By Brian Epro, VP Automotive, Jornaya
We’ve turned a pretty important corner in our data-centric universe. Now, if you’re a California-based dealer (and likely soon the entire country), I can visit your website and demand to know exactly how you’ll use my data, forbid you from using it, and require that you delete it. Multiply that capability by the number of people who visit your website on a daily basis, and you have the makings for disaster if you’re not compliant.
As companies collect more data about consumers, honoring their privacy has taken priority. The California Consumer Privacy Act (CCPA) is an example of legislation making it mandatory for dealerships to be transparent in how they collect, use, and disclose personal information.
With CCPA, which went into effect January 1, California dealerships and their vendor partners will need to vigilantly manage their customers’ personal information, but every dealer should pay attention to this, as legislation similar to what has passed in CA is expected to spread nationwide at some point.
CCPA created the newest consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It gives nearly 40 million people in California the strongest data privacy rights in the country.
But there’s still a lot of confusion with this ground-breaking data privacy law. While I’m certainly not an expert or a lawyer, I’ve spent my career in the automotive industry and have spoken to several dealers and executives about how they are responding. Below is a high-level overview of the CCPA based on research and discussions I’ve had.
Which Businesses are Affected?
Businesses must comply with the law if they meet any of the following criteria:
- Have revenue that exceeds $25mm annually
- Buy, sell, share, or receive consumer information on 50,000+ California consumers
- More than 50 percent of revenue is from selling consumer data
What Information is Protected?
CCPA expands the rights of consumers by making it mandatory that companies are transparent in how they collect, use, and disclose personal information. It requires companies to:
- Disclose the ways they use and sell personal data
- Enable California residents to opt-out of their personal data being sold
- Disclose any data collected from the consumer
- Delete data associated with an individual when asked to do so
But not all personal information collected by auto dealers is subject to the CCPA. Personal information collected under privacy regulations such as the Driver’s Privacy Protection Act of 1994 is not covered by the CCPA. However, marketing, sales, and customer service activities that fall outside that law are subject to the CCPA.
What Should Your Company Do?
Many dealers have already updated their privacy policies and provided the required link for Californians to access their data and make a request to delete or not sell their information to a third party.
Our company did the same and went a step further, extending our compliance product suite with Privacy Guardian to assist companies in meeting the requirements of the CCPA as well as expected future state and federal regulations. Our Privacy Guardian solutions helps companies know if a site visitor is located in California and helps them prove what happened at each web event.
The following action items will also ensure your organization is truly honoring the consumer:
- Clarity: Provide clear guidelines on Personally Identifiable Information (PII), which is any data that could potentially identify a specific individual. Trusted organizations have rigorous Terms of Use restricting them from exposing raw or proprietary data.
- Storage and Access: Most businesses store data on multiple media types, each technology and format requiring its own type of protection.
There is a groundswell of support from the public looking for laws that protect their data and identities. At some point, all OEMs and dealers are going to have their data management practices under close scrutiny by lawmakers. It’s critical for the industry to stay in front of current and upcoming data privacy regulations, and plan accordingly.
About the Author
Brian Epro serves as the Vice President, Automotive of Jornaya. Brian started at Jornaya in September of 2017.