Balancing Work and personal life is a universal challenge. Children's birthday parties, demanding clients, project deadlines, and Father's Day festivities can really tap into your writing time. Don't forget that you need to add in some rest and recovery unless you really want to function on depleted batteries. Still, there are no excuses. So in the spirit of transparency and authenticity my time management skills were lacking these past few weeks. Let's get back to the regularly scheduled program and final newsletter on the California Consumer Privacy Act. The focus this go around is going to be on the penalties for failing to comply.
I found this amazing flowchart as Illustrated by The International Association of Privacy Professionals which is helpful in understanding the process.
To summarize it, the consumer has to notify you and give you a chance to fix the problem. If you fix the problem within 30 days, it’s possible that no action will be taken depending on the severity. If you don’t, the consumer can file an action with the Attorney General (AG) which gives another 30 days. At that point, the AG can bar any action, superintend action or take no action. If the AG takes action it can be up to 6 months where they will either prosecute or determine no action is required. If the AG does not take action the consumer is free to pursue their own civil prosecution.
The penalties can be harsh. Each action or failure to comply is subject to the maximum penalty of $2,500. For instance, if a business sold information of 1,000 users who asked that their data not be sold the fine could be as much as $250,000. If the violation is intentional there is a higher penalty of $7,500 per offence. The AG has full authority in this space to determine the maximum application of this law and the way the law is written they can easily modify the rules surrounding this new law.
So this can be a daunting regulation if you don’t have a plan. First you should get a privacy policy in place on any electronic communication you have with your clients or prospects. Put a link to the policy on your website and even put it in your email. You can visit some of your favorite consumer facing websites to see how they approach it and model your privacy policy after theirs. Secondly, you should make your plan on what you are going to do when you get a request to respond to this new privacy law. If a client or a prospect asks you to get rid of their information be prepared to respond quickly. Depending on the size of your organization, how you gather customer information, how you store it, and what you do with it will determine how sophisticated this process needs to be. Task an individual to be responsible for this and be the point of contact should a case arise that needs it.
Open communication and transparency is the proactive approach to this soon to be a big problem. Insurance is dependent very sensitive customer information. If you are not already, I highly recommend you tell your clients and prospects exactly what you are doing with the information you are asking them for. If you let them know why and what you intend on doing with the data you are collecting you have the opportunity to build trust and confidence. In addition you should give them an easy way to get rid of the information you collect. This seems counterintuitive to current sales and marketing processes but this is the whole reason why this law has come into play.
I hope to give you some tools in the near future to deal with privacy and data security as we become more digital.