Introduction to CCPA & Best Practices for Marketers Safeguarding Consumer Data

Nicole Hartman-Oracle
Nicole Hartman-Oracle Customer Experience Program ManagerPosts: 73 Employee
edited Apr 29, 2022 6:22AM in Eloqua


The views expressed on this post are my own and do not necessarily reflect the views of Oracle. This post does not provide legal advice. Information posted and available through this post is for general informational purposes only and should be used only as a starting point for addressing your legal or compliance questions.


Greetings from Sunny California!

As a marketer, you may have recently been asked about or researched the California Consumer Privacy Act (CCPA). Psst... An online version of the CCPA law can be found here or by searching for Assembly Bill No. 375.

I recently came across some introductory blog posts and thought I would share with this community.

IMPORTANT: Remember, it's always recommended to have your business conduct a legal review of any new law that may impact your marketing operations or handling of Personally Identifiable Information (PII) or other types of sensitive data. This post is for general informational purposes only and should be used only as a starting point. This post does not provide legal advice or counsel for addressing your legal or compliance questions.

Blog Posts about CCPA:

- How to Address Evolving Threats and Compliance Requirements - Oracle Cloud Security Blog

- "Are You Ready for CCPA?" by Oracle Partner Relationship One

- "Will CCPA have GDPR-like effects?" featured post on emarketer.com

There's no doubt in my mind that new privacy laws continue to bring more awareness to data and security topics, especially in our leads and customer mindset. One thing to keep in mind is many of the same General Data Protection Regulation ('GDPR') principles will apply. Setting up trusted points of collection for opt-in and ensuring your business is taking a privacy-first approach to collecting, managing, and protecting personal data will be key to success.

More on this topic:

"GDPR IS Here. Are You Ready?" on oracle.com

What ideas should marketers keep at top-of-mind as digital privacy continues to evolve?

Many of the principles and habits that contribute to good privacy practices occur during the planning phase. From an execution perspective, when access and roles are clearly defined and data and information is clearly labeled the level of effort can be simplified.

  • Collecting - Make sure your using secure methods of data collection and providing a trusted opt-in experience across your own website(s) and ad tech. Require users give the least amount of information needed needed to handle their request (I know, as marketers we always want to know more!) To collect quality data points the experience of the user or potential customer has to be taken into consideration as well. In 2019 requiring too many personal details to sign-up for a service or receive a piece of gated content might send the wrong message about your brand and increase form abandonment. Think about how to break up this experience of getting to know your user by designing more meaningful and timely digital interactions instead.

    • Idea: Occasionally go through your own business's website, including all pop-ups, headers, footers and sign-up options, ads etc. Login and logout, abandon, purchase or make a booking. Use a scheduling tool. Try it all again using different devices. If you are global, try it with different regions selected. Ask:  Which digital experiences are streamlined / intuitive? Do any seem too nuanced or show room for improvement? Good marketers often have to find and enable champions for customer experience internally. Finding an example of opportunities for improvement and offering feedback constructively can aid the process, and help your brand prioritize!

  • Managing - Continue to develop your skills when it comes to database configuration, security settings, and user administration and permissions. Evaluate your policy on data retention - are you saving and storing more than needed? Did You Know you can identify inactive contacts and delete or manage as groups in Eloqua? Consider other ways you can manage your various marketing data sources and storage effectively.

  • Protecting - Read up on The Best Way To Share Sensitive Data Securely. Depending on the type of data you regularly handle, you may want to explore user roles to make sure the proper viewing safeguards are in place, or leverage data redaction whenever applicable. If you have to share data to provide others with key insights and analytics, it's recommended to run the required analytics in the database or application itself.

          For example - Marketers can never be too cautious.  You may frequently publish content using solution examples, testimonies, or reviews from your own customers or brand advocates. Do you have the "eagle eye" for spotting PII?

    • Idea: A good best practice is to adopt a 2-step publishing review (aka "the buddy system") before releasing your brand's content "to the wild" via a campaign or social media post.

               ✔ The intended audience plus access point or where content is being hosted should be checked.

               ✔ Your publishing checklist should always include a scan or audit looking for any PII and seek proper justification.

               ✔ Label your material clearly, for example 'INTERNAL' vs 'PUBLIC'. Or if you support an account login or gated content, be clear about which blog posts or help articles are PUBLIC (no gate, available via search) vs Visible after Login-Only (behind a gate).

Hope this discussion starter is helpful!

-Nicole H

Post edited by OIT Integration User on