top of page

Prepare for Impact: Small Business Digital Marketing and the CCPA

Updated: Nov 9, 2022

Privacy regulation just got more intense now that the California Consumer Privacy Act (CCPA) is officially in effect as of Jan. 1, 2020. Just a few weeks into the new year, everyone awaits to see its impact on consumer control and the oversight of Big Data, while digital marketers for small and global businesses are paying close attention to how digital marketing strategy will make room for the new law.

Reviewing the new CCPA regulation

4 Major Rights Under the CCPA

On June 28, 2018, California made a landmark move for the consumer privacy of California residents and passed the CCPA. Now Californians are permitted to demand that businesses release their collected personal information, remove it from company data, view a list of third parties who have also received the information, and even sue the company if the use of the information violates privacy guidelines.

Violators may face up to $7,500 in penalties per intentional violation. Talk about consumer control… and there are other rights granted to consumers under the new law.

Don’t Do Business in California? Still Matters.

You may be thinking that the law does not impact your business if you do not operate in California. However, the law is internet-specific, and the internet is everywhere. Your Maryland or Florida-based business may very well serve businesses or consumers who access your products, services, and content in California. Not to mention, with one of the largest workforces and technology climates in the country, your business could expand into a California market.

Thus, small and global businesses expect to see things change with internal data collection – no matter the place of operation – to ensure compliance.

It is similar to the way the European Union’s General Data Protection Regulation (GDPR) made waves on April 14, 2016. Your small business may not operate in Europe just yet, but your website and email campaigns likely use GDPR-compliant cookie consent banners and opt-out forms respectively.

Who Must Be Compliant?

You’ve probably guessed that the answer is everyone, especially businesses that rely on digital marketing to communicate with target audiences, but there are specifications for businesses that must be compliant with the CCPA. Businesses that gain $25 million or more in annual revenue, serve California-based residents, or have personal information on 50,000 or more people must comply.

Additionally, businesses that generate more than 50% of annual revenue from selling data are held accountable.

It is not uncommon for small businesses to have email lists that exceed 30,000 contacts. If you are one of them or are scaling your email list and digital marketing strategy daily, the CCPA needs to stay at the forefront of your marketing team’s discussions.

Small Business Digital Marketing Under the CCPA

It is unclear how the CCPA will impact digital marketing in the long term. Amendments to the law were passed and additional implementation is set to take place as soon as July 1, 2020. As changes are introduced and industries adjust, small businesses must stay prepared for what’s next. Here are tips on how to ensure CCPA compliance and adjust digital marketing strategy for small business:

1. Understand the Law.

Ensure that your employees are aware of the law’s details, especially what information it protects. The CCPA considers the following to be protectable personal information:

  • Internet or network activity. Information about online engagement such as browser or search history.

  • Personal identifiers (names, aliases, addresses, e-mails, SSN, driver’s license number, etc.)

  • Biometric information. Human characteristics that are digitally identifiable such as fingerprints or facial recognition.

  • Geolocation. Information estimating or identifying location such as through API.

  • Commercial information. Information relating to profit margins, products or services purchased, and other commercial exchanges.

  • Education information that is not publicly available personally identifiable information.

  • Audio, electronic, visual, thermal, or olfactory information.

  • Employment information.

  • Inferences. Information that may be inferred from any of the above.

Businesses that must comply with the CCPA have to:

Provide Notice to Audiences.

Before or at the time of engagement, audiences must be notified of data collection, the categories of data, and for what will the information be used.

Add a “Do Not Sell My Info” Link.

Businesses must generate an opt-out option that allows audience members to request that their information is not sold, and strategize a way for them to communicate with the business if there is a suspected violation.

Correct Violation within 30 Days.

Under the CCPA, businesses have 30 days to correct any proposed violation submitted, as well as must immediately adhere to information removal/opt-out requests in all databases.

Verify Requester Identity.

Businesses must verify the identity of audience members who request the removal of their personal information or make a complaint. If the requester identity is not proven, the request can be denied and treated as an opt-out.

2. Educate Your Audience.

It’s a good idea to always keep your audience informed of their rights as a participant with your business. Your next consent email campaign should outline the CCPA guidelines and reassure audiences that their data is safe. Engage with your audiences to remind them of their access to valuable information as a loyal customer, as well as their control as a consumer.

The CCPA and others like it can seem overwhelming, but as long as your digital marketing strategy leverages permission-based marketing, avoids three common mistakes, and remains ethical in data usage you should not face threatening issues.

3. Update Your Privacy Policy.

All data privacy specific regulations and mandates should be addressed in your privacy policy and clearly available for view on your website. Generate a new privacy policy or simply add reference to the CCPA and consumer rights in your existing policy.

4. Hire A Consultant.

Remain compliant with a dedicated digital marketing consultant and access to affordable resources, such as employee coaching classes, that help guide your firm through intense regulatory changes. Digalyne Consulting provides small businesses with the strategy and tools required to stay competitive, data-driven, and authentic online.


It’s no wonder a law like the CCPA was passed and continues to set precedence for other states like Maine and Nevada, which passed privacy data laws late last year. In 2019 alone, more than 7.9 billion records were compromised due to data breaches in all industries. Consumers have had enough.

Only time will tell how regulatory compliance, privacy protection, and digital marketing will intertwine to endure the growth of the Internet.

68 views0 comments


bottom of page