CCPA for the Events Industry - Everything you need to know
It doesn’t seem long ago when marketers were scrambling all over the place trying to learn how to be compliant to one of the most significant privacy and compliance changes in the past twenty years. If you are thinking GDPR, you are right. We all made it , after a lot of studying, consulting with lawyers, updating our websites, and changing how we collect data and how we communicate with our contacts. And just when we got comfortable again, CCPA comes in. Let the games begin once again!
In today’s article, I will cover the main differences between GDPR and CCPA, and what you need to know to be compliant by the deadline of January 1st 2020. More importantly, we will discuss specifics of GDPR and CCPA for the events industry.
What you need to know about CCPA
The California Consumer Privacy Act (CCPA) ushers in stricter data privacy protections for California residents. That means consumers will have the right to see all the information a company has saved on them, as well as a list of the third-party tools that gained access to that information. In addition, they can request to have their data deleted at any time.
Will your organization be affected by the CCPA?
In order to be affected by the CCPA you must meet at least one of the following criteria:
- Have a global gross revenue greater than $25 million
- Buy, receive, sell, or share personal data, for commercial purposes, of over 50,000 consumers in a given year
- Derives 50% or more of its annual revenues from selling consumers’ personal information
- Organizations that controls, are controlled by, or share common branding with a for-profit business meeting any of the above.
Who is protected by the CCPA?
Any California resident within the government’s jurisdiction is protected by CCPA’s regulations. That means anytime a business interacts with a resident of California, regardless of where the business is located, they must comply with the CCPA regulations. Here are some of the rights consumers will have under the CCPA:
- The right to know all data a company holds about you
- The right to say no to the sales of your information
- The right to delete your data
- The right to be informed of what data will be collected, prior to its collection, and to be informed of any changes to this collection
- The right to know if the data will be shared with third-parties, and to refuse the data of being shared
- The right to know the commercial purpose of collecting personal information
What do you need to do to comply with CCPA
While GDPR had a more intense approach by requiring consumers to opt-in before collecting data, CCPA has a less strict approach, in which businesses may collect data, but offering the option to unsubscribe at any time.
If you will sell or transfer consumer data, you must give consumers a notice before doing so under the CCPA. Under GDPR, you also need explicit consent before the data transfer occurs.
What is the impact of CCPA and GDPR in the Event Industry?
While all industries doing business in California will be impacted by the CCPA, here are some things to consider when collecting data from events:
- If you collect data from attendees, sponsors, exhibitors, speakers, and/ or other partners, you need to clearly state what information is being collected and how that information will be used.
- All contacts should have access to their data, as well as the right to delete their information and opt-out from communications.
- Offer the option to opt out from communication at anytime.
- Provide information on how sensitive data is being stored and protected.
If third-party software is being used to collect data, such as a registration platform or a check-in tool, you should take some additional measures. It’s a good idea to keep your data organized so that if you are asked to produce information, you can do so readily, and to make sure any vendor you are working with is capable of doing the same.
Working with tech providers who have a solid data protection policy in place, like Attendease, can alleviate some of the steps to keep you compliant. Once your event is over, if you wish to use the data collected for a purpose different from what was stated to the consumer, make sure to send a clear notification to communicate how the data will be used and how they are able to opt-out from it.
The Future Of Data Privacy
As consumers have a stronger than ever digital footprint, there is a growing concern on how to keep personal information safe and to give more power to consumers on how and when they would like to be contacted by organizations. GDPR was the first big step in this direction, but there are other regulations in different geo-locations, such as the CASL in Canada and now the CCPA in California.
What this teaches us is that organizations have a big responsibility on how they use and manage personal information, and that should be handled with transparency and care. Once we accept this new reality and start to change our processes and guidelines, it becomes increasingly easier to adapt to new policies that will continue to come up.
CCPA is the first large policy change in the United States, but other states may come up right after with their own policies. The best way to handle it without going crazy? Have a solid process and strategy that is inclusive of all locations, and not only for the areas being affected. Instead of “not worrying” about GDPR because you don’t do business in the EU, start thinking about implementing change across the board in order to provide a transparent guideline to your contacts. If you can comply to GDPR and CCPA, chances are you will be compliant to most other regulations current in place or new regulations that we may se come up in the near future. The consequences of not following the data privacy regulations are costly, so keep your eyes open to new policies that may appear and make sure to always consult with a lawyer for legal advice.
GDPR vs. CCPA (Infographic)
Want an easy way to compare the differences between GDPR and CCPA? Loginradius put on a visual infographic showing the main differences. LoginRadius is a leading cloud-based customer identity and access management (CIAM) solution securing more than one billion user identities worldwide. The LoginRadius Identity Platform empowers business and government organizations to securely manage customer identities, deliver a unified digital experience, and comply with all major privacy regulations such as the GDPR.
For more information and updates on CCPA, check the California Consumer Privacy Act website.