Can CCPA be good for business? Seize the Opportunity in CCPA compliance (Part 2)
(Yes. Here’s how to win Trust and Loyalty.)
In this second instalment, we will discuss how to achieve a position of digital privacy leadership. Here’s how to exceed customer expectations about privacy and build stronger relationships with consumers based on trust and empowerment.
How to get the most out of CCPA
Why should a customer trust your company with their digital identity? Because while other companies do the bare minimum to comply with CCPA, you will have embraced the spirit of digital privacy. Here’s a description of your company, as a digital privacy leader:
- Proactive: You explain what personal information (“PI”) is collected, clearly and with sufficient precision. You explain why you use it and how it is vital for you to provide your customer with the best possible experience. You explain privacy rights in a way that makes a customer feel that you are on the customer’s side. Your customer-facing staff know these rights, and believe in your company’s desire to uphold them.
- Clear: You describe how the information will be used and/or disclosed in terms that make sense to customers, and show why those uses are in the customer’s interest. You explain how the personal information freely given by the customer creates value you then provide back in exchange. You link the PI choices a customer can make to the value provided back to the customer.
- Transparent: If any third parties share the personal information, you are transparent about the information being shared, the types of third parties with whom it is shared, and whether those third parties may use the information for their own purposes. Your explanations are not vague or confusing.
- Flexible: You provide customers with easy-to-understand and easy-to-exercise choices about their data (e.g.: to delete, to opt out). These choices make it obvious that your customers are in control of their own data. These choices are “real” choices, not in any way coercive. If they create any consequences for the service provided to the customer, it will clearly be due to the value the customer’s own data would have created for that customer. Plus, you provide more choices than the law requires.
- Accessible: Those choices include the customer’s ability to view data about themselves. You make this easy, and you present the data in a way that demonstrates the value of the data to that customer. You carefully explain the PI data that a customer may not have seen before, or that is not familiar, so that it makes sense to the customer and is not a surprise.
- Thoughtful: You openly disclose any risks of harm or other consequences, as well as the steps you take to mitigate those risks.
- Responsive: When you get an inquiry, you are prepared to respond quickly. Nothing is better than a crisp and speedy response to instill confidence in a customer who wants help.
Meet customer expectations for speed and accuracy
It is hard to over-emphasise the importance of accuracy, completeness, and speed in customer expectations these days. Today, customers expect their information to be at their fingertips, 24/7.
Consider that you will probably need to tell some customers “No, we can’t delete all of your information.” Most companies have internal business processes that will require them to retain some PI, for internal use. Saying “No,” can be perfectly legal, but how will your customers react?
You can actually convert this “No” into a positive experience for customers. The essential elements are to be quick and transparent. Although the CCPA rules give you 45+ days to respond to a customer, a 45-day wait will be a negative experience for today’s impatient customer. If you can respond immediately you can improve a customer’s opinion of your company. A well-crafted experience putting the customer in control is important, too. Your systems and the training of customer-facing employees will both be critical to achieving this immediate response.
Most companies find their customer PI is spread across many systems, shared between a few of them, and sometimes is stored in expedient but insecure locations. This makes compliance with CCPA difficult. If feasible, having a central Customer Data Platform (“CDP”) which provides a single “source of truth” about each customer will make compliance more certain. Customers and customer-facing employees can immediately get consistent data. However, no matter how you choose to assemble and control the PI: be comprehensive, fast, and accurate.
Use personal information to be customer-centric, wisely
Personal Information may be the most valuable asset your business holds. In addition to the many functional purposes for PI, it can help you to be a more successful, customer-centric company. Today, many companies are organised by geography or by product category, and each of these structures has its advantages. However, from the perspective of a customer, your company can look disjointed and confusing. Customers want a consistent experience everywhere. Likewise, with each product group pushing for sales, your customers will get offers that don’t fit them. Customers won’t be as loyal when it is obvious you are not putting their needs and interests first.
In contrast, if your company could become customer-centric you would always know the next-best-action for each customer. Customers would be happier because they are better served. Experience shows you could retain more customers and sell your customers more. PI is the key to being able to operate as a customer-centric business. You should value and protect that asset, to benefit both your company and your customers.
GDPR is mainly an “opt in” set of privacy rules, whereas CCPA is mainly “opt out.” This is highly significant because most people will not take the time to take either action. We expect “opt out” rates under CCPA to be fairly small. From our conversations with EU clients we see opt-in rates (for example, at re-contract) around 70%. So, we expect most companies complying with CCPA will see only a trickle of “delete all” actions. It is a harder to guess how consumers will respond to the “don’t sell my data” button, but we think companies are likely to see quite a few “don’t sell” actions. Longer term, we think “consumer privacy agents” anticipated by the law are likely to have a significant impact.
Give them choices
Customers have widely different attitudes toward data privacy. Surveys show differences in attitude according to the age and gender of customers. Each customer’s view of your brand, as well as the customer’s own privacy experiences, will influence their attitude. Plus, for any one customer their attitude about data privacy depends on the category of personal information.
We like to point out that there is no such thing as “an average customer,” because every customer brings a diverse set of interests, affiliations, and attitudes. So, if you design experiences just for this mythical “average customer” you will miss almost everyone. Therefore, we think the solution is to provide choice. We expect the CCPA will be interpreted by the AG to enable many consumer choices, not just the choices mandated by the law. Choice empowers the customer.
Customers will also choose how much PI to share with you based on how much value they see in your uses of their data. Since each customer is unique, make the results unique. Use the data to truly treat them as a person, not “as a number.” The better you use the data to create value for customers, the happier they will be with providing you with their PI.
Choices also empower you, too. Choices give you an opportunity to explain benefits to the customer in more detail, to show them what they get in exchange for your use of PI. They will trust you more, as you enable them to protect their privacy according to their preferences.
Be a digital privacy leader
Many companies will approach CCPA belatedly and with a view to minimising their compliance effort. They will comply, but grudgingly. We think customers will notice that attitude, and when it comes to their digital privacy, customers won’t like “bare minimum compliance.”
Companies who embrace the spirit of digital privacy, those who design a positive experience for customers, will win customer trust that will power their brands.