The notice of financial incentive (NFI) is a source of dread for many businesses that are trying to become CCPA compliant. It’s confusing, it’s highly visible, and it has been a focus of enforcement by the California Attorney General.
To help understand the NFI, we’ll go over why it exists and what is required of businesses.
The need for an NFI is based on the consumer’s right to non-discrimination. Businesses cannot retaliate against consumers for exercising their privacy rights, such as by denying them service, charging them a different price, or providing a different level or quality of services or products.
While that rule makes sense, it also conflicts with a very common arrangement that benefits both businesses and consumers: providing access to personal information in exchange for discounts, free services, etc.
For example, imagine your business allows consumers to sign up for email newsletters that contain exclusive promo codes that can be redeemed for discounts on your website (discounts=financial incentive, email address=personal information). Later, one of those consumers requests that you delete all of their personal information. If you delete their email address from your mailing list, they won’t receive any more promo codes, meaning they will be charged a different price for your products as a result of submitting a privacy request.
In this situation, the CCPA gives businesses some leeway. They can simply remove the consumer from their mailing list without it being considered retaliation. Alternatively, they can ask the consumer to confirm that they want to be removed from the financial incentive program. If the consumer wants to keep receiving the financial incentive, the business may continue to retain and/or use their personal information to the extent it is necessary to operate the program.
However, businesses only have these options if they post an NFI that complies with the CCPA’s requirements.
Businesses may offer consumers a financial incentive for the collection of their personal information only if the financial incentive program meets these requirements:
By far, the biggest challenge of creating an NFI is making a good-faith estimate of the value of the consumer’s data and showing that it is reasonably related to the value of the financial incentive provided. Placing a dollar value on such programs can be difficult, yet enforcement authorities have made it clear that this is an essential component of compliance.
In order to provide some guidance, current regulations state that businesses shall consider one or more of the following while making their estimate:
In case these factors don’t make you feel any more confident in calculating the value of consumer data, it may be more helpful to use our email newsletter scenario as an example.
If the incentive you offer is a discount code you include in your newsletter, chances are it varies from month to month, so you should try to find an average value. In this example, we’ll pretend the coupons have an actual dollar value (e.g., $5 off your next purchase, or 10% off an item that’s listed at $25), and you offer one coupon per month. We simply add up the values of all the coupons for the last year, and then divide by 12.
You don’t have to provide all of the numbers you used; you can just add a statement such as “We estimate the average monthly value of discounts offered to be approximately eight dollars.”
This will likely be trickier, and you must also describe the methods you used to make the estimate. Let’s say your business has an average monthly revenue of $220,000, and your marketing team estimates that sending out a monthly newsletter results in about 10% higher sales every month, so roughly $20,000 can be attributed to the newsletter. If you send the newsletter to 1,000 people, you can estimate the value per recipient to be $20 per month.
Again, you don’t have to provide all of these figures, just a description of your method and the final estimate of the value. Here you might say, “Based on our estimates of increased sales figures associated with our newsletter, divided by the total number of recipients, we estimate the value of each recipient’s data to be approximately $20 per month.”
Privacy compliance is complicated, and it’s getting more complicated as a growing list of states pass their own legislation. Fulfilling the many requirements like posting a notice of financial incentive or creating a data retention policy can quickly become overwhelming for companies that don’t have in-house privacy experts.
TrueVault US is an attorney-designed software that helps businesses become compliant with privacy laws from across the United States with minimal effort. Even if you’re starting from zero compliance, you can have all your privacy notices up and be ready to respond to consumer requests in as little as a few hours. Onboard your vendors, create a data map, and more with guidance from TrueVault.
To learn more about TrueVault US, contact our team today.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Our attorney-designed software will step-by-step guide you through the compliance process from start to finish.
Request a Demo201 Mission Street, 12th Floor
San Francisco, CA 94105
Email: hello@truevault.com
2024 © All Rights Reserved. Privacy Policy | Terms of Use | Supplemental Terms | California Privacy Notice