U.S. businesses are getting ready for the California Consumer Privacy Act (CCPA) and 56% don’t expect to be prepared by the Jan. 1, 2020 enforcement date. That means they’re not ready to guarantee consumer rights, or letting consumers know what personal data is being collected about them and where that data is being sold or disclosed.
Under CCPA, individuals have the right to access this data, prohibit its sale and request its deletion, Net Security notes, yet the study by PossibleNOW states that the cost compliance technology is less than that for one full-time employee. Another 32% are simply waiting to see how the CCPA will be enforced. This is a dangerous game, given that firms can face fines of $2.5 million to $7.5 million for mishandling 1,000 consumer privacy requests.
Another 17% feel their company isn’t big enough to be fined, and 11% say the law is new to them — they don’t know enough about it. Finally, 4% don’t think CCPA applies to them.
“Just as with GDPR, a significant number of businesses are caught between the cost and effort of complying with CCPA and the probability of enforcement actions against them,” states Eric Tejeda, marketing director at PossibleNOW.
“There are heightened concerns surrounding the CCPA specifically because of California’s strict approach to legislation across all facets of business within the state.”
All stakeholders should be able to “see the interrelationships of data assets across the organisation.” They should classify and flag the use of personally identifiable information regardless of where it is stored; scan, catalogue and map PII (P11 is a way of recording information about all payments and deductions you make to your employees) to see how it moves both in and out of the organisation; facilitate lineage and impact analysis views that depict relationships between physical data catalogues and the applications that use them and understand regulatory risks while fortifying and encrypting security standards and policies. Above all, know where all PII is stored, processed and used.
Californians, understandably, are overwhelmingly supportive of being in control of their most sensitive personal information, and they also want control over how their children’s data is used. We believe it is time to both permanently enshrine these rights, and to provide Californians the same level of protections that citizens have in the rest of the world.