California's Consumer Privacy Act and Mindmatrix

California's Consumer Privacy Act and Mindmatrix

Getting Started: Preparing for California’s Consumer Privacy Act enforcement 


Starting in January 2020, the California Consumer Privacy Act (CCPA) goes into effect.


In this article, review your responsibilities as a client of Mindmatrix and as a marketer, according to the CCPA. Please be advised that this article will not constitute the total sum of your responsibilities. We recommend that all of our clients take the time to familiarize themselves with the regulations under CCPA and ensure that they are operating within the bounds of compliance under this new law.


How does the California Consumer Privacy Act impact you?

Under this new regulation, you have additional responsibilities towards contacts you add to your CRM or account within Mindmatrix software. The CCPA guarantees citizens of California the right of privacy, including “the ability of individuals to control the use, including the sale...of their personal information” (Title 1.18.5, Section 1798.100, Part 4 of Division 3 of the Civil Code, relating to privacy, June 28, 2018). 


If a contact is a resident of the state of California -- as a business owner, you have the responsibility to -


  • Capture the consent of contacts before you add them to your account within Mindmatrix

  • Easily share with potential contacts how you plan to use their personal contact data, and give them the option to opt-out of starting the process

  • Share, upon request the categories of information you plan on collecting back to January 1, 2019.


In addition to this, it also imposes additional consent requirements for sale and usage of personal data.


If your company does business in California, or you collect the contact information of potential leads across the US as a part of your sales and marketing efforts, you need to complete your own due-diligence to ensure that you are operating within the bounds of the law.


While it is every user’s responsibility to capture consent before adding contacts to Mindmatrix, there are tools you can use to make this a little easier.


  • Web forms with Privacy policy enabled

    • Add forms to your website or use forms at events to capture the consent of contacts.

    • Require any new contacts to consent to your company’s privacy policy.

  • Export options for contact lists to help you review

    • Review your lists to find any contacts that may be from California. Update your records to ensure that you have the correct address details.

  • Email campaigns to periodically capture consent

    • Since contacts may change residency, it’s important that your lists are up-to-date. From time to time, make a habit of reaching out to your contacts to ensure that you’ve properly captured their consent to send them email campaigns. You can do this by phone or email.

  • Unsubscribe contacts

    • If a contact personally reaches out to you asking to be unsubscribed, unsubscribe them from your lists and do not re-add them.

  • Deleting contacts

    • If a contact requests to be removed, delete the contact from your database.


If any contacts were added without their consent, prior to January 1, 2019 we are recommending that you reach out to these contacts to capture their consent.


You are required to adequately document and process the personal data of contacts starting January 1, 2019 with proven record of consent to store their information within your CRM or Mindmatrix.



How can a contact request data stored about them or campaigns they are subscribed to?


Contacts that fall under the jurisdiction of the CCPA may email privacy@mindmatrix.net to request more information about the campaigns to which they are subscribed, personal data collected about them, and may request to be removed.


What happens if you fail to be compliant?

  • The CCPA will enforce fines of $2,500 per violation or $7,500 per intentional violation and does not place a cap on total fines. Individuals also have the right to sue your organization under CCPA for non compliance.

Intentional violations can quickly add-up...the best way to protect yourself and your business is to capture consent of any contacts before you add them to your account in Mindmatrix. Make sure users understand what email messages they are signing up to receive.

What are Mindmatrix’s responsibilities under CCPA?


If a contact reaches out to Mindmatrix to request to be removed from your database, Mindmatrix will remove this record upon request.  To learn how to delete contacts on your own, search our help desk.



FAQ


Does Mindmatrix sell contact data?

No. The data of contacts you add to Mindmatrix software is protected by a privacy agreement between your company and Mindmatrix. Mindmatrix does not resell any contact data added to our platform.

Where is contact data I add stored?

As of now, all data is stored within the US but you will be notified if this changes.

How is website data tracked?

Visitor data is tracked via cookies from the web browser. Visitors have options to remove cookies from their browser cache if they do not wish to be tracked. You may also enable a warning on your tracking code that alerts visitors that they are being tracked.

Should I add a privacy policy or notice re: cookies to my website?

Yes. you should add this to any forms on your website so that residents of California, or any region where privacy laws are in place, understand how their data is being used and that their website activity may be tracked. You can also request to have this turned on for all forms within Mindmatrix software.
  1. No. As the owner of the data, you are responsible for capturing clear consent from any contacts before you add them to Mindmatrix software.

  2. If Mindmatrix does receive a complaint, we will remove the data based on GDPR Requirements regardless of location (As of November, 2019).


    • Related Articles

    • How can I prepare contacts for CCPA or other privacy acts?

      Make sure that you familiarize yourself with any privacy acts impacting the region of contacts you send marketing emails. Certain privacy acts such as CCPA or GDPR are based on the residency of the contacts you market, and not the physical location ...
    • How do I delete contacts?

      There are two ways to delete contacts from your account. Method A (Deleting a single Contact entry): Method B (Deleting one or more Contacts): Method C (Bulk Deleting Contacts): The bulk delete functionality has been enhanced. Earlier, only contacts ...
    • How do I use the double-opt in feature for forms?

      Posted by The Team at Mindmatrix on 14 March 2018 08:00 PM Feature: The double opt-in process includes two steps. In step 1, a potential subscriber fills out and submits your online form. In step 2, they'll receive a confirmation email and click a ...
    • How do I remove inactive contacts?

      Posted by The Team at Mindmatrix on 07 July 2017 04:56 PM What is an inactive contact? An inactive contact is a contact that has never opened an email. A contact can be considered inactive for a few reasons: The contact has not opened an email The ...
    • How is my Mindmatrix account prepared to manage CASL requirements?

      For users sending emails from Canada, Mindmatrix software comes with multiple features to help you remain compliant. To learn more about CASL click here. Double opt-in for landing pages You can enable double opt-in for landing pages by setting up the ...