In 2018, we dealt with the fallout from the implementation of GDPR (the EU’s General Data Protection Regulation). Non-EU organizations struggled to comply with the new law and indeed, were hard-pressed to know if they were even affected. In 2019, California passed the California Consumer Privacy Act (CCPA), which went into effect on January 1 of this year. Should healthcare marketers be concerned about CCPA?

The answer, according to various experts, is “probably.” The law is intended to apply to for-profit organizations that do business in California or with residents of California and that meet at least one of these criteria:

• Annual gross revenues exceeding $25 million
• Holds personal information from 50,000 consumers, households or devices
• Sells consumer personal information for an amount that exceeds half of the organization’s annual revenues.

While these criteria probably will not apply to many healthcare organizations outside the state of California, healthcare marketers located outside of the state should still be aware of the law’s requirements. There are experts who believe that it’s only a matter of time before some type of privacy regulations are enacted at the federal level in the US. In the meantime, other states are looking into passing similar legislation to CCPA in 2020 (Nevada already has). Thus, it may be prudent for organizations to plan ahead for the changes necessary to comply with new regulations.

Norman Guadagno, CMO of Acoustic, said, “I don’t think any companies should ‘ignore’ the CCPA because privacy is not a trend that is going away...This is not a time for any business to ‘ignore’ this issue or the regulations emerging. Instead, brand marketers – whether or not they’re currently doing business in California – should be putting their own systems in place that are transparent and respectful of customer privacy as opposed to taking a wait-and-see approach when it comes to privacy issues.”

What is your organization doing to maintain consumer privacy?