Businesses are dragging their feet to get compliant with CCPA and CPRA regulations, a study by data privacy compliance company CYTRIO found. Only 14.67% of the 600 mid-to-large corporations included within the study that were non-compliant a 12 months ago have turn out to be compliant since then.
Additionally, 13.33% of the overall non-compliant corporations adopted a manual compliance routine versus implementing an automatic system (1.33%).
The California Privacy Rights Act (CPRA) expands on the California Consumer Privacy Act (CCPA) and went into effect at the start of 2023. However, a provision within the act delayed enforcement until July 1, 2023.
“CCPA and CPRA are furthest along among the many U.S. data privacy laws, but even CCPA/CPRA is not actively enforced, leading to very low compliance,” said Vijay Basani, founder and CEO of CYTRIO.
B2B/B2C breakdown. CCPA and CPRA require compliance from each B2B and B2C marketers.
Here’s a breakdown of compliance among the many two cohorts:
- 5.33% of B2C corporations moved from manual compliance to automated solutions.
- 12.67% of B2C corporations moved from non-compliant to manual compliance.
- 8% of B2B corporations moved from manual compliance to automated solutions.
- 14% of B2B corporations moved from non-compliant to manual compliance.
Interactive tool for consumers. California’s Attorney General Rob Bonta launched a Consumer Privacy Interactive Tool that permits consumers to easily send notice to non-compliant corporations.
Currently, the tool focuses on a specific case — when marketers fail to post an easy-to-find Do Not Sell My Information link on their website. Plans to expand the tool to other rights under CCPA and CPRA add incentives for marketers to comply.
Dig deeper: Why marketers should care about consumer privacy
“Easy-to-find Do Not Sell My Information is just a start,” said Basani. “Unless we get to an environment where there is lively and frequent enforcement across corporations of all sizes and industries, there is little or no incentive for corporations to comply with data privacy laws within the U.S.”
He added, “It is also necessary to not only deal with Do No Sell My Information, regulators must deal with ensuring corporations are implementing Privacy UX tools akin to Privacy Notices, legally compliant Cookie Consent Banners, providing consumers the flexibility to edit or change their preferences, and providing consumers with the flexibility to exercise their data privacy rights.”
Why we care. Basani estimates that 39% of corporations overall have deployed a manual compliance solution, and 9% have put in place an automatic solution. That leaves over half of organizations still playing catch-up in a more regulated environment that features laws in Virginia, Colorado and other states.
Read the complete article here
