On Jan. 1, California’s “Shine the Light” law, known formally as California Civil Code 1798.83 (SB 27), went into effect. Essentially the statute encourages direct marketing companies to offer a transparent way for customers to opt out. Most catalog and Internet retailers already have privacy policies that offer just that. Direct Marketing Association members who are in compliance with its membership rules are, in fact, already in compliance with the statute.
If you wish to err on the side of caution in doing business with California residents, Todd Miller, a consultant with San Rafael, CA-based list and marketing services provider Lenser, offers the following suggestions:
1) At the bottom of your Website’s home page, include a link to your privacy policy. Within this disclosure, include a form that allows a customer to enter his personally identifiable information for the express purpose of flagging it for a “do not rent” file you maintain. Alternately, or additionally, include an e-mail address, a toll-free telephone number, and a toll-free fax number that a customer can contact to make the same request.
2) Include a link to your privacy policy at the bottom of any promotional e-mails you send.
3) If your printed mail pieces include an order form, include the URL of your Website’s privacy policy, as well as the aforementioned e-mail address, toll-free telephone number, and toll-free fax number.
4) Build specific procedure or scripts for handling both initial and follow-up requests into your customer service training sessions. Periodically test your customer service staff on their handling of such requests–100% compliance is not an unreasonable goal.
5) Express your pleasure in informing customers of their opt out rights. Some may not have read the new law in its entirety. Nothing diffuses a customer’s anger and allays a customer’s concerns more quickly than genuine appreciation for their inquiry, coupled with a fastidious reply.
If your firm does not offer a transparent opt-out method, Miller says, for customers who reside in California you must provide, free of charge and within 30 days of their request, the following information:
1) A list of the categories of personal information that were shared with third parties for direct marketing purposes in the preceding calendar year. Name and address are the most obvious categories. It is also likely that your company shares payment history and the kinds of products a customer purchases.
2) The names and addresses of the third-party firms with which you share information. This might be quite a long list, depending on how often your firm shares its information via list rentals and exchanges. Do not forget the cooperative databases, either. If the nature of a third party’s business is not apparent from its title, then you need to include examples of the company’s products and services as well.
The penalty for violating the “Shine the Light” law is steep. Excluding any legal remedies that may already exist under current California law, customers are entitled to recover a civil penalty of up to $500 per violation (or $3,000 for each willful, intentional, or reckless violation), as well as attorneys’ fees and costs the court deems reasonable.
“Rest assured, this law is only the beginning,” Miller adds. “Statutes such as this are likely the first of many new state privacy laws which will affect catalog and Internet retailers. Although the federal government has attempted to appropriate some forms of state consumer protection laws in order to alleviate what it calls ‘over-regulation and confusion,’ it will not be able to hold back the legislation indefinitely.”