Greetings from Newfields, New Hampshire!

The National Retail Federation reported an estimated 186.4 million U.S. consumers shopped until they dropped either online or in person between Black Friday and Cyber Monday. The total number of shoppers leans heavily toward online shopping, though, as NFR recorded 95.7 million online-only customers — a 44% increase from 2019.

“The growth in online activity this year was significant, particularly for Black Friday and Saturday shoppers,” said Prosper Executive Vice President of Strategy Phil Rist, whose analytics company produced NFR’s statistics. “With the start to the holiday shopping season continuing to move up even earlier, consumers will further utilize these channels.”

None of this should be surprising with the pandemic still raging, but the increases certainly give privacy and infosecurity professionals something to chew on. Safe to assume personal data was in some fashion linked to every purchase or website visit. It could be considered a form of job security given that website security and privacy policies will undoubtedly need to be in focus and refined with the flood of users.

Along that line of thinking, though, did anyone see “Do Not Sell” links on during their shopping frenzies? I saw them here and there in my shopping, and it made me wonder if this could be the California Consumer Privacy Act’s big break. 

The presence of an opt-out mechanism on websites certainly wasn’t a consideration for many, but it might be for those privacy hawks that needed to cross names off their holiday shopping list. There have been debates defending and criticizing CCPA’s definition of “sale,” and there has even been some allusion to potential semantics that help avoid the definition altogether. A privacy-focused shopper might be left to wonder if there is a compliance issue when they don’t see a link but know a particular company falls under the CCPA’s hand. If so, queue the formal complaints to the California attorney general’s office.

The moral of my story here, privacy pros, is we’re living in a period defined by exclusive online activity, and it’s not changing anytime soon. Those who are continuing to play it fast and loose with their regulatory compliance during this time will be in for a rude awakening once a conscious individual catches on. It’s less a matter of if they’ll catch on and more when they will.

But I’m sure if you’re an IAPP member reading this letter, then you’ve already considered all this and can get back to decorating the house and drinking your warm mug of cocoa with peace of mind.

Happy holidays, folks.