The California Consumer Privacy Act became effective on the first day of 2020 and will affect millions of consumers and tens of thousands of companies.
The advent of the CCPA and other similar regulations marks a sea change in how companies need to manage data and consumer privacy. As with many other regulations, organizations may view CCPA as a compliance burden. Forward-thinking companies, though, may view the law as an opportunity to increase customer personalization.
The CCPA is considered to be the most comprehensive of any state privacy law. In 2018, the General Data Protection Regulation (GDPR), the biggest remake of data privacy rules affecting European citizens in more than 20 years, required similar actions.
Effectively, the CCPA gives regulatory power to the individual because consumers can opt out of having their data sold and have the right to be forgotten. To achieve compliance, companies need to adjust, and switch from a one-size-fits all mindset on data management to a highly agile, personal approach for consumer data.
This means that companies need data policies that sit with and follow the data so that a consumer can opt to share one piece of data about themselves with company A, but not company B, and another piece of data about themselves for some purposes, but not others.
The data about the data
Being able to do that sounds like a daunting prospect, and it is: legacy technologies and ways of handling data can’t do it. But next generation database technologies allow companies of all sizes to get specific with data.
In effect, the CCPA and the GDPR require companies to have a 360-degree view of their data. Achieving that means breaking data out of silos and integrating it in a central hub where it can be governed according to consistent policies and accessed appropriately.
This governance and management of data depends on being able to also manage metadata. Metadata is the data about the data. When that metadata sits with the data – versus a separate and disconnected repository of data rules – companies get to the granular level that new regulations require.
For example, if data includes an email address, companies need metadata spelling out what consent has been given for its use. If consent is given for it to be used for billing but not for marketing, the data hub makes it available only for billing and not for marketing.
It’s difficult to ensure trust and accountability in data when data is sourced from different silos and applied to many different use cases. However, when governance policies regarding such things as restricted access to personal information are embedded in a central data hub, they can be applied to any use case, ensuring that the data is always fit for purpose. This allows for more standardized, automated and audit-able application of data governance policies, without having to educate everyone in your organization every time a policy changes.
Companies can pursue these changes incrementally, as well. Metadata can be attached to data even if the data stays in a silo. A bank, for instance, can consolidate a metadata index around customer data for a loan, and the policies regarding privacy will stay with the data in that case, too.
Metadata also enables companies to know where data came from, when it arrived, if, how and when it was changed, and who changed it. This provides the context necessary for an accurate view.
Lean into data regulations
Because use cases, regulations and policies change frequently, modern data management systems provide the flexibility to support changing regulations and business needs. But whether companies change incrementally or with a new data structure, they’ll sell themselves short if they only get into compliance with CCPA and GDPR.
Rather than view data as a regulatory compliance liability, leading enterprises succeeding at addressing regulatory compliance look at data as an asset and regulations as compelling events to better leverage those assets. Indeed, when companies know their customers’ preferences so well that they can abide by detailed privacy preferences, they know their customers very well.
That knowledge will enable them to tailor offers, extend targeted services and provide suggestions to the consumer like never before. Also, that company will be well positioned to confidently share data to further enable personalization of the customer experience.
Companies that achieve a better customer experience – more personalized and more enduring relationships based on transparency and trust—will experience a big upside. Eight in ten consumers say they’re more likely to do business with a company if it offers personalized experiences, and nine in ten people find personalization appealing, indicates research from Epsilon.
Forward leaning posture
In the old days, TV networks blasted everyone with the same commercials. Now, commercials are targeted toward preferences that consumers signal by where they shop, what they buy, when they go online, what they watch, what they listen to, and many more data points collected behind the scenes.
For the most part, companies have had a free ride collecting and using that consumer data. Now, that free ride is ending. The GDPR alone is estimated to impact 740 million consumers. According to the Internet Association, a trade association for Internet companies that is pushing for more consistent federal regulation, 29 US states have now passed laws related to data privacy, and there’s no doubt more will come.
Companies that shift from a defensive crouch regarding regulatory requirements and adopt a forward leaning posture will create a platform that’s respectful of consumer data and wishes—and mindful of how consumers shop and the services they seek. This will be a winning formula for both consumer and company.