The CCPA is one of several state-led privacy regulations going into effect. Beginning January 1, the California Consumer Privacy Act will give consumers new power over their data and hold organizations more accountable. These changes will require some new thinking and adjusted processes for B2B as well as B2C sales and marketing.
California has long upheld residents’ rights to “safety, happiness, and privacy”. However, with the growth of the digital era, our lives have changed dramatically as digital became woven into every aspect of our daily lives. After several years of massive data breaches, and the passing of GDPR in Europe, California moved to enact additional laws to advance data privacy.
In this post, I’ll focus the impacts on B2B businesses, because, while the California law uses the word “consumer”, it is broadly defined to cover consumers, employees, business contacts, households, and devices.
CCPA will impact a wide range of small and large businesses, estimated to be somewhere between 15,000 and 400,000 businesses. The law applies to those who do business in California, even if they don’t have an office there, and also to third party vendors who do business with those companies.
How should marketers prepare for new privacy regulations?
First of all, become familiar with CCPA. Even if your business is fully compliant with GDPR, the two privacy regulations have a number of key differences.
Here are some things that marketers can do now to start preparation for CCPA:
- Conduct an internal review to determine Personal Information (PII) you are collecting
- Document how personal information is being used
- Audit your lists – has consent been given for all contacts and information
- Audit your forms – do they have the proper check boxes? Are they asking for more data than you truly need?
- Identify if you are selling for sharing data with third parties
- Identify what data is being shared or sold to you by third parties
- Review the contracts of third parties and service providers with whom you buy / share data
- Review and update your website privacy policies as needed
- Add the required “do not sell” buttons to your website
- Review your consent / opt-in processes
- How will you handle consumer requests for deletion of data?
- Do you have a way to physically delete customer data if requested?
- How will this impact any incentive or loyalty programs?
- Review your martech and salestech stacks to ensure they handing off / capturing consent across the whole stack
There are a few areas where B2B marketers should focus. In particular, how did you obtain the data you have in your database? If you’ve been using what I like to call “cheap lists” — those email offers you get for lists of your competitors’ clients, or all users of some particular technology — those were not opted in. Get ride of them. Other more seemingly innocent sources might be when a partner gave you the list of attendees at an event. Did you do a double opt in for all of those? Another recently popular tactic has been scraping emails from the internet. If you’ve been doing this, you’ll either need to opt-in everyone in immediately or identify and dump those records, too. This is a good time to do a list clean up, and the side benefit will be higher delivery and response ratios.
Marketers should care about privacy not just because of the threat of fines, but also because today’s buyers care about working with companies who care about their privacy.
Why should sales be concerned about privacy regulations?
B2B sales, including inside sales, should review their processes as well. If inside sales has been obtaining their own prospecting lists, they should conduct the same reviews as marketing above. Sales can be impacted by privacy regulations in other ways, too. According to Cisco’s 2019 Data Privacy Benchmark Study, sales delays of an average of 3.9 weeks have been occurring due to GDPR.
87 percent of companies are experiencing delays in their sales cycle due to customers’ or prospects’ privacy concerns, up from 66 percent last year.
Reasons for the sales delays included investigating customer requests for privacy needs, translating privacy information into customer languages, educating customers about an organization’s privacy practices, or redesigning products to meet customer privacy needs. We could see similar delays due to CCPA as well.
How B2B sales and marketing can align around privacy
I have spoken with a number of my AA-ISP inside sales leadership counterparts in the EU and the most common refrain I heard was:
GDPR gave us a chance to work more closely with marketing.
This is a good time to agree on how much data you need to collect on each prospect. Do you really need marketing to require a mobile number on whitepaper downloads? Rather than keeping with the “more is better” mindset, start thinking about “how much is enough?”. And CCPA is just the beginning. Over a dozen more states have privacy regulations pending in legislation so the process will only get more complicated.
Sales needs to be patient with marketing and understand that there are new policies to adhere to. Know that you no longer will be able to know the identification of who happens to be on your website. This was pretty common practice a few years ago, but you’ll notice that today you can only see someone who has consented, that is opted-in and is known to you in your CRM. Think about other ways you can proactively reach out. For instance, live chat and chatbots have become a popular way to engage prospects on your site and turn them into qualified leads.
Sales leaders should make sure that any emails that their inside sales reps send out are truly targeted. Privacy compliance is yet another reason to banish “spray and pray” methods.
Compliance to new privacy regulations is a company-wide responsibility. Sales and marketing can take a proactive stance to start getting ready for CCPA and the many other new US regulations. Ultimately, the best approach to compliance is by fostering a culture of privacy from the top.
Resources and helpful reading about privacy regulations: