Sixth State of CCPA and CPRA Data Privacy Compliance Report Shows Slow Progress
Only 13% of noncompliant companies in Q1 2022 moved to manual compliance status by Q2 2023 despite stringent CPRA enforcement beginning July 1, 2023.
Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.
CYTRIO, a next-generation data privacy compliance company, released its 6th State of CCPA and CPRA Privacy Rights Compliance report to understand how well U.S. companies have improved their preparedness over the last five quarters for meeting California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance requirements related to data subject access requests (DSAR).
CYTRIO examined 600 of the previously researched 11,000+ midsized and large companies with revenues from $25 million to over $5 billion, identifying that 6.67% of companies using manual processes in Q1 2022 moved to compliance automation solutions by Q2 2023, while 14.67% of noncompliant companies moved to either automated or manual compliance solutions.
“Although the lack of active enforcement in the data privacy space seems to be resulting in slow movement toward compliance, our research shows that companies have, in fact, moved up the CCPA/CPRA compliance maturity curve from Q1 2022 to Q2 2023,” said Vijay Basani, founder and CEO of CYTRIO. “More changes are coming in data privacy compliance, including employees’ right to exercise data privacy in the expansive CPRA and active enforcement which began on July 1, 2023, which requires companies to deploy an effective and scalable CCPA/CPRA solution.”
California’s Attorney General Rob Bonta also launched a consumer privacy interactive tool to make it easy for consumers to send notice of noncompliance to companies for failing to post an easy-to-find “Do Not Sell My Information link” on their website. There are plans to expand this tool to cover other consumer rights under CCPA and CPRA.
Key findings of the research, as of June 30, 2023, showed the change in companies’ compliance status from Q1 2022 to Q2 2023, including:
- 13.33% of researched companies across all verticals, states, and business sizes that were noncompliant moved to manual CCPA/CPRA compliance solutions
- 5.33% of B2C companies moved from manual compliance to automated solutions
- 12.67% of B2C companies moved from noncompliant to manual compliance
- 8% of B2B companies moved from manual compliance to automated solutions
- 14% of B2B companies moved from noncompliant to manual compliance
The research also showed that 4.67% of companies with $25M to $100M in revenue moved from manual compliance to automated solutions, while 11.33% of companies with $25M to $100M in revenue moved from noncompliant to manual compliance between Q1 2022 to Q2 2023.
Additionally, 8.67% of companies researched with less than $100M in revenue moved from manual compliance to automated solutions, while 15.33% of companies with less than $100M in revenue moved from noncompliant to manual compliance during the same time period.
To access the full findings of CYTRIO’s most recent data privacy research, go to https://cytrio.com/ccpa-research-report-h1-2023/ (short registration required).