Businesses are dragging their feet to get compliant with CCPA and CPRA regulations, a study by data privacy compliance company CYTRIO found. Only 14.67% of the 600 mid-to-large companies included in the study that were non-compliant a year ago have become compliant since then.
Additionally, 13.33% of the total non-compliant companies adopted a manual compliance routine versus implementing an automated system (1.33%).
The California Privacy Rights Act (CPRA) expands on the California Consumer Privacy Act (CCPA) and went into effect at the beginning of 2023. However, a provision in the act delayed enforcement until July 1, 2023.
“CCPA and CPRA are furthest along among the U.S. data privacy laws, but even CCPA/CPRA is not actively enforced, resulting in very low compliance,” said Vijay Basani, founder and CEO of CYTRIO.
B2B/B2C breakdown. CCPA and CPRA require compliance from both B2B and B2C marketers.
Here’s a breakdown of compliance among the two cohorts:
- 5.33% of B2C companies moved from manual compliance to automated solutions.
- 12.67% of B2C companies moved from non-compliant to manual compliance.
- 8% of B2B companies moved from manual compliance to automated solutions.
- 14% of B2B companies moved from non-compliant to manual compliance.
Interactive tool for consumers. California’s Attorney General Rob Bonta launched a Consumer Privacy Interactive Tool that allows consumers to easily send notice to non-compliant companies.
Currently, the tool focuses on a specific case — when marketers fail to post an easy-to-find Do Not Sell My Information link on their website. Plans to expand the tool to other rights under CCPA and CPRA add incentives for marketers to comply.
Dig deeper: Why marketers should care about consumer privacy
“Easy-to-find Do Not Sell My Information is just a start,” said Basani. “Unless we get to an environment where there is active and frequent enforcement across companies of all sizes and industries, there is very little incentive for companies to comply with data privacy laws in the U.S.”
He added, “It is also important to not only focus on Do No Sell My Information, regulators must focus on making sure companies are implementing Privacy UX tools such as Privacy Notices, legally compliant Cookie Consent Banners, providing consumers the ability to edit or change their preferences, and providing consumers with the ability to exercise their data privacy rights.”
Why we care. Basani estimates that 39% of companies overall have deployed a manual compliance solution, and 9% have put in place an automated solution. That leaves over half of organizations still playing catch-up in a more regulated environment that includes legislation in Virginia, Colorado and other states.
Get MarTech! Daily. Free. In your inbox.
In January of this year, California’s Consumer Privacy Act (CCPA) was officially enacted to protect the privacy of Californian consumers. Since then, organizations across the country have had to work hard to ensure they are compliant with the requirements of this law. However, the process is proving to be more difficult than anticipated.
The CCPA brings a number of new regulations that organizations must meet to protect personal data. Companies must update their policies to incorporate the new regulations, and they must also provide consumers with more detailed information about how their data is being used and collected. In addition, companies must give consumers the right to opt-out of certain activities and allow them to request their data to be deleted.
These changes come with a lot of complex and time-consuming tasks. Companies must make sure their systems are up-to-date and comply with the law. They must also work to ensure their privacy policies are clear and accurate. This requires organizations to go through every part of their organization and update their systems to meet the CCPA requirements.
This process can take a lot of time and effort, and it can be especially challenging for organizations that are not used to handling such a complicated task. Even organizations that have experience with privacy regulations may face unexpected challenges as they look to become CCPA compliant. Additionally, companies have to be able to demonstrate compliance to regulators, which requires them to document their progress every step of the way.
Overall, the march to CCPA compliance is a slow one. Companies have to put in the effort to ensure that their systems are updated and that they are compliant with the law. This process can take a lot of time, but the benefits of having data privacy regulations can be great. By complying with the CCPA, organizations can ensure that their data security is sound and that their consumers can enjoy increased protection of their personal information.