Companies that market services or products to consumers in California must comply with CCPA email marketing guidelines to protect data privacy. Essentially, the CCPA protects the rights of consumers in California regarding the collection, use, or sale of personal data. Read on to learn more about CCPA email marketing compliance.
How to Maintain CCPA-Compliant Email Marketing
For businesses with consumers in California, CCPA email marketing laws can help protect customer data from breach attacks. Marketing to consumers via email requires adhering to California email marketing laws regarding consumers’ rights to:
- Know how their data is used
- Request that their data be deleted
- Opt-out of email marketing
- Exercise their rights without discrimination
With the help of a CCPA compliance advisor, your business will implement processes that comply with CCPA email marketing guidelines, protecting the overall security of consumer data.
Download Our CCPA Compliance Checklist
The CCPA Right to Know and Email Marketing
The CCPA email marketing guidelines require businesses to inform consumers in California about all aspects of data collection, processing, and usage.
Specifically, consumers have the right to request information regarding:
- Categories of personal data collected
- Sources of data collection
- Business use of the collected data
- Sharing of data with third-parties
Businesses whose consumers are residents of California must comply with CCPA email marketing laws to protect consumer privacy rights.
Request a Free Consultation
The CCPA Right to Delete and Email Marketing
Under CCPA email marketing laws, guidelines for businesses to follow under the “right to delete” include:
- Consumers have the right to request the deletion of data collected by businesses, including any data collected by third-party vendors.
- Your business must also disclose to consumers their right to have personal information deleted.
- Third-party service providers must delete any data collected on behalf of a business if the consumer request was directed to the business in question.
CCPA email marketing laws can help your business protect the privacy and security of consumer personal information.
Consumer Requests and CCPA Compliance
Compliance with CCPA email marketing guidelines regarding consumers’ rights to information disclosures and deletion requires businesses to simplify processes for submitting consumer requests.
The following considerations can help your business develop CCPA-compliant processes for consumer requests regarding the disclosure or deletion of personal information:
- You must provide at least two methods for submitting requests, some of which include:
- Email addresses
- Websites
- Paper forms
- Depending on the type of business location (e.g., online, physical, multichannel), methods must be accessible to all consumers and include:
- A toll-free number for all businesses
- A website for businesses with websites
- An email address for businesses that are exclusively online
- Where consumer accounts are used to request information:
- Consumers should be able to submit requests without creating accounts.
- Consumers can also submit requests through accounts they previously created.
The ease by which customers can submit requests for disclosure or deletion of their data strengthens your compliance with CCPA and email marketing laws and helps protect your business reputation.
Privacy Policy and CCPA Compliance
Per CCPA email marketing guidelines, a privacy policy must guide customers on how to request information disclosure and deletion:
- Information requests – A CCPA-compliant privacy policy must point customers to the appropriate methods for submitting information requests, aligned with the above criteria.
- Response timelines – The deadline to respond to consumers’ requests for information is 45 calendar days. However, this deadline is flexible to a 45-day extension if you notify consumers.
- Identity verification – Your privacy policy must inform customers of your right to confirm consumer identities for disclosure or deletion requests. As such, you may:
- Request consumers for additional verification information
- Use requested information for strictly verification purposes
- Grounds for denial of requests – Based on your CCPA-compliant privacy policy, you have the right to deny consumers’ requests for information if:
- Consumer information cannot be verified
- Consumer requests are unreasonable, based on excessiveness (i.e., you have provided information twice within 12 months) or your ability to demonstrate that they’re extremely unfounded
- Sensitive information will be disclosed, including social security numbers and account information (e.g., bank account numbers, passwords)
- Compliance or legal restrictions will be violated
- Requested information belongs to CCPA-exempt categories, some of which include medical information and consumer credit reports
A privacy policy compliant with California email marketing laws will help guide consumers on how to request information about the use of their data and protect consumer data privacy.
The CCPA Right to Opt-out and Email Marketing
When consumers exercise their CCPA email marketing right to opt out, you must stop selling their personal information. Considerations for complying with CCPA right to opt-out include:
- Respect for opt-out requests – Compliance with CCPA email marketing opt-out requests means businesses must:
- Avoid selling consumers’ personal information following opt-out requests, except if consumers provide reauthorization
- Delay sending opt-in requests to consumers for at least 12 months
- Sale of children’s personal information – As a business, you can only sell information belonging to children if you obtain:
- Opt-in from the child, if the child is below the age of 16 but above 13)
- Opt-in from the child’s parent or guardian, if the child is below the age of 13
- Clarity of opt-out instructions – Per CCPA email marketing requirements, you must also provide clear instructions for consumers to submit opt-out requests via:
- Conspicuous link on your business website containing “Do Not Sell My Personal Information”
- Designated methods for opting out, if different from the above link (i.e., listed in your privacy policy)
- Verification of opt-out requests – Although the CCPA does not require you to verify the identity of the consumer submitting an opt-out request, you can:
- Request additional information to confirm consumer identity
- Use requested information only for verification purposes
- Submission of opt-out requests – You must also provide two or more methods for consumers to submit opt-out requests. One of the most common methods is the Global Privacy Control (GPC) tool, a user-enabled global privacy control, which is:
- A fast and accessible way for consumers to opt-out of the sale of their information
- Flexible for consumers to submit requests across web applications and devices
Complying with California email marketing laws will help protect your business from data breach risks, especially those related to the sale of consumers’ personal information.
CCPA Non-Discrimination and Email Marketing
Per CCPA email marketing laws, consumers that exercised their CCPA rights are protected from discrimination via:
- Denying them goods or services
- Pricing items differently
- Offering non-standard quality of items
When consumers exercise their CCPA email marketing rights, your company is protected if:
- You cannot complete transactions or provide goods and services due to the deletion of consumer personal information
- Marketing emails (e.g., promotions, discounts) are in exchange for the use of consumers’ personal information, especially when the value of information is equivalent to the financial incentive you offer
- Following the exercised right to delete or opt-out, consumers cannot participate in special promotions requiring the exchange of personal information
However, consumers can request information about the specifics of special offers to guide their decisions about exercising CCPA rights. Working with a CCPA compliance partner can help you address gaps in compliance with CCPA email marketing laws.
Streamlined CCPA Email Marketing Compliance
Email marketing to consumers in California requires businesses to comply with California email marketing laws, which protect consumer data privacy. Working with an experienced CCPA compliance advisor will help you streamline CCPA email marketing compliance.
Maintaining CCPA compliance will also help prepare your organization for adherence to other data privacy laws and regulations that are continually arising (e.g., the EU’s GDPR, Virginia Consumer Data Privacy Act).
Contact RSI Security today to learn more about streamlining your CCPA compliance policy and strengthening your data privacy.
Download Our CCPA Compliance Checklist
Assess where your organization currently stands with being CCPA compliant by completing this checklist. Upon filling out this brief form you will receive the checklist via email.