Data regulations and privacy laws will go in vain if users and organizations do not obey them. Recent research from Cytrio, a data privacy compliance company, revealed that only 11% of organizations are fully meet California Consumer Privacy Act (CCPA) requirements, especially when managing Data Subject Access Requests (DSARs). And 89% of companies are either non-compliant or somewhat compliant.
The research, State of CCPA Compliance: Q1 2022, report found that 44% of organizations did not provide any mechanism for consumers to exercise their data rights, disconnecting themselves in compliance. Most organizations failed to implement CCPA regulations despite stating they needed to comply.
The California Consumer Privacy Act (CCPA) was passed in 2018 and took effect on January 1, 2020. The Act gives California citizens data and privacy rights regarding how organizations use their data. Under the CCPA, users have the right to:
Organizations that fail to meet compliance with the CCPA may attract a penalty ranging between $2,500 to $7,500, based on the data violation type.
The research found that 45% relied on inefficient and costly manual processes such as email and web forms for submitting and responding to data requests. Less than 11% of companies use DSAR management automation solutions. Only 15.6% of companies in California had a DSAR management automation solution, and 59.3% of them used manual processes.
The research surveyed over 5,175 U.S. companies with revenues ranging from $25 million to more than $5 billion.
Also Read: California Consumer Privacy Act Puts Additional Pressure on Financial Organizations
“The findings of our research show that companies are woefully unprepared for CCPA compliance, especially when it comes to enabling and responding to consumers’ data privacy rights. An overwhelming majority manually responds to data requests, with only a small number implementing DSAR management automation solutions. The reliance on manual processes exposes them to high DSAR compliance costs, long response times, errors that will erode consumer trust, and non-compliance actions by the California Privacy Protection Agency (CPPA),” said Vijay Basani, founder and CEO of CYTRIO.
“Overall, the survey results show that more needs to be done for CCPA compliance, and many lack the right resources and tools to meet the requirements. The prevalent reliance on manual processes and the inability to address DSAR may increase the risks of a company’s operations and shows we have more work to do in building awareness,” said Darshan Joshi, Chief Technology Officer at CYTRIO.
The post 89% of Organizations Are Non-compliant With CCPA Law appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor