Follow Datanami:
December 19, 2019

The Privacy Trade-off for Discounts this Holiday Season

Daniel Barber

(Zivica Kerkez/Shutterstock)

With the holiday season upon us, shopping and deal-hunting are on the minds of millions of Americans.

Even before Black Friday, Small Business Saturday, and Cyber Monday, retailers and consumers were engaging in a dance: Retailers, looking to acquire new customers, frequently offer a “first purchase” promotional discount in exchange for the consumer’s email address or phone number. Consumers, looking for the best deals, happily provide their information for the initial discount, as well as potential future discounts, offered only to newsletter subscribers or “VIP” customers.

It sounds like a win-win, right? It definitely can be, until you start to think about how much personal information a retailer has access to based on the simple act of giving them your email address. Plus, because many systems used by retailers extend access to their vendors as well, the ramifications of typing your email address in a box in a pop-up window are downright scary: Consumers essentially exchange their personal information for a five or ten percent one-time discount.

The playing field is about to change on January 1st, when the California Consumer Privacy Act (CCPA) goes into effect. Poised to put consumers back in the driver’s seat, the CCPA returns control over personal information to the consumer by requiring businesses to give consumers a way to view, delete, or prohibit the sale of that personal information.


For businesses, the CCPA provides a real opportunity to showcase their commitment to consumer communication and privacy. Retailers will need to adhere to a wide range of requirements, which could prove to be a major challenge if they need to implement completely new infrastructure and processes to manage compliance. The good news is that businesses can get ahead of the curve now to ready themselves for January 1st — and set themselves up for long-term success.

Here are some tips to help businesses prepare for the CCPA — and forthcoming consumer privacy laws — as we head into a new decade:

  1. Understand where personal information is stored in your business systems at all times — which systems and what data. The exercise of creating an inventory of all personal data across all systems can provide this information. Ensure this inventory is always up-to-date, as you add new systems, fields, and entries.
  2. Automate the handling of consumer privacy (and do not sell) requests where possible. DataGrail’s Cost of Compliance Report revealed that, on average, 26 people in an organization touch and process each privacy request. To minimize the chances of human error and diversion of company resources, automation can streamline the privacy request handling process, reducing the number of hands through which a request must traverse.
  3. Maintain a detailed compliance log of all consumer data subject request activities. Making sure your log is accurate may become increasingly challenging if the volume of requests grows or spikes over time. You will also want a way to monitor whether a user has been recreated after deletion.
  4. Implement a system that can easily unify your customers’ communication preferences across different systems. Consumers should have a simple way to customize what types of communications they receive from a business and have those preferences be respected across all systems.

The stringent new privacy requirements set by the CCPA will likely be extremely painful for businesses to implement, but by taking steps now, businesses can reduce the potential pain later. One such step includes proactively deploying technologies, such as automated solutions to simplify compliance, which can provide a competitive advantage over companies that are taking a “wait and see” approach.

What’s more, businesses can use these new requirements to foster trust and build stronger relationships with consumers. As we move beyond the holiday season and into 2020, the CCPA will be a key driver of consumers’ privacy expectations across the country — and other states will be forced to step up to the plate.

About the author: Daniel Barber is the CEO & co-founder of DataGrail. In the Age of Privacy, DataGrail helps businesses comply with the GDPR, CCPA, and forthcoming regulation. Prior to DataGrail, Daniel led revenue teams at DocuSign, Datanyze (acquired by ZoomInfo),, ToutApp (acquired by Marketo) and Responsys (acquired by Oracle). He also advises several high-growth startups including, Outreach, and SignOnSite.

Related Items:

CCPA: Business Threat or Opportunity?

CCPA’s Impact on Analytics: A Q&A with Immuta’s Legal Engineers

Price Tag for CCPA Compliance: $55B