In the past few decades, we’ve seen a massive change in technology. Today, I can buy a new wardrobe, order groceries, hail a ride, book a vacation and wire money from my bank account with a click or two on my mobile phone. And if I’m too lazy to even open my phone to check the weather, Alexa is there to help me know what to wear. While these developments have fundamentally made my personal life easier, the large-scale collection and monetization of data may be the most dramatic consequence of the digital age, especially for B2B businesses.
Nearly every online move we make — and many offline actions — can be tracked, logged and analyzed. It’s almost an assumption now that any time we visit a store or search for something online, we’re going to be presented with an ad tailored to that search the next time we open our browser or social media account. Even in a B2B context, seemingly anonymous website visitors can be identified at an account level so you know when someone from a key account is visiting your site.
Most people now understand their data is being collected and used for business targeting, and as a result, they (myself included) are starting to become more thoughtful about who they share data with. They also want to understand how it’s being used. With all the bad actors finding more increasingly efficient and sometimes downright devious ways to steal personal data, it’s no surprise data privacy and laws are on the rise.
The California Consumer Privacy Act, or CCPA, which went into effect on Jan. 1, 2020, represents one of the most significant regulatory moves by any state government in regard to consumer data. Under the CCPA, every Californian has the right to know what personal data has been collected about them during the past 12 months, the right to have this information deleted from business and vendor records, the right to opt-out of the sale of their information and the right to non-discrimination as a result of these choices. And there are at least 20 other states considering similar legislation.
So, what does this mean for B2B businesses and how can they prepare?
First, some foundational changes will need to be made to data management and internal processes so that companies can react to CCPA requests. For instance, employees tasked with CCPA compliance will need to be able to easily access personal information whenever a request is submitted so they can properly disclose it, and that may require changes to software and processes. Similarly, a means of deleting personal information will need to be devised in order to comply with that demand. Finally, there will be cases where customers allow the business to use information internally but want it protected from being sold to third parties. The company must have a way to clearly differentiate those permissions across the enterprise.
Second, businesses need to understand how their information is collected and shared. This becomes especially critical when sourcing from third-party vendors, as collection methods vary. Some vendors undergo rigorous processes to ensure only the data that meets strict quality, privacy and compliance thresholds makes it into their systems. On the other hand, there are also vendors who use methods like email plug-ins that scrape employee emails and contact databases for signatures, sometimes unbeknownst to the employee. Unfortunately, their oversight can become your problem if prohibited information makes its way into your sales and marketing tools.
Regardless of where you source this data, now is a good time to ask important questions about CCPA compliance. What steps have you and your data provider taken to comply with CCPA and, for that matter, GDPR? What preparations have been made for future laws that may be on the horizon? How often is customer data refreshed to reflect consumers’ privacy choices? Asking these important questions can help protect your company from fines, reputational damage or lost business due to non-compliance.