Manufacturing leaders aren’t exactly diving into the world of ecommerce headfirst. Instead, they’re cautiously dipping one toe at a time into the waters. Several things keep them from going “all in,” so to speak, but one of the most serious is compliance with privacy regulations.
In June 2018, California’s governor signed the California Consumer Privacy Act into law. This year, the law officially went into effect. Under the CCPA, companies must notify users if they intend to monetize their data and give them the option to opt-out.
Its reach will be significant. The law is expected to affect more than 500,000 businesses in the United States alone — and many more around the world.
Those that fail to comply will face hefty fines. So if manufacturers are going to survive in the age of ecommerce, they won’t be able to wade in little by little and take on privacy compliance halfway. Privacy regulations are complicated, and compliance can literally make or break a business.
Ignorance of the Law Is Not a Defense
Most companies that do business online have researched state and national laws to some extent, but data privacy laws aren’t easy to understand. To truly comply with all of their nuances and demands, businesses have to hire additional people, integrate complex processes into internal operations, and put forth massive amounts of effort.
Most got into ecommerce with the hopes that having an online presence would help them avoid headaches and reach customers more easily. But when the market matures, regulations do, too. And while most companies know not to send email newsletters to people who didn’t subscribe or sell customer information without permission, they don’t know the finer details of regulations, much less how they differ by state.
For instance, a prospective client reached out to us after it had ended up in court for violating a state privacy law it didn’t know existed. The company’s website was using an assumptive privacy policy, which assumes that users agree to their data being collected and used by merely using the site. Because the company was using the site to do business in a state that banned these privacy policies, it faced a potential fine of $1,000 per site visit. The company ended up settling the case out of court, but it was still a shocking and scary discovery.
Even for well-meaning manufacturers, ignorance doesn’t hold up in court as a legal defense. Intentional violations can cost up to $7,500 per violation. And unintentional violations can be $2,500 per violation, making even accidents a significant cost. Manufacturers are timid about ecommerce because data privacy and compliance are intimidating. Some never pursue ecommerce for this very reason.
Imagine a small manufacturer that’s decided to sell online. It goes through the entire process of building a site, implementing new operations, and calculating shipping as transactions occur. Then suddenly, it has to be responsible and ready for multiple data checks and data wiping. It’s a lot to take on, both from the operations and the financial perspective. In total, meeting compliance standards could initially cost companies up to $55 billion.
To see the full article, click here.