But the closer we get to 2023, the more questions arise from stakeholders and companies about what compliance changes await us next year, along with what will remain of the landmark CCPA regulation.
As evident in the graph below, CPRA will include limitations and regulations originally enforced by the CCPA. In addition, it will add specific types of new amendments to each category covered by the CCPA, enabling a more comprehensive overview of grey areas in data privacy.
These new amendments can mean different things for different organizations, but if you operate in the lead generation and distribution industry — as a publisher, advertiser, or as part of an affiliate network — now is the right time to start preparing for 2023.
But before we get to the “why,” let’s dive deeper into the current state of CCPA compliance across industries.
A recent CYTRIO study found that of the 6,745 U.S. companies reviewed for compliance, an overwhelming 90% were unprepared to meet CCPA and CPRA requirements as of March 31 of this year.
With penalties on the horizon for non-compliance, companies should be scrambling in search of strategic and technological solutions to ensure CCPA compliance. Here’s a breakdown of how businesses can avoid penalties by preparing for these new regulations, set to take effect in just under seven months.
The most glaring issue related to CCPA regulations is companies not complying with Data Subject Asset Requests (DSAR). A DSAR gives data subjects the right to ask companies what personal information of theirs has been collected and stored, as well as how that information will be used or is currently being used. CCPA requires that companies respond to a DSAR within 45 days from the date the request is received.
Companies that fail to respond to a DSAR request within the 45-day timeframe are subject to penalties. However, the CYTRIO research found that less than 10% of companies — some 9.76% — had deployed a CCPA DSAR management automation solution during the first quarter of 2022.
Even more concerning is that this represents a drop from the 11% of companies that automated their DSAR processes during the previous quarter.
Does this mean that companies have de-prioritized consumer compliance? Studies suggest just that.
Further compounding the issue of failing to comply with DSAR management is that many companies do not provide a system for consumers to exercise their data privacy rights, despite these same companies stating within their privacy policies that they are entirely CCPA compliant.
Considering that DSAR requests coming from data aggregators are increasing in frequency and volume — with most requests being Right to Delete (erasure of data) — challenges facing non-compliant companies are only getting worse.
Issues related to non-compliance represent only half of the uphill battle facing the above companies. The other half of the battle is for these companies to make progress toward becoming compliant.
The CYTRIO research revealed that deploying an automated solution was another obstacle facing non-compliant companies. According to a poll cited within the research, 63% of respondents said cost was the primary factor holding them back from deploying an automated privacy rights management solution; deployment complexity followed at 22%.
However, companies can become compliant with CCPA regulations by implementing white label solutions such as Phonexa’s Opt-Intel, designed to help marketers with suppression list management and email compliance.
So, how does Phonexa come into the big picture of compliance? Offering software solutions that provide peace of mind to those looking to strengthen their data security infrastructure conducts better data hygiene.
The following are just some of the comprehensive features within Opt-Intel that securely streamline consumer data transfers and preferences when it comes to email and SMS communication, thus ensuring CCPA compliance:
A considerable part of implementing new CCPA tactics comes with the need to be up-to-date with transition timelines. Here are some datelines you should know:
Ultimately, the new CPRA will apply to startups and other companies making at least 50% of their annual revenue from selling or sharing California-based consumers’ PI or personal information. Companies that don’t comply with amended regulations will be fined.
Adapting digital software tools like Opt-Intel will secure consumer protection compliance for lead generators and marketers. It will do so by streamlining automated data transfers, providing error checkpoints, and communicating compliance messages and tips. With Opt-Intel by Phonexa, the days of data vulnerability and fear of non-compliance are gone.
Schedule a consultation to learn more about how Opt-Intel can be paired with your tech stack and other marketing automation tools to ensure better data compliance for your business.
"One out of every three professionals on the planet is on LinkedIn. " – Jason…
We’ve put together this comprehensive call tracking guide to share our knowledge and help you…
Affiliate marketing on LinkedIn involves leveraging the platform's professional network to promote products or services…
While everyone is raving about the martech power of ChatGPT, another big storm is brewing…
This blog is part of our ongoing series on home services lead generation, offering strategic…
Here’s what it takes to convert a caller nowadays: the right information served at the…