs, and improving consumer location data.
  • Privacy Center Implementation: Allowing consumers to manage their data preferences and profiles proactively.
  • Privacy Policy and Website Update: Ensuring transparency through updated privacy policies and web assets.
  • Expansion of Privacy Communication Options: Offering multiple ways for data subjects to contact our privacy team.
  • Data Team Expansion: Enhancing our data team for proactive management.
  • Data Inventory Accuracy Analysis: Increasing data accuracy and integrity.
  • Employee Training and Awareness: Conducting ongoing compliance training.

What Must Your Company Consider Regarding CCPA Compliance?

  • Data Vendor Selection: Ensure your data providers comply with CCPA, register as data brokers, and respect data subject access requests.
  • Data Inventory: Maintain a comprehensive data inventory and create policies for off-boarding obsolete data.
  • Investigate Potential Data Selling: Understand if your company sells personal information and complies with relevant requirements.

What Should Your Company Consider Regarding CCPA Compliance?

To further position your organization for success, consider:
  • Review Your Compliance Obligations: Consult with your legal team or outside counsel about applicable legislation.
  • Update Your Privacy Policy: Ensure transparency in your practices and policies.
  • Appoint a Data Privacy Officer: Designate a point person for compliance-related matters.
  • Consider Industry Codes or Advisories: Proactively demonstrate your privacy commitments through industry solutions.

For more information on our policies, please visit our privacy page at: DataCaptive Privacy Center

Notice

This document is for informational purposes only and is not intended to constitute legal advice. DataCaptive is not qualified to provide legal advice. To understand how the CCPA or any other law impacts you or your business, seek independent advice from qualified legal counsel.

Helpful resources to get you started

OFCA SPAM ACT & GDPR

Importance Of CAN-SPAM ACT & GDPR For Business Policy

Enhance

Importance of Data Protection Laws

Importance of Data Protection Laws – Guide to Data Security

EU countries accept b2b email post

Which EU Countries Accept B2B Emails Post-GDPR?

Connect

BOOK A DEMO
Build Your Lists in 3 Steps
penguin
filter

Filter

select

Select

download

Download

Download 20+ insights in seconds.
Try for Free
Book a Demo





Call DataCaptive
REQUEST FOR DEMO
Request For Demo - POP UP

If you don't have a business email, click here

Exit intend pop up hero
Wait!
Free sample data available
Think no more, first try it and then buy it!
Exit Intend Pop Up

If you don't have a business email, click here