The California Consumer Privacy Act (CCPA) is now the law of the land. California is home to 12% of the country’s consumers, as well as 12% of physicians. Avoiding California is not an option for most healthcare marketers.
Over the last six months, I have had almost daily CCPA and data privacy conversations with stakeholders in these markets including pharma companies, hospitals and health systems, medical publishers, and agencies. A few trends have emerged:
- There is still a lot of confusion in the market. Understandable, given the grey areas within CCPA.
- Most healthcare stakeholders have taken basic measures to acknowledge CCPA, but most have not yet deployed key infrastructure envisioned by the law.
- Two topics of ongoing discussion include the role of the Service Provider, and the requirements for processing and reporting on opt-outs or Do Not Sell directives.
There is also a growing realization that third-party data owners have to recontact all of their California members to notify them that the company will be using — and possibly reselling — their personal information.
For DMD, thankfully, we have not had to take this additional step. Because we have a first-party relationship with the individuals in our database and our existing stringent information practices, DMD has exceeded the requirements of CCPA.
Regardless of which third-party data owners are engaged when licensing data, most healthcare marketers still need to be actively engaged in data privacy issues; they need to know the source of the licensed data, how it was obtained, and ensure the proper steps required under CCPA have been completed. Failure to do so sets a company up for lawsuits from individuals and fines from the California Attorney General.
I’ll be hosting a webinar on these topics on February 6th, diving deeper into what healthcare marketers need to be aware of with regards to CCPA. I will also cover what 2020 is likely to hold for our industry in the data privacy arena on both the state and federal level.