Back to Newsroom
Product News

CCPA Best Practices

December 13, 2019

CCPA. The “GDPR” of the United States – or so some people say. So many letters, so many requirements, so little time to make sure we’re in compliance. For a recap of many things CCPA, please visit our previous blog here

The California Consumer Privacy Act (CCPA), goes into effect on January 1, 2020. The CCPA is a state law that provides California residents more control over the personal information that a business collects about them. We’ve talked a bit about this before and I’m sure you’ve heard it from many peers in the industry. This regulation could lead to penalties for noncompliance with CCPA. 

Any business operating in California that isn’t compliant with CCPA could face civil damages of up to $750 per violation, per user. While not a costly as the GDPR, sizable data breaches for companies with thousands of customers in California could quickly total up to around $1 million in CCPA fines. If a business fails to address any alleged noncompliance within 30 days following notification from the state, you could be considered in violation and charged a civil penalty of up to $7,500 per violation.

We have been working diligently to ensure that we are ready for CCPA on January 1, 2020. Here we are with some best practices to help you stay in compliance with CCPA.

CCPA Best Practices

  1. Have a “Right to Know” and “Right to Delete” process in place
    This is probably one of the most important items related to CCPA compliance. Under CCPA, consumers have the ‘right to know’ what data you have about them up to 2x/year. Consumers also have the ‘right to delete’ their data. You (and Salesloft) are required to have a process to respond to these types of requests. If a consumer reaches out to you to know what data you have or to delete their data, please reach out to [email protected]. We will assist with both processes.
  2. Honor Do Not Contact Lists
    While your reps are reaching out to prospects, they may be unaware of certain specific accounts that should not be contacted. Do Not Contact (DNC) designations help ensure your reps do not mistakenly violate the privacy rights of California data subjects. As an admin, you can add account domains to the Do Not Contact list, and enforce a global Do Not Contact list so prospects/customers can’t be contacted by reps. The Do Not Contact field can also be synced to a field in Salesforce to ensure that Salesloft always has the most up to date information if you’re tracking this centrally. Anyone opting out of an email will automatically be added to the DNC list.
  3. Leverage Customized Templates with Opt-out and Privacy Notice Links
    Ensuring that you’re providing both opt-out and privacy notice links in your emails – and honoring opt-out requests – will go a long way when communicating with California residents. Your organization can offer this as an option in your templates.
  4. Create a Custom Field for Lead Sources With the ‘Right to Know’, CCPA allows consumers to know how you received their data. In Salesloft, you can create a custom field to log the source of the lead. Here’s how:
    • With administrative permissions, go to the ‘Field Configuration’ settings in the settings of the Salesloft App.
    • Create a field called ‘Lead Source’. Map this field to both the contact and lead object field “Lead Source”. This is a standard field in Salesforce – you do not have to create it yourself.
    • Be sure to set the Direction as ‘Salesloft ↔ SalesForce’ aka bi-directional. This will allow your team to update the Lead Source in either Salesloft or Salesforce
    • Additional References: Salesforce Field Configuration OverviewPerson Field Configuration

What do you need to do?*

The following items are very high-level requirements, please visit for more information. The best thing you can do is reach out to your legal team to determine what is needed for your organization.

  • Update your Privacy Policies.
  • Create processes around the right to know, right to delete, right to opt-out of selling information – note the SLA’s required by CCPA.
  • Know where data is in your network.
  • Provide training to the required employees for CCPA.

Curious about how Salesloft approaches security overall? Click here to learn more about how we store, process and secure sensitive information.

We hope that you find the above best practices useful. We are always excited to hear your feedback, so if you have any questions please check out our Knowledge Base to learn more about any of the capabilities listed above, or contact [email protected].

*Please note, all materials have been prepared for general information purposes only. The information presented is not legal advice. Please reach out to your legal team to determine the best course of action(s) for your organization.