Cyber Security Part 3, UC SF pays $1.14 Mill Ransom

Cyber Thief’s are not just extorting money out of the Big Dogs anymore they have worked their way down the food chain even hitting individuals for ransom. How do they do it? They have automated tools that look for vulnerabilities, and target businesses, or organizations that have an open architecture. Universities are an easy target with the high student turnover. There is also the desire to allow a lot of sharing of information. Many times folks in academia are very focused on research with little time for complicated Cyber Security Protocols. The IT – Cyber Security team is an afterthought.

June 2020 BBC News Reports that $1.14 Million dollars was extorted from University of California San Francisco CA by Cyber Criminals using Ransomware. The initial demand was for $3.0 Million Dollars in Bit Coin to unlock the encryption of their data. After a series of negotiations the University eventually paid $1.4 Million and got access their data. Full Story here: That does not mean that the Cyber Criminals have been permanently excluded from their system. Nor does it mean that all or part of their data won’t be sold to other cyber criminals. Once you have been compromised it is critical that IT identify All of the ways those criminals got into your system, then plug those hole ASAP.

A common vulnerability is having an Open RDP that is IT or more often Contractors with Remote Desktop Protocol (RDP) access. Should one of those folks get hacked, every device that they have access to is now vulnerable. Access should be terminated as soon as the need to access that machine is over. Also have clear procedures to remove RPD access from Employees and Contractors who leave your organization.

Another tool is to set your fire wall to prevent access from foreign IP addresses, that is if you have no need to allow access from outside your home country. As hackers will often route their attack through multiple and ever changing IP addresses during their attack some firewalls can stop access when the IP addresses represent Impossible Travel. So if at the start of the access attempt the IP address is in Toronto Canada, then a few minutes later it is coming from a Mexico City, Mexico IP address that is and impossible distance to travel in a few minutes and the software can be set to block it.

Even web based SAS Software such as Salesforce can be compromised. Having good security protocols in place will create a high wall for Cyber Criminals to climb. On the off chance this is a concern in your business it my be worth a quick conversation.

Posted in Product Manager Orange County | Tagged , , | Leave a comment

Cyber Security 101 Part 2

Good cyber-security is a lot like protecting your home from robbers. We want to layer the defenses. For a home you might have a fence with no trespassing signs around the yard. Doing so will restrict access like the neighborhood kids and stay dogs. Net we have doors with dead bolt locks, maybe bars on the windows. Install an alarm to alert the police. For valuables a safe etc. Each layer will stop some level of intrusion, and we put the strongest layers around the most valuable Items.

Cyber Crime is hitting even Small Businesses

We need to define what data & software is most valuable and most vulnerable. In part one we talked about having a good anti-virus software, a strong firewall and two spam blockers one at the server level and one at the PC level. In Part 1 we also talked about training your team to recognize spoofed emails and do their part in cyber-security. As 91% of Hackers gain access through a phishing email that got opened by one of our own people.

So what is the next layer we need to add? Two factor authentication – Dual Factor Authentication. Yes this can be annoying having to remember our User Name, Password and then enter a third code we get via Text (Or different email address). Yet it is one of the best ways to prevent access because it requires access to another device or secure email or phone. This combination creates a major hurtle for a hacker to overcome. There are several ways to use it.: 1. upon initial set up to verify the IP address and pc you are using, 2. when ever logging in from a remote location – non-company IP address 3. Every single time a person logs in.

Two Factor Authentication is like having 2 locks on your Data

The biggest advantage when using Two Factor Authentication is Even If a Hacker gets your User Name and Password they still can not log in with out the Second Factor – Code send usually via Text.

Complex Passwords are the Next level of security, it is important to have password security policies for our people to follow. Having a great front door with a strong deadbolt lock won’t do any good if the door is left wide open all day. The same is true for Cyber-Security. Common policies are: Long Complicated Passwords that are not iterated when changes, that is the old password is reused with a 1 at the end then next time a 2 etc. Have more than one password. A different password for access for access to different software’s, that way if one is compromised they hacker does not have the keys to the kingdom.

Make compliance with Cyber Security Policies easy for example:

To create complex yet easy to remember password is: A. Use a maternal relatives hometown, B. combine that with the numbers of a relatives address C. then pick the name of your favorite candy as is kid. D. combine them in a string with a few Caps E. Sprinkle in a % * ! ? . Now you have a easy to remember password that is complex an if you write out a few clues to help you remember it would be very difficult to get them all. Be creative. Things to avoid: Dates of any sort, you children names, School names, pets names etc all of this is often on social media or easy to guess.

Example: SanFranSisCo987IcePops#%^

Next test the system, send folks a phony email from an email address they don’t know. See if they open it. It is easy to set up as many email addresses as you want to test your people. Reward those that catch on and Report the intrusion attempt. Then privately re- train those that get fooled. It is always a work in progress because cyber criminals are always looking for a new way to steal your data.

Posted in Product Manager Orange County | Tagged , , | Leave a comment

Cyber Crime & Security 101 for Small – Medium Biz Part 1

Photo by Saksham Choudhary on

Excuse to do nothing number one….. “Well my business is way too small for hackers to even notice or care about”…. Well until it happens to you that is. I was at a WordPress User Group a few years ago and one of the folks attending was asking for help, his computer was locked up by a hacker using ransom ware and wanted $350 in Bit Coin to unlock it. Several months ago a Orange County Company (Several $100 Mill in revenue) got hit with ransom ware, they didn’t pay and it took them nearly a month to get fully up and running. So how long can you afford to be with out access to your network?

Excuse to do nothing number two…..”My data isn’t anything a hacker would want, it isn’t all that valuable.” Well you are right it isn’t valuable to the hacker, but is valuable to you and that is what the hacker is depending on. Just how long could you last without access to your: Customer Contact List – CRM, Email, Accounting Software etc.

We have defied the problem now what is the solution? There is no magic bullet software that will provide 360 protection all the time everywhere. It is only by layering the protections and methods I will discuss that we can have a good affordable level of protection.

The place to start is with people as 91% of attacks get in with a phishing email. You might be thinking I would never fall for those lame poorly worded spamey phishing emails that all end up in my spam blocker. That is not what Cyber Criminals – Hackers are doing these days. They prey on people who want to be helpful, like customer service and sales, folks who are trained to help. These Cyber Criminals are sophisticated professional criminal syndicates who are running a “Business”. Before even sending their Phishing Email they do their homework many times on social media. They craft an email that looks like it is coming from someone you already know.

So how do we defend against this type of attack. Here are some suggestions:

First and foremost: Train your people to Not Open any email unless they know who it is from and if it looks suspicious verify the sender by Hovering over the Senders Email Address by holding the mouse over the email address to see if it is spoofed. See example below we will look at the two flagged emails below:

Examples of Spoofed email addresses possibly from a hacker – cyber criminal
Spoofed Spam Email actually from
Spoofed email not from McAfee but from
  1. Install and use a good spam blocker at Both at the Server Level (if you use a server that is) and the Personnel Computer level .
  2. Train your people If they do not know the sender or if they are at all suspicious of the email and it contains links Do NOT click on the link.
  3. Have policy’s in place for personal email and access using company computers.
  4. Keep your operating systems software up to date they often include patches that help keep the bad guys out.

Play the odds, since 91% of Hackers – Cyber Criminals gain access using phishing emails do your best to stop them right there. The first and often best layer of protection from Cyber Crime is trained people. A well trained team will make it much harder for a hacker to gain entrance to your system. If you make it hard they will often move on to an easier target.

Posted in Product Manager Orange County | Tagged , , , | Leave a comment

Selling During a Pandemic? Whats working Whats Not……

Not Working:

Trade Shows

IMG_4754        Door Knocking – Walk ins

Emails expressing our companies concern for your health & safety …etc etc

So what is working….?

Well I jumped into to a Sandler Sales Training Presidents Club meeting to find out. A group of diverse Sales Professionals selling everything from Real Estate, Big Plates of Steel, to courses on how to trade Stocks.  Some folks are brand new to sales others are seasoned professionals seeking to up their game.  We met online this month to learn and share our experiences.

The first thing we are all dealing with is our own reluctance to get started selling. No doubt these are unusual times.   Our Coach said true and you get a few minutes to complain about is then move on. Do not become a Deer in the headlights, the road to success is littered with flat Squirrels that did not get moving. Focus on the things we can control Now & get moving! Business is still being transacted. All crisis are temporary, we need to do the work now that will prepare us for when things return to normal.  The first thing that needs to start working is us…!


The Phone…!

What is working is calling on the phone. Yup plain old cold calling. The Pros in our group were finding that customers and prospects are picking up and returning calls.!  Start by using your CRM to make a list of existing customers then a second list of leads. Our approach needs to be different that typical cold calls pushing our product.  To loosely quote Coach Chris Jennings “Sales is helping people to solve problems that they could not solve without our help.” We need to acknowledge the reality of the situation, by asking our current customers and prospects how are they adapting to the current situation.  Our dialog with them needs to recognize the reality of the current situation, from their point of view. Listen to what they are dealing with, be a sympathetic ear.  Approach them with the attitude of how can we contribute to your success during this crisis?

Think more broadly, many folks are feeling isolated. We can be creative with our support and approach. Online meetings can give us all a sense of normalcy. We can do one on ones on the fly or get everyone in a virtual room. We all have time now to look at an act on things that we “Didn’t have time for” in the recent past. Is there Online live training we can do? New CRM Software installation is often predicated on having down time during an extended holiday, or inventory of stock – ware house, maintenance etc. Our Imagination is our limit. We have a golden opportunity to “Catch Up” on things that are often blocked by the ongoing flow of business. Our customers & prospects are feeling stressed and need our expertise.

I don’t suppose anyone is interested in continuing this conversation? If you are you may want to go to to learn more about Sandler Sales here in Orange County, CA.

On the off chance you are interested in a CRM  I can be contacted at




Posted in CA, CRM, Orange County, Sales, Salesforce | Tagged , , , | Leave a comment

Don’t Let 19 ruin your 20

Don’t Let Covid 19 ruin your 2020…. This is NOT the New Normal

Building Your Post Virus Future Now..!

Just like the rest of us I have been cooped up in my home, alternating between being:  board, depressed, stressed out and distracted. A whole lot of my time has sad to say gone to waste,  chasing shiny objects, YouTube Videos, Wikipedia Rabbit Holes etc………  We are all facing a new experience being quarantined. This is like nothing within the living memory of most of us.  I remember my Mom talking about how in the 1930s if someone in the family had: Whooping Cough, Polio, Tuberculosis etc that the health department would post a notice on their door to quarantine everyone in the home. I thought those days were long gone. What is bothering me most is the uncertainty when will this end. Well I decided that I am Not letting this become My new normal. To paraphrase Winston Churchill If you are going through Hell… keep going don’t stay there..!

I read and article by the McKinsey Consulting Group and watched a webinar by Fisher Investments. They are both were confident that this will Virus Situation will come to an end, probably sooner that we think. Things will improve and we will all move on to a better future. So what do we do right now in the thick of it? One thing is to not beat myself up too much about my lack of productivity. Also going down Rabbit Holes is not productive.  The questions I have been asking myself this weekend are what can I do to move the needle in the right direction?

A number of ideas came to mind.  Until this all got started I had a regular schedule of activities based on my written Goals.

  1. Re-visit your goals and reset it to work to the best extent I can under the circumstances.  If you don’t have goals now’s the time to develop them My Take Goal Setting The Sandler Way 1 Goals 101
  2. List the parts of your goals that you can do then put them in your new schedule to do them.  For example I have a goal of doing 2 blog posts a month, there is nothing stopping me from getting way ahead, have the cued up and ready to go for the next several months in advance. There are plenty of Online Learning Opportunities, I have been taking a Sandler Sales Foundations Class ( Sandler Sales Free videos  and Fee Based  and Free Salesforce Trailhead Classes ( Salesforce Trailhead Free Classes)
  3. After you have clarified what you can do and scheduled work on it every day. One of the skills I learned from Sandler Sales Training is the Ideal Week.  That is a schedule day by day of my activities that in an Ideal World I would do to meet my goals. In my business that means: Cold Calls, Warm Calls, Networking, etc. I block out times every week for these and other activities. Life happens so if we hit 70 to 80% of our Ideal Week we are doing well. Review your adherence to your Ideal Week at the end of your week and track it. Hold yourself accountable by tracking how well you stick to your ideal week. As David Sandler Said either you are working on your Goals – Plan or someone elses.  IdealWeek
  4. Get an accountability partner share your Ideal Week with them. Schedule a phone call once a week to review your adherence to your Goals.

In my schedule & goals I have Business & Personal Goals. I also will make sure I have time for breaks to re-charge my battery, spend time with family (on the phone or web), take breaks from my work.

This situation is stressful and taking more breaks may be needed, they need to be constructive and time limited or we risk getting sucked down a Rabbit Hole. Don’t let that Rabbit Hole become your New Normal.   Those that invest there time wisely will come out of this stronger than the competition.

Posted in CA, Goal, Goals, Sales, Salesforce | Tagged , , , | Leave a comment

Cyber Security for Cloud Based CRM

Recently I heard about two companies who got Hacked (one a Multi Billion dollar Corp, the other about $150 Million). Neither one has gone public so I am keeping this on the low down. One got hacked due to a malicious email with ransom ware. Not sure how the other was breached. Both companies systems were down for an extended period of time, one for a week the other for several weeks.  They were both able to sort of function but they both were seriously impacted financially.  How long could you or your company run without email,  your ERP-MRP, and Finance/Accounting Software?

I am no expert on overall Cyber Security, my focus is on basic security and Salesforce CRM Security. The first step is to not depend on one single method to keep Hackers – Cyber Thieves out. They have gotten much more sophisticated and are global in scope. These are organized criminal gangs raking in big bucks through Ransom Ware that locks up your computer systems and they will black mail you for the key to unlock it. Even after paying some won’t even give you the key.

Being prepared with a disaster recovery plan and have ongoing training of Everyone who has Any Computer access. Often the basics will be a good start on keeping cyber thieves and hackers out of your systems. If  you don’t know who sent you the email don’t open it. Hover over it with your mouse and if they sender doesn’t match the sender that shows in the hover just delete it or put it in your spam folder. Some companies have a tool where you forward it to a special mailbox where their security team deals with it. A common ploy is to call you and try to get your folks to go to their website to show you what they want, it is a ploy as soon as you get on their site Malicious Software loads on to your computer.

Train folks on creating Strong Long Passwords, that are changed 3 -4 times a year. An easy way to create a long strong easy to remember password is ask the person to use: their Grand parents (Gran Nona) street name, plus last 4 digits of their childhood phone # (1234), then an aunt or uncles (Bob) street name. Example: Main1234Pennsylvania, then write on a yellow sticky, a code word for it, Nona, Home#, Unk Bob,  easy to remember but anyone finding that sticky would not have a clue what it meant.

Internal data Theft & Data breaches are far more common than external. Layer your security. Even if their account gets hacked many times only that persons data will be compromised. When an employee leaves lock them out ASAP, one of my clients had a former employee accessing Salesforce  for 6 months after termination! Limit what users can see and do. In Salesforce through the use of Profiles we can control the Objects that they have access to, all they way down to each and every field. Next through Roles and Hierarchies we can control what actual Data they can see or not see. Limit what they can do, should they have Read – Write Access or Read Only. Limit their access to working hours. Keep their access limited to their own company computer when logged in at the company office.


Backup your data, just because it is on the cloud doesn’t mean it can’t be lost. I can’t tell you how many of my customers don’t do backups of Salesforce. There are two reasons. First on the off chance Salesforce gets hacked. Second if your people accidentally or maliciously delete data.  There are two ways to do it. The first is using Salesforce’s Backup under Data Management, this will back up the whole instance. The Second is to create reports with all data on key objects like Accounts, Contacts, Leads, Opportunities. You can also use the Data Loader to extract your data. Decide the maximum amount of data you could afford to loose, 1 day, 1 week, 1 month. Then back up at least that often, store the data in 2 different places.  With memory devices so cheap these days it is great insurance against Cyber Thief’s & Hackers.

Obviously use a strong security software, providing anti virus protection and a firewall. I have used these for years. I find that anti virus is not enough, a good firewall keeps a lot more junk out.  The cloud is safe but your computer is the access point and if that gets compromised your cloud data is venerable.

By taking some basic precautions we can take a data breach from being a crippling disaster to being a solvable annoying business problem.

I don’t suppose any of this has happen to your business on the off chance it has it may be worth a short phone conversation.

Phil Sallaway



Posted in CRM, Salesforce, Salesforce CRM | Tagged , , | Leave a comment

$14 Mill Profit from CRM Implementation

Its often the case that when you start digging around that un-expected benefits show up.  Sometimes a lot of success &  very profitable business can allow us to overlook money lying on the floor. This is the story of one such case. While working with a client in the consumer support business on a large CRM implementation I discovered a data gap that turned out to be a $14 Million Dollar hole in the Bucket…! (Note: Identifying information has been changed & approximated to protect the clients privacy.)

My assignment was to map the data fields from the home grown consumer service data base to Objects and Fields in Salesforce sounds simple, it wasn’t.  It took a lot of leg work to find out who the guru was for the old data base and then get a handle on what needed to be mapped, what didn’t and where each piece of data needed to go. Then I needed to make sure that the data had a place to go with enough space and was the right type & format to go into Salesforce. For example if you try to put 140 characters of text into a 50 character field the first 50 characters go in and the remaining 100 get chopped off, or if you try to put text into number fields etc.  This is the meticulous process of due diligence that can make or break any CRM implementation.  Along with this we needed to make sure the right data was mapped to the correct place in Salesforce. In addition I had to match up the accounts in the legacy data base with the accounts in Salesforce.

We were going from a home grown database to Salesforce CRM. To do that we needed to do to reconcile the consumers accounts between the two. There where many thousands of consumers some had been put into Salesforce others had not. I determined who the most recent (last 3 yrs or so)  consumers were and made sure they were in Salesforce. Next I compared that with the list from the home grown database, they did’t match.  We extracted the key identifying consumer data into Excel and after a lot of filtering, VLookups, and sorting narrowed it down to a difference of several thousands active consumers. Still not good enough too big a delta. I then suggested that we compare these two data bases with the Account Data from our Accounting Dept Software, I got curious looks, why ? what could they add to the picture? Well I said: As someone once said “Follow the Money” good advice where the money is there will be someone watching it…… guaranteed.

As I have found out though experience the accounting department will have a strong interest in keeping good records. They are my go to for certain key data, like Consumer Address, key billing contacts, sales closed won, sales history, active accounts and most importantly who has paid and who hasn’t. The folks in accounting kindly shared a high level list of active paying consumers. When comparing this list with our list of “Active Consumers” in both Salesforce and the Home Grown Data base there was a big difference.  As we were just in the process of implementing Salesforce we expected some minor difference. The team was very surprised to discover that the home grown data base was well, way off.

After yet more sleuthing we were able to determine that 15% of consumers with an active account in the legacy data base where no longer paying us ouch! Grinding though the numbers that worked out to be about $14 Million in lost revenue.

Recommended Solutions:

My approach for critical path items it to triple down. That is have at least 3 plus independently redundant methods of validation.

First we added a field for agreement expiration date to the Consumer Account Object, and a check box = Active/Inactive Consumer Account, then limit data access via user profiles, so that service was only provided to paying consumers.

Second set up a workflow to warn both the sales team & the accounting team 7, 30, 60, 90 days in advance of the contract expiring based on the Agreement Expiration date field

Third a workflow that would un-check the Active Account box on the account after the contract expired date had passed, this would prevent our service team from providing support.

Fourth set up an API connector between Salesforce and the Accounting software to un-check the consumer account active box if the customer was seriously past due on payments and/or their agreement expired.

We also added field level security to the check box so only authorized management members could extend the consumers agreement, with field history tracking and a time limit. We also decided to create an approval process that allowed Sales management to give the customer some breathing room during extended negotiations.  This also prevented folks from well “Helping out” a consumer at the companies expense.


Through follow though and meticulous data mapping won the day. Saving $14 million by closing a 15% hole in the bucket for consumer services.

You probably never run into this type of situation in your world, if you want to avoid this type of loss it may be worth a quick conversation. or 949-636-5286

Posted in CA, CRM, Orange County, Phil Sallaway, Sales, Salesforce, Salesforce CRM | Tagged , , , | Leave a comment

Corona Virus Opportunities ?

First I am not suggesting hustling your neighbors by selling them $10.00 rolls of toilet paper or charging $50.00 for a jug of hand sanitizer.  In every situation there is an opportunity to improve your situation. My guess is that some folks will see this as an opportunity to slack off at work and use the Corona Virus as an excuse. For others this is a great opportunity to do what Steven Covey author of 7 Habits of Highly Effective People suggested we should always be doing. What is that …? well he told it as a story.

He says two lumber jacks decided to have a competition, one was a big tall husky fellow that other a shorter thin guy.  The big guy was sure he was stronger and would win easily. On the first day the big guy sawed twice as much wood as the short guy. By the second day the short guy had caught up. By the third day the big guy decided he was going to start early work harder and win. On the third day the short guy cut twice as much and won the contest. The big guy was shocked he said to the short guy how did you do it, I worked twice as hard for twice as long as you did, and every day you took a break at noon and rested in the woods. The short guy said ya I rested in the woods but I also sharpened my saw twice a day so it stayed sharp!

So are you going to sharpen your saw by learning something new ? or see the Corona Virus as an opportunity to let rust to accumulate on your skills?  These days there are more opportunity’s to learn new skills online than ever.  A few of my favorite suggestions are below:

“Finally, our team has created a publicly-available Trailmix on Trailhead Trailmix Link with tips on how to work from home and maintain personal well-being during this time.” Mark Benioff CEO Salesforce.

Learn Salesforce for Free at:

Salesforce Trailhead Free Learning


Here’s another suggestion you know that list of cold calls that you’ve been meaning to work on. Well now is the time.  With travel restricted what better time to catch people who are normally hard to get a hold of!  Want a refresher ?  Try this recording: Sandler Cold Calling Webinar Recording

To sharpen those sales skills there is Sandler Online Free Content Library (Podcasts, Blogs, Whitepapers etc:  Sandler Sales Online Resources


“The world is moving so fast that you have to run just to stay in place….! ” Tom Peters

Not sure if any of this is relevant in your world on the off chance it is you may want to contact me for a quick conversation.

Phil Sallaway

Posted in CA, CRM, Orange County, Sales, Salesforce | Tagged , , , | Leave a comment

The State of Sales from Adult Hot Lines to Industrial Suppliers

According to the US Department of Labor Statistics in 2015 there are 14.4 Million people employed in Sales. That number includes inside and outside sales people from the person in the blue shirt at Best Buy to the top performer in the Armani Suite. Taking a closer look according to the average sales salary is $57,422 as of Jan 2020, which is  better than the average salary over all of $48, 252 per the Social Security Admin.(2019)

One of my business connections owns a Sales Training & Coaching company. From time to time I do some consulting for his company. One of the most interesting things I have done is to do Mystery Shops, where I will contact a company and act like a prospective customer to learn about their sales process.

I have Mystery Shopped a wide variety of companies from:  Weight Loss Clinics to Industrial Suppliers and even a Adult Companionship Hot Line, yup I have heard it all. Been hung up on by customer service folks, ignored, promised a call back, a price, a quote and never heard a peep. Probably the most shocking was when a VP of Sales supposedly with 25+ years in sales who said he didn’t feel comfortable making cold calls on internet leads… Yea that’s right afraid to make cold calls after 25 years of calling himself a sales person. Sorry if you can’t or won’t make cold calls you are not a Sales Person you are a highly over compensated order taker, if that fits your business model and you are growing well I am a fan of what works keep on keeping on.

What is consistent is well the lack of a sales process, and what little they do to sell is well predictable.  A pitch and a quick offer of a discount. Apparently they are all mind readers who knew what I wanted with out even asking about my situation. At first it was rather surprising, that people who say they are in sales but don’t qualify, present, close or even get my contact information so they can follow up. Yet many had at least some training. The true benefit of a sales process it two fold it is first repeatable and second it is trakable.                                                       SampleLightningDashbord

A repeatable process can be taught it is a system for success. The inputs are known as is what the output will be. You know if you make 100 calls to get 20 appointments that result in 5 sales how many calls you need to make to hit your numbers. The goal of tracking is not to rack up high call count rather the opposite. To learn what works and what doesn’t. So you can do more of what works and lower you call count and get more sales.

SalesforceMetrics (2019_10_13 20_29_39 UTC)One CEO I had coffee with told me I was the only other person he ever met that tracked my calls and know how many call backs I got from my messages, how many calls to and appointment and then to a sale. If you want to be a real success in sales track what works and what doesn’t, it can be in a CRM, on a note pad, in Excel be a scientist of sales. I happen to like the Salesforce CRM and the Sandler Sales Seven Step Sales Process. On the off chance you want to learn more go to

Trackable makes it possible to change coarse as needed and hold people and yourself accountable right away rather than at the end of the: month,  quarter, year. You have to track what you are doing if it isn’t measurable you don’t have a system. No system and there is no way to improve it. Not sure who said it first but: Things that get measured tend to get improved. Tracking leads to accountability personal and company wide. I don’t suppose any of this makes sense in your situation if it does I can be reached at


Posted in CA, CRM, Orange County, Phil Sallaway, Sales, Salesforce | Leave a comment

The New Calf Consumer Data Privacy Act CCPA casts a broad net don’t get caught..!

The Irvine Chamber of Commerce hosted a lunch event on the New Calf Data Privacy Act aka CCPA. This Act was forced upon and through the Legislature by the threat of a Ballot Initiative. As a result it is about as well written as a 2nd graders what I did this summer essay. IMG_7139

(Authors Note) It’s a confusing pile of spaghetti to say the least. I will do my best based on my humble notes and the great slides & information presented by the US Chamber of Commerce to give you all the basics.


Ok now we know it’s a dumpster fire piece of regulation and it has gone into effect. Now what, well the good news is that it appears that the Attorney General does not expect to enforce the act until July 2020. Also how it will be enforced is still up in the air as the Attorney General has not drafted guidelines for enforcement. (as of the time of this presentation) (Authors Note: as with any new regulations there will be court challenges and as cases resolve we will get a better idea of the full impact of the CCPA. We will also see how  aggressively the Attorney General (AG) enforces the law and how the courts rule and create case law. It in common practice for AGs to find and easy target with deep pockets to make an example out of them)

Who does it effect more businesses than most folks realize. For example: 50,000 transactions divided by 260 work days a year is 139 transactions, so a food truck that a uses mobile device driven credit card reader could easily get ensnared by this Act.  IMG_7143

The CCPA is vague as to what is privacy. In addition it is up to the Business to determine how to “Verify” a consumer request. As well as prevent non-public information being given to scammers posing as a consumer. Talk about being caught in the middle, you have to verify it is the person they say they are or face civil action And prevent sensitive data from getting into the wrong hands which also can lead to legal sanctions.


The CCPA definition of a sale is based on a different definition than usual ie. Sharing a data base (CCPA) rather than the generally accepted definition,  based on an exchange of goods or services in return for a monetary value.

It will be costly to provide data to consumer and right to opt out of their data being sold, if you sell do sell data you Must have a Do Not Sell Button for them on your website.

You can not discriminate against customers who opt out or exercise their rights ie customer loyalty programs if yo are a franchise of a larger org or biz your are considered to be a part of the bigger org – biz and the rules apply.

General Exceptions HIPPA GLBA (Gramm-Leach Bliley Act for Banking & Financial data)

The Consumer must be provided with their data if they make a verified request  consumers have the right to be forgotten and their data deleted: Exceptions apply see slide below:IMG_7145

There are exceptions for Employee data.

For those that use Salesforce CRM there is a Trailhead Module (Free online class – training) on US Privacy Law Basics here:

US Privacy Law Basics Trailhead Badge

There is also a Saleforce Traihead badge on European Data Privacy aka GPDR at:

European Union Privacy Laws Trailhead Badge


Some of these exemptions expire 1/21/21 unless extended.


The presenter noted that when the European Union instituted their consumer privacy regulations aka GPDR it was was ushered in over a 2 year transition period. By all accounts the transition was not perfect but a reasonably smooth one.

The Cost to Business & the Calf Economy is estimated to be at a minimum $55 Billion dollars hit. IMG_7154

This does not include the hidden lost revenue due to the hours of time spend in compliance  internally by sole proprietors and businesses .  There is no Safe Harbor – Good Faith exemption either, which opens the door to predatory practices by Attorneys and others to abuse the CCPA much like was done by some using ADA (Americans With Disability’s Act) to threaten & bully small business with compliance lawsuits over minor violations unless the settled with them for thousands of dollars.

To further confuse  matters 15 other states have pending or planned legislation.IMG_7160

There are roughly 4 models: California Model which we have been discussing. Washington State Model, Fiduciary Model, Florida Model.


The US Chamber of Commerce has set up a website and done a short video links below:

The US Chamber of Commerce has been active on Capital Hill seeking a Nation Wide Solution to avoid a patch work of competing regulations.


The US Chamber of Commerce has created model legislation and is advocating for a National Standard. This makes total sense because the internet is not local it reaches across the whole country and the world.  With elections pending (Nov 2020) it is unlikely much will be done until 2011. They suggested contacting your Senators and Congress people in writing to express your concern about how this will effect all of us on the web.

Authors Conclusion: As the CCPA evolves one can only hope that the Attorney General take a proactive – education based approach towards good faith attempts at compliance.





Posted in CA, CRM, Orange County, Pardot, Phil Sallaway, Salesforce CRM, Technology | Tagged , , , | Leave a comment