trust sign
PHOTO: Bernard Hermant

When Olympic teams create their training plans, they approach it with the concept of marginal gains in mind. Marginal gains involves making small incremental improvements which add up to significant improvements when added together. Putting marginal gains to practice in the world of customer experience management is a great way to view improving the overall customer experience through a series of small improvements. While it may sound counterintuitive, I believe the California Consumer Privacy Act (CCPA) presents such an opportunity.

The CCPA is now live, and although it won’t be enforced until July 1, I view it as a decent marginal gain you can have on your competitors. Let’s look at some CCPA fundamentals and then look for the opportunity it presents.

What Is the CCPA all About?

The CCPA is largely focused on requiring businesses to inform consumers who are California residents if their personal information is being sold and allowing them to opt-out of that sale. The CCPA also requires businesses that collect personal information about consumers to provide disclosure about what information it collects, how that information is used, and who the information is disclosed to.

Selling under the CCPA has an expansive definition. It includes selling, renting, releasing, disclosing, disseminating, making available, transferring or communicating a consumer’s personal information to another business or a third party for money or other value.

The CCPA provides an exception to the definition of selling for the activities of "service providers." Service providers receive and use personal information only as necessary to achieve business purposes, such as assisting with a business’s operations.

Related Article: Preparing for New Data Privacy Regulations? Learn From GDPR

What Businesses Does the CCPA Affect?

The CCPA applies to most companies that do business in California that collect personal information. The threshold criteria include that a business has at least $25 million in annual revenue, or that it buys, sells, shares or receives the personal information of 50,000 or more "consumers, households or devices" for "commercial purposes" (which include convincing another person to buy goods or services, or enabling a transaction). Personal information is defined quite broadly, and includes information that identifies a consumer, or could reasonably be linked to a consumer (either directly or indirectly).

Related Article: Feeling the CCPA Heat?

Consumer Rights Under the CCPA

Under the law, consumers have the right to request a copy of the personal information collected about them in the prior 12 months (commonly called “access requests”), and request deletion of the personal information collected about them (commonly called “deletion requests”). There are exceptions to these requirements, of course, so check with a trusted legal advisor for additional details.

Consumers have the right to request their data and businesses must deliver:

  1. Businesses must respond to a verifiable request within 45 days of receipt.
  2. A business may exercise one 45-day extension when reasonably necessary if they notify the consumer within the first 45-day period. Disclosure includes data collected for the 12 months before request.
  3. All data requested and delivered to the consumer must be done so in a readily usable format and delivered by email or electronically.

Related Article: Let 'Ethical By Design' Guide Your Use of Consumer Data

The Business Opportunity in the CCPA

There are quite a few areas in the CCPA rules which could be described as ambiguous or hard to interpret. So why do I view it as an opportunity?

The opportunity is one of the key drivers of loyalty: trust.

My firm, Medallia, researched the insurance sector and found that trust is synonymous with customer satisfaction and is central to loyalty. A customer has a 99% chance of being satisfied with their insurer if they strongly trust the company, but only a 1% chance if they strongly distrust it. Further, a person who strongly distrusts their insurer is nearly 18 times as likely to anticipate changing carriers in the next three years than one who strongly trusts their provider. Insurance is one sector of many that have benefited from learning through customer personal data for years.

Companies should — at minimum — be already striving to follow CCPA guidelines and have clear communications informing customers exactly what data you are collecting and how you are using this data. Transparency lays the groundwork for trust. Beyond this, businesses should make it extremely simple for customers to request and retrieve their data, such as having a request process on the website, automating retrieval and delivery of data where possible and having your adherence to the CCPA clearly marked across your digital estate. If you look for ways to exceed the requirements to inform your consumer and enable them to exercise their rights, you will put your business ahead of the pack.

Many other states are already looking to adopt similar requirements to the CCPA, so it makes sense to standardize practices across the business. I have already seen some great examples with in-app banners to discuss data collection in addition to physical letters and emails telling me how to inquire about my data or have it removed. This lets me know these companies are trusted partners that care about me.