Security News
As of June 30, 2022, 91% of companies across all verticals, states, and business size that must comply with CCPA are still unprepared to meet CCPA requirements, according to CYTRIO. Further, 94% of companies that must comply with GDPR are ill prepared to meet the GDPR compliance requirements. "The majority of companies that must meet CCPA, CPRA, and GDPR compliance have a long way to go, and with enforcements looming, many are exposed to compliance enforcement fines and private-right of-action," said Vijay Basani, CEO, CYTRIO. "Through our ongoing research, we aim to educate the market on the importance of data privacy rights compliance, the need to enable consumers to easily exercise their data privacy rights, and how companies can build trust with their customers leveraging automated Data Subject Access Request submission and response solutions."
As of March 31, 2022, the findings uncovered that 90% of companies are not fully compliant with CCPA and CPRA Data Subject Access Request requirements. Further, 95% of companies are using error prone and time consuming manual processes for GDPR DSAR requirements.
Only 11% of companies are able to fully meet CCPA requirements, especially when managing Data Subject Access Requests, according to a CYTRIO research. The research also showed a disconnect in compliance with 44% of companies not providing any mechanism for consumers to exercise their data rights despite stating they needed to comply with CCPA in their privacy policies.
Learn about California's Consumer Privacy Laws and Regulations, what is their impact on your security and how to comply with their essential requirements. Due to the rapid pace of digital application developments, the latest legal precedents further complicate managing a digital assets inventory while fully complying with CCPA and CPRA regulations.
Using Washington State's proposed law as a guide, New York, Texas and many other states are inching their way toward a data privacy law. "Virginia is now just the second state to pass a comprehensive privacy bill. While we're pleased that Virginians will have new privacy rights, legislators should continue working in the next session to strengthen it. This bill has some important privacy provisions, but consumers need more practical options for controlling their data."
A new DataGrail report examined how millions of California consumers are exercising their privacy rights - to access their data, delete their data, and stop the sale of their data to a third-party - according to the CCPA, which went into effect on January 1, 2020. It also underscores that the number of data subject requests companies receive varies wildly, depending on their privacy practices.
SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. The proposition has ardent supporters and detractors on both sides of the online privacy debate, with some saying it was needed to fill loopholes in the landmark California Consumer Privacy Act and others bashing it for not going far enough or reinforcing dangerous practices. Carmen Balber, executive director of Consumer Watchdog, added in another statement that said "Prop 24 enshrines Californians' privacy rights and safeguards them from legislative assault, adds groundbreaking new protections for sensitive information like our race, sexual orientation and location, and creates a European-style privacy agency to protect our rights."
Californians regularly opt-out of companies selling their personal information, with "Do-not-sell" being the most common CCPA right exercised, happening nearly 50% of the time over access and deletion requests, DataGrail's Mid-Year CCPA Trends Report shows. Do-not-sell requests are almost 50% of all DSRs. When CCPA went into effect in January 2020, DataGrail saw people exercise their rights immediately, with a surge of data subject requests going across its platform in January 2020.
According to the survey, 32% of financial organizations have already seen an increase in data subject access rights requests since the CCPA came into force on January 1, 2020. This means that many financial organizations, which are already facing tough times, will need to allocate additional workforce and budget to ensure compliance with the CCPA. Other findings 33% of financial organizations discovered sensitive or regulated customer data outside of designated secure locations.
For businesses preparing to comply with California's new data privacy law, the first challenge is figuring out how much data is covered by the law. Christine Lyon, a partner at Morrison & Foerster and a member of the firm's global privacy and data security group, said that the CCPA establishes a new right that US consumers have never had. She also said that the data protected by the CCPA includes much more than just email address and name.