Massive State of Unpreparedness for CCPA Compliance Exposed in Research from CYTRIO
Only 11 percent of companies are fully meeting CCPA requirements, while 89 percent of companies are either non-compliant or somewhat compliant.
Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.
CYTRIO, a data privacy compliance company, released the findings from its inaugural State of CCPA Compliance: Q1 2022 research results as of December 31, 2021. The results show only 11 percent of companies are able to fully meet California Consumer Privacy Act (CCPA) requirements, especially when managing data subject access requests (DSARs). The research also showed a disconnect in compliance with 44 percent of companies not providing any mechanism for consumers to exercise their data rights despite stating they needed to comply with CCPA in their privacy policies.
“The findings of our research show that companies are woefully unprepared for CCPA compliance, especially when it comes to enabling and responding to consumers’ data privacy rights,” said Vijay Basani, founder and CEO of CYTRIO. “An overwhelming majority are manually responding to data requests with only a small number implementing DSAR management automation solutions. The reliance on manual processes exposes them to high DSAR compliance costs, long response times, errors that will erode consumer trust, and non-compliance actions by CPPA.”
CYTRIO’s report is the largest of its kind, studying 5,175 U.S. companies with revenues ranging from $25 million to more than $5 billion. CYTRIO conducted the study over six months to create the baseline research and plans to update it every quarter.
The research found that less than 11 percent of companies use DSAR management automation solutions. Nearly half of the companies (45 percent) relied on inefficient and costly manual processes such as email and web forms for submitting and responding to data requests.
California companies were not doing any better than their peers in other U.S. states, even though CCPA is a California regulation that gives its citizens’ control over their personal information. Only 15.6 percent of companies in California had a DSAR management automation solution, and 59.3 percent of California companies used manual processes, higher than any other state. New Hampshire companies led their peers from other states with 23.5 percent having DSAR automation management solutions.
There were significant differences across industry verticals. Consumer services, media and internet, and hospitality — industries that collect substantial amounts of consumer personal information — were more likely to deploy a DSAR management automation solution.
In comparison, highly regulated industries, including healthcare, financial services, and insurance lagged in commercial solution deployment. However, healthcare companies did provide a manual process for consumers to exercise their rights. Legal was another industry that relied heavily on manual processes.
Other key findings:
- Although B2C companies collect more consumer data, there was no statistically significant difference in the number deploying DSAR management automation solutions when compared with B2B companies (11.3 percent for B2C vs. 10.3 percent for B2B).
- Large companies (with more than 10,000 workers) were more likely to have a commercial DSAR management automation solution. Over 60 percent did so with the increasing number of DSARs and streamlining related costs reported as potential reasons.
- There is a strong correlation between revenue and deploying a DSAR management automation solution. High revenue earners (companies with over $100 million) were more likely to have an automated solution, with companies over $5 billion in revenues especially eager.
To access the full findings, go to: https://cytrio.com/ccpa-research-report/
To view the infographic, go to: https://cytrio.com/wp-content/uploads/2022/01/cytrio-2022-state-of-ccpa-compliance-infographic.pdf