Like with so much in life, there’s good and there’s bad. Let’s explore each.
Do you want the good or the bad first? Ok. The bad first. The CCPA has a few requirements for privacy protection and are helpful, including:
- Encryption of all information related to personal users.
- Users must be able to remove their information from the system as well.
In the context of Salesforce Commerce Cloud, these requirements could be added challenges.
Salesforce Commerce Cloud is a platform which is at the heart of an ecosystem of many other systems that integrate it. In other words, to use Salesforce Commerce Cloud to its fullest, you will have to integrate with this other cartridge, that other provider, that other specialty inventory management system, and so forth.
This structure entails lots of communication between lots of different moving parts. And the CCPA requires that all communication regarding personal information is encrypted. So that’s lots of constant encryption and decryption, at lots of levels.
(To be clear, this is great for the protection of personal information — so this isn’t a negative! At least from the end user’s point of view.)
But this does add non-trivial software development time at every level, to ensure compliance.
And in which direction California moves, the world moves: the world needs to follow California’s example. So even if the law is limited to California, in effect, for all American ecommerce, every level of communication will need to be encrypted. More software developer hours, and more cost. And more frustration all around!
But there is a positive side. What the CCPA is mandating is, in effect, best practices that are good to be followed anyway.
The deep encryption of everything is a classic suggestion that development teams make to clients — to ensure everything is protected — but clients usually don’t want to pay for it.
And guess what? With the CCPA, they’ll have no choice but to pay for it.
So, on the highest level, the CCPA basically forces better security and best practices on everyone, at the cost of more development time and cost.
If I were more cynical, I would suspect that the CCPA was bought and paid for by lobbyists of the software development industry, paid for by software development companies. But no, I’m not that cynical, so of course I wouldn’t suspect anything like that. No, not at all. Not whatsoever.
PS: UV is one of the world’s leading Salesforce Commerce Cloud (Demandware) development teams. Contact us to see how we can work together.