Nearly Half of US Orgs Not Ready for CCPA

Written by

In advance of the California Consumer Privacy Act (CCPA) going into effect January 1, 2020, researchers analyzed how prepared US organizations are for the new regulations and found that nearly half of all companies will not be ready to comply with CCPA.

According to research conducted by the International Association of Privacy Professionals (IAPP) and OneTrust, reputation and consumer privacy are the biggest drivers for CCPA compliance, yet only 55% of companies report that they will be ready by the January effective date.

"Our survey targeted a community of well-informed privacy professionals, and even they seem a bit caught off guard by the CCPA,” said Rita Heimes, IAPP research director and data protection officer, said in a press release. “Nevertheless, they seem to think it’s not likely to be replaced by a federal law any time soon.”

Though nearly half of those organizations surveyed will not be ready for the initial effective date, an additional 25% claimed they will be in compliance by the enforceable date of July 1, 2020.

“The CCPA is a major moment for the U.S. privacy landscape, and our research reveals companies that didn’t need to overhaul privacy practices for GDPR compliance are now struggling to meet the CCPA’s 2020 deadline,” said Kabir Barday, OneTrust CEO and fellow of information privacy (FIP), in the release.

The report did find a correlation between those organizations that are already in compliance with the EU’s General Data Protection Regulation (GDPR) and their readiness for CCPA to take effect.

“GDPR ‘raised the bar’ for data privacy awareness for companies in the US because the regulation put privacy controls in the hands of the consumer,” Jonathan Deveaux, head of enterprise data protection at comforte AG. “CCPA is similar in this regard, as the law will require organizations to provide consumers with legal ‘rights’ based on the data collected.

“Part of the lack of confidence in CCPA readiness for many organizations surrounds the use of data. The vast amounts of data collected and used for monetization and business growth have added to the complexity of managing and securing data. Organizations need to determine what kind of data they have, where it is, how they are using it and who has access to it.”

What’s hot on Infosecurity Magazine?