The CCPA and Selling a Business in the California IT Industry
The introduction of CCPA, the California Consumer Privacy Act, has had a direct impact on a lot of businesses, especially the IT industry. For some businesses that do business internationally and were already compliant with the General Data Privacy Requirements (GDPR) passed by the EU, there were only a few necessary tweaks, and they were ready.
But since the CCPA went into effect on July 1, 2020, the impact on running and selling an IT business in California has already been felt. Here are the three most important things to consider and that has and will have the greatest impact.
CCPA and a Customer’s Rights to Access Data
This is a big one for a lot of IT companies, who typically not only store data from their customers, but also provide resources to customers and clients to store the data they gather about their customers.
The biggest takeaway is a reverse transparency: records from the last 12 months must be readily available to a customer should they request them. Even though many companies store lifetime data for customers, they are rarely set up to share that data with the customer or with anyone else.
The reason is simple: data privacy. When a company collects data, they need to protect it from hackers or other nefarious interests. This means data is encrypted and access is extremely restricted in most cases. And if you think your company is immune, look at the recent breach at Barnes and Noble, including their Nook division, where there was a serious security breach and loss of customer data.
This is a hard act to balance. Before releasing customer data to the customer, companies, in partnership with their IT providers, need to provide an identity verification process and ensure that only the data requested is released, and the privacy of the rest of the customer data is preserved.
When it comes to selling or even thinking about selling your IT business, you must have safeguards in place to comply with these requests and this act. Even in the brief time since it has been in place, there have already been challenges by consumers, some of which have resulted in hefty fines or even lawsuits.
Opting Out of the Sale of Data
If you are an app developer, and you develop an add-on or an enhancement to a current application, the ideal situation would be that you market and therefore sell it to those who already use that or similar apps. So you approach the app developer and purchase their list of customers or access to that list, and ta-da! A built-in audience.
Not anymore, at least not easily. The consumer can opt-out of sharing that data with you or anyone else, and if you use that data anyway (or are the seller of that data) you can face hefty fines and lawsuits.
What this means, especially to the tight-knit IT community is that the sharing of lists, formerly a common practice, must be done differently to avoid potential trouble. You can advertise your product to another’s list, but you can’t organize a drip campaign to those leads or move them to your own list without their consent.
While this impacts marketing primarily, it can affect the value of your business when the buyer looks at your potential reach and the viability of your product and future ones. A shift in marketing strategy is essential before you decide to sell your business, and above all else, you must be in compliance and litigation free.
Think of it this way: most buyers are leery of liability involved when buying a business that has a lawsuit pending against it. If you are even thinking about exiting strategy and selling your California IT business, this is something you must consider.
A Consumer’s Right to Sue
Perhaps the biggest impact of the recent Barnes and Noble breach, something hard to face for a brand and industry-facing hardship during the pandemic is the potential for lawsuits. Not only can the consumer sue your business for not providing them with the data you collect about them or for selling that data illegally, but they can sue if you lose their data.
This is the dilemma many IT companies currently face. Data must be secure but accessible when necessary. It cannot be sold, and it must be protected at all costs. A large enough breach even handled impeccably, can bankrupt a company.
And again, no buyer will typically be interested in buying a business that is facing potential litigation, at least not for the seller’s asking price. In fact, it can seriously hurt the value of your business, and the buyer may want the previous owner to assume the liability for that suit.
This is not something IT companies have to deal with tomorrow or can ignore or put off. It’s vital to business success and especially important if you want to sell your business.
Has CCPA impacted your IT business? Are you thinking of selling your IT business? Or do you simply want to know the value of your business in order to make a decision? Contact us at Rogerson Business services today. We can help you by starting with a business valuation, and when you are ready to sell we can help you every step of the way. We want to be your California business broker!