Survey: Companies lag behind with CCPA compliance

By Joe Mont2019-03-20T17:01:00+00:00

No comments

With a January 2020 deadline just 10 months away, only 14 percent of companies surveyed are compliant with the California Consumer Privacy Act, and 44 percent have not yet started the implementation process.

Those results come from a new survey conducted by TrustArc, a privacy compliance company, and Dimensional Research. The research gauged the readiness of U.S. companies and their plans for complying with the CCPA as compared to the EU’s General Data Protection Regulation.

The California law, enacted in June 2018, defines a covered “business” as any for-profit entity that either does $24 million in annual revenue; holds the personal data of 50,000 people, households, or devices; or does at least half of its revenue in the sale of personal data.

Among the requirements: granting consumers the right to request deletion of personal information, providing a right to request companies disclose the categories of information that it collects and the identity of third parties to which the information was sold or disclosed, prohibiting a company from discriminating against consumers who opt out of data collection, and allowing businesses to offer financial incentives in exchange for the collection of personal information.

Of companies that have worked on GDPR compliance, 21 percent are compliant with the CCPA, compared to only 6 percent for companies that did not work on the GDPR, the survey says.

Additional findings from the report:

71 percent of companies expect to spend more than six figures to comply with the CCPA.
One-in-five expect to spend more than $1 million to achieve CCPA compliance.
For companies not impacted by the GDPR, 79 percent will spend more than six figures to comply with the CCPA, compared to 61 percent who have worked on GDPR compliance.
88 percent of respondents say they require external help to understand CCPA requirements.
72 percent plan to invest in technology to prepare for the CCPA, while 61 percent plan to spend on consulting expertise.
64 percent of companies need help developing their CCPA privacy plan.
62 percent of respondents said the top motivation to comply is to meet partner and/or customer requirements.
35 percent of respondents described the risk of fines or class action lawsuits as the top driver, and 18 percent cited the risk of negative media coverage.

“Companies that took the steps to comply with GDPR are already ahead of the game and will have an easier path to meet the requirements of CCPA. The companies that did not work on GDPR compliance will be under the gun to implement scalable compliance processes by the Jan. 1, 2020 deadline,” Chris Babel, CEO of TrustArc, said in a statement.

The survey was distributed online from Feb. 15-27 to 250 IT and privacy/legal professionals at U.S. companies required to meet CCPA compliance. Company size ranged from 500 to more than 50,000 employees from a cross-section of industries, including technology, manufacturing, business services, financial services, and insurance.

Topics

No comments

Article
Survey: Companies just starting to prepare for CCPA
2019-04-16T21:24:00Z
A new study from Compliance Week and TrustArc says companies are not yet prepared for the coming California Consumer Privacy Act, the Golden State’s version of the EU’s GDPR.
Article
TikTok $92M settlement includes data privacy compliance training program
2021-02-26T18:01:00Z
TikTok is seeking preliminary approval of a class-action settlement with terms that would require the video sharing platform to establish a $92 million settlement fund and create a new compliance framework, according to court documents.
Video
Video: SEC on right path with climate disclosures; alleged privacy lapses at Amazon troubling
2021-02-25T22:39:00Z
Aaron Nicodemus applauds the SEC for taking steps to clarify how companies should disclose economic risks posed by climate change, while Dave Lefort is critical of alleged lapses in data security at Amazon.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More Data Privacy

Article
EDPS opinion puts targeted advertising in crosshairs
2021-02-22T20:22:00Z
The EU’s chief data regulator says planned regulations to oversee the tech sector should be tightened further to ban targeted advertising based on tracking online activity—an opinion that could prompt Big Tech and adtech firms to lobby hard against the changes.
Article
Facebook fined $8.4M for data collection practices in Italy
2021-02-17T16:37:00Z
Facebook has been fined €7 million (U.S. $8.4 million) by Italy’s antitrust regulator for failing to address issues related to its personal data collection practices.
Article
TikTok faces more backlash, now from EU consumer group
2021-02-16T20:12:00Z
TikTok has come under the scrutiny of European consumer advocacy organization BEUC, which is urging authorities to put an end to the video sharing platform’s abuse of EU users’ rights—especially those of children.

Learn from the latest headlines and protect your company today

Survey: Companies lag behind with CCPA compliance

Topics

Related articles

Survey: Companies just starting to prepare for CCPA

TikTok $92M settlement includes data privacy compliance training program

Video: SEC on right path with climate disclosures; alleged privacy lapses at Amazon troubling

No comments yet

Only registered users can comment on this article.

More Data Privacy

EDPS opinion puts targeted advertising in crosshairs

Facebook fined $8.4M for data collection practices in Italy

TikTok faces more backlash, now from EU consumer group