Five Key Takeaways from CCPA for Performance Marketers

Yes, we know, it’s hardly even full-fledged holiday season, but be prepared: 2020 is only a few short weeks away. And for the business world, and specifically performance marketers, that means it’s time to take stock of how a landmark new law will shake things up. Come January 1, 2020, a new consumer privacy law, California Consumer Protection Act (CCPA), goes into effect. And with it, U.S. businesses that do business in California with annual revenues exceeding $25 million will for the first time be subject to a far stricter set of privacy regulations. The European Union implemented the General Data Protection Regulation (GDPR) in May 2018 but American companies were long left free and clear to commodify consumer data. However, thanks in large part to high-profile data breaches including Equifax and Target, earlier this year a bill came to pass in the California legislature whereby American consumers are legally allowed to instruct a company to disclose what personal data has been collected about them, have it discarded, as well as request that the practice be discontinued. As of now, this law is limited to mid-to-large sized businesses that do business in California, and either exceed $25 million in annual revenue, receive data from at least 50,000 people, households or devices each year, or earn at least 50 percent of its annual revenue from selling personal data. But the reality is with third-party-business dealings now incredibly commonplace, there’s a high likelihood your business is impacted in some capacity by CCPA. So where does this leave your business? And, more specifically, how does this impact your marketing strategy? Read on for five key takeaways to consider as it relates to CCPA going into effect and how it may impact your business.



  1. It isn’t Simply About CRM.

CCPA’s impact is a wide-reaching one. To that end, when assessing how it affects marketing practices one must understand it extends far beyond your own customer database and CRM. CCPA impacts every system, process and vendor that touches any element of consumer data regardless of whether that data is first- or third-party sourced. Moreover, CCPA gives consumers the right to know “the categories of sources from which the personal information is collected,” which in turn means they now have the right to learn whether or not your company is buying third-party data beyond what is publicly available. Take this hypothetical use case: a customer in California asks to be “forgotten,” a new and significant right with the CCPA outlined above. Immediately certain questions must be taken into consideration. How many of your vendors and partners have data about those customers? Who have you shared that data with? Which vendors have shared some or even a portion of that customer profile with you? Even when these questions have been answered, the enaction and notification process kicks in with additional questions to contend with. Namely, how do you notify every one of those vendors and partners to “forget” those respective consumers? And how do you confirm and audit the fact that they have in fact complied?



  1. Marketing Measurement in the Crosshairs.

CCPA is drastically impacting how companies evaluate their marketing performance measurement and leaves any company using any form of consumer tracking as part of their measurement approach quite vulnerable. Many are left to wonder then how targeted advertising, retargeting campaigns, and other programmatic channels will be hurt by reduced access to third-party data.



  1. Measurement Accuracy Issues.

As anxiety swirls around marketing performance measurement in the wake of CCPA, the larger question is how marketing measurement accuracy is directly affected. Most costly to marketers, CCPA introduces accuracy problems in regards to marketing measurement. Even if a company audits its process and complies with the new regulations, the accuracy and efficacy of long-held marketing measurement approaches like attribution will be affected. By consumers removing themselves, gaps – and not random ones – are being introduced in the measurement picture. This, in turn, ripples through your historical measurement as well as any go-forward measures. Attribution approaches attempting to stitch together a “path to purchase” now have missing pieces and the whole approach starts to crumble. Brands use a host of probabilistic mechanisms to identify consumers and additional holes in this data throws off its accuracy even more drastically. What this results in is a host of potential problems both in terms of overstating and understating the value of marketing and, in turn, getting that part of the equation wrong. Questions you need to ask yourself are: What if the measurement approach has this customer identity only for some of the picture? How do you align that with other channels? What do you do when you cannot link an ad’s views with conversions?



  1. The Financial Risk

In terms of hard dollars, CCPA introduces clear-cut financial risks for marketing measurement. If you, or one of your vendors suffers a data breach, you now have per record financial penalties of up to $750. Likewise, if you, or one of your vendors does not comply properly, and an intentional violation is proven, there are now per record fines of up to $7,500. To illustrate, if a business sells the profiles of 100 users who have asked their information not be sold, the maximum penalty is $75,000, not $7,500. The question you then ask yourself: how many customers do you have in California? Let’s use Facebook to illuminate the scope of the financial risk here. According to data and best estimates, Facebook has approximately 24.6 million users in California. Were Facebook then found to have violated the CCPA, it could face a maximum penalty of $184.7 billion for an intentional violation.




  1. It is Time to Re-think Your Approach on Marketing Measurement.

There are proven approaches to marketing measurement that do not use any PII or consumer tracking. OptiMine is fully compliant with CCPA, the EU-implemented GDPR, as well as all other emerging state regulations. Additionally, OptiMine is 100% future proof and uses NO PII of any sort.