January 1, 2023 is almost here. And that means new privacy-compliance rules in California -- especially for healthcare marketers.
Case in point: The loss of the B2B exemption. The California Consumer Privacy Act (CCPA) had given B2B a pass, but that is not been renewed in the pending California Privacy Rights Act (CPRA).
So pharma communications with healthcare professionals (HCPs) must now adhere to CPRA, according to 4 Effects of New Data Privacy Law on Healthcare Marketers, a report by DMD. Of course, the rules apply to everyone, not just to healthcare providers.
CPRA will also tighten up rules on what constitutes a sale. Marketers had argued that use of personal information to drive advertising does not amount to a sale, although CCPA did state that data sharing based on a “valuable consideration” falls under that heading.
There is no ambiguity in CPRA. The result is that “all aspects of the digital advertising ecosystem will need to comply with the new law,” the report notes.
Then there is the need to inform clients of opt-outs. Under CCPA, data brokers were required to support opt-outs, but not to advise their clients. Under CPRA, valid opt-outs must communicated to clients of the data broker, and those opt-outs honored, although the length of time for those notifications is unclear.
The CPRA also mandates that a data broker who licenses data from a third party will have to notify every California resident and give them the chance to opt out of sales of their information. That includes healthcare professionals.
The takeaway here? Healthcare marketers should ask if their data brokers “have a first-party relationship with the covered HCPs.” Failing that, they should seek written reassurances that the brokers are complying with CPRA.
DMD concludes that new laws are taking effect in Virginia, Colorado, Connecticut and Utah. Healthcare firms — and all brands — should work with a broker who is an expert in this area.