Not too long ago, data was treated like a house with all the windows open. You had the option to install blinds or curtains if you chose, but all too often people left their windows completely open day in and day out, simply because they did not know there were other options. After all, leaving a window open is fine some days, but you don’t necessarily want everyone in the neighborhood to know when you’ve been watching your guilty pleasure tv show for five hours straight on a Sunday afternoon. (Spoken from experience.) 

Today, channel organizations must close and lock those windows to comply with strict data privacy policies and regulations. It goes without saying that adhering to the data privacy laws everywhere our customers are located or conducting business is of the utmost importance to us. We recently spoke with Tim Porterfield about GDPR and how channel marketers use Zift to ensure compliance. Today, we’re following with Zift’s Director of IT and resident data privacy expert Stuart Phipps. He’s navigated Zift through multiple SOC II Type 2 certifications with no exceptions. Naturally, we turned to him for answers on CCPA. 


What sets the CCPA apart from GDPR? 

“The California Consumer Privacy Act is not a far-reaching set of regulations like GDPR, but it is still a strong step in the right direction for protecting consumer’s rights to privacy in the US,” said Phipps. The main difference between the two laws is the broadness of their reach. GDPR applies to the data of an EU citizen worldwide, meaning EU citizens can invoke their right to be forgotten from any company that has acquired their data. The CCPA applies only to California-based companies with revenue over $25 million or whose primary business function is the sale of personal information. 

Data encryption is another important facet of privacy that CCPA addresses. Encryption makes data that much more difficult to be accessed by unauthorized users and adds a level of security to companies involved in data transfer. Mainly, though, its purpose is to ensure the protection of personal data.

Phipps also thinks it’s not a matter of if, but when, for other states to follow suit on new privacy laws. “The CCPA is likely the beginning of a whole suite of data privacy laws in the US — New York, Illinois, and Washington state are all in the process of drafting privacy laws to be enacted in 2020.” 

Zift is committed to driving your channel success, and that includes ensuring compliance to all data privacy laws not only for ourselves but for suppliers and partners as well. Our platform is set up with the “right to be forgotten” in mind for the end customer, and partners can be anonymized in our support system.  


How does Zift ensure CCPA compliance for Suppliers? 

GDPR’s requirements are more stringent than the CCPA. So the GDPR requirements met and ensured by ZiftONE also cover the needs of CCPA. We have steps baked into the platform that brands can enable that require verification of contacts opting-in for marketing and communications. Keep in mind, though: a system designed to protect data is only as good as the people using it. Our terms and conditions protect suppliers and us as a data processor. 

It’s worth stating: playing by the (data) rules pays off. Our system has automatic bounce rate and spam rules in place, and those who fail to meet those rules repeatedly lose access to our platform for communication. Conversely, those who use it effectively gain more email credits. 


Have any questions for our IT experts on how Zift ensures total compliance for GDPR and CCPA for suppliers and partners? We’re happy to answer them. Leave a comment or contact us — privacy matters, but our commitment to data security is totally transparent.