Getting Started: Preparing for California’s Consumer Privacy Act enforcement 

Starting in January 2020, the California Consumer Privacy Act (CCPA) goes into effect.

In this article, review your responsibilities as a client of Mindmatrix and as a marketer, according to the CCPA. Please be advised that this article will not constitute the total sum of your responsibilities. We recommend that all of our clients take the time to familiarize themselves with the regulations under CCPA and ensure that they are operating within the bounds of compliance under this new law.

How does the California Consumer Privacy Act impact you?

Under this new regulation, you have additional responsibilities towards contacts you add to your CRM or account within Mindmatrix software. The CCPA guarantees citizens of California the right of privacy, including “the ability of individuals to control the use, including the sale...of their personal information” (Title 1.18.5, Section 1798.100, Part 4 of Division 3 of the Civil Code, relating to privacy, June 28, 2018). 

If a contact is a resident of the state of California -- as a business owner, you have the responsibility to -

• Capture the consent of contacts before you add them to your account within Mindmatrix

• Easily share with potential contacts how you plan to use their personal contact data, and give them the option to opt-out of starting the process

• Share, upon request the categories of information you plan on collecting back to January 1, 2019.

In addition to this, it also imposes additional consent requirements for sale and usage of personal data.

If your company does business in California, or you collect the contact information of potential leads across the US as a part of your sales and marketing efforts, you need to complete your own due-diligence to ensure that you are operating within the bounds of the law.

Does Mindmatrix provide any tools to help capture consent of contacts?

While it is every user’s responsibility to capture consent before adding contacts to Mindmatrix, there are tools you can use to make this a little easier.

• Web forms with Privacy policy enabled

• Add forms to your website or use forms at events to capture the consent of contacts.

• Require any new contacts to consent to your company’s privacy policy.

• Export options for contact lists to help you review

• Review your lists to find any contacts that may be from California. Update your records to ensure that you have the correct address details.

• Email campaigns to periodically capture consent

• Since contacts may change residency, it’s important that your lists are up-to-date. From time to time, make a habit of reaching out to your contacts to ensure that you’ve properly captured their consent to send them email campaigns. You can do this by phone or email.

• Unsubscribe contacts

• If a contact personally reaches out to you asking to be unsubscribed, unsubscribe them from your lists and do not re-add them.

• Deleting contacts

• If a contact requests to be removed, delete the contact from your database.

If any contacts were added without their consent, prior to January 1, 2019 we are recommending that you reach out to these contacts to capture their consent.

You are required to adequately document and process the personal data of contacts starting January 1, 2019 with proven record of consent to store their information within your CRM or Mindmatrix.

How can a contact request data stored about them or campaigns they are subscribed to?

Contacts that fall under the jurisdiction of the CCPA may email privacy@mindmatrix.net to request more information about the campaigns to which they are subscribed, personal data collected about them, and may request to be removed.

What happens if you fail to be compliant?

• The CCPA will enforce fines of $2,500 per violation or $7,500 per intentional violation and does not place a cap on total fines. Individuals also have the right to sue your organization under CCPA for non compliance.

Intentional violations can quickly add-up...the best way to protect yourself and your business is to capture consent of any contacts before you add them to your account in Mindmatrix. Make sure users understand what email messages they are signing up to receive.

What are Mindmatrix’s responsibilities under CCPA?

If a contact reaches out to Mindmatrix to request to be removed from your database, Mindmatrix will remove this record upon request.  To learn how to delete contacts on your own, search our help desk.

FAQ

1. No. As the owner of the data, you are responsible for capturing clear consent from any contacts before you add them to Mindmatrix software.

2. If Mindmatrix does receive a complaint, we will remove the data based on GDPR Requirements regardless of location (As of November, 2019).