Catalyst answers your questions about the CCPA and digital marketing

With the passage of the California Consumer Privacy Act, there’s no doubt that California is serious about consumer privacy protections. The CCPA means that businesses collecting the personal data of California residents could face serious penalties if they don’t comply with the new law. But how do you know whether you fall under the CCPA? To help, our team is breaking down what you need to know about the CCPA and digital marketing, including whether you’re subject to the law and what you should be doing if you are.

How do you know whether you need to comply with the CCPA?

At first glance, it can be difficult to determine who falls under the California Consumer Privacy Act. However, at its most basic level, the CCPA covers any for-profit entity doing business in California that collects, shares, or sells California consumers’ personal data, and meets one of the following conditions.

• Has an annual gross revenue of more than $25 million
• Receives the personal data of at least 50,000 California consumers, households and devices every year
• Earns at least 50% of its annual revenue from selling personal information

However, there are exemptions to the CCPA and digital marketing rules. For example, the law doesn’t cover protected health information (PHI) covered under HIPAA and medical information covered by California’s Confidentiality of Medical Information Act (CMIA).

These exemptions cover a great deal of information that medical practices collect and use, but they don’t cover all the data that your practice could possess, including email addresses and advertising identifiers. As a result, the clinics that meet the conditions of the CCPA still must comply with the law, despite the health information exemptions.

How can you stay on top of the CCPA and digital marketing?

If you want to stay on the right side of the CCPA with your digital marketing efforts, one of the best actions you can take is making sure your website displays a privacy notice. The notice must meet the following requirements.

• Website visitors must be able to read it before or when they share personal data.
• The notice must explain the types of data collected and why.
• The wording should clearly explain a consumer’s rights under the law.

Speaking of a consumer’s rights, a key right is the ability to opt out of sharing personal data. To support this right, your website should include a “Do Not Sell My Personal Information” link and an internal process for dealing with requests that come through it.

If you have any other questions about what you need to do to comply with the CCPA, reach out to the team at Catalyst Healthcare Marketing.