Very Few US Businesses Are CCPA-Ready

There are about four months before the California Consumer Privacy Act (CCPA) compliance deadline kicks in, and according to July 2019 research from consent solutions provider PossibleNow, only 8% of US businesses said they are prepared. The majority reported still being in the preparation process; however, only a third expected to be able to meet the January 1, 2020, deadline.

Among the 11% of businesses that said they were not yet compliant and don’t plan to be, slightly more than a third said it’s too expensive to attain compliance, and another third planned to take the “wait and see” approach. Some businesses (17%) felt their organizations were not big enough to face fines.

Similar questions were posed to US privacy professionals in a March survey from the International Association of Privacy Professionals (IAPP) and OneTrust. Half of respondents said they expected their organizations to be fully CCPA-compliant before January 1, 2020 (compared with 42% in the PossibleNow survey). A quarter said they would be ready by July 1, 2020 (when the law becomes enforceable), and 15% said they either don’t have a timeline or don’t currently know.

In both studies, the portions of respondents who were already compliant were similar: eight percent for PossibleNow and 5% for IAPP/OneTrust. The results overall emphasize how difficult it is to be compliant and how companies are still all over the board in their path to regulation readiness.

“Just as with GDPR [General Data Protection Regulation], a significant number of businesses are caught between the cost and the effort of complying with CCPA and the probability of enforcement actions against them,” said Eric Tejeda, head of marketing at PossibleNow, in a statement.

Companies with annual gross revenues of $25 million or more, those that buy or sell more than 50,000 individuals’ data, and those that make more than half their annual revenues from selling customer data need to comply with CCPA’s requirements.

For businesses that fail to or refuse to comply, fines can be steep. The CCPA states that companies can be penalized $2,500 for each record of unintentional violation and $7,500 for each record of intentional violation. While such amounts might seem minimal, keep in mind that individual companies failing to protect customer data and meet CCPA guidelines could be on the hook for hundreds, thousands or even millions of data records.

“CCPA compliance is a real financial and resource strain for many companies,” said Lauren Fisher, eMarketer principal analyst. “But like we’re seeing with GDPR, I think we’ll also see that companies that fail to make the investment now are going to have to put only more work and effort in down the line.”

Not sure if your company subscribes? You can find out here.

"Behind the Numbers" Podcast