The results of a recent survey published by privacy experts PossibleNOW has revealed that more than 50% US companies do not expect to be fully prepared for the introduction of the Californian Consumer Privacy Act when it comes into effect on January 1 2020.
1,500 US businesses were surveyed during July 2019. The results of the survey revealed a large range of reasons for the respondents believing that their company would not be ready for the date the new legislation becomes enforceable. This is a serious issue aas the possible financial penalties include a maximum of €7,500 per violation for an intentional violation and $2,500 for an unintentional violation. These figures can rapidly increase though is a company fails in its obligations to process a large number of privacy requests. In other words, the failure to process 100 consumer privacy requests would possibly lead to a fine of $750,000.
Respondents provided several reasons for not being ready, including:
- 35% said their primary reason is the cost of becoming compliant.
- 32% stated they were waiting to see how the CCPA will be enforced.
- 17% said they didn’t think their organization is large enough to face fines.
- 11% said the law is new to them and they are unsure of the requirements.
- 4% stated they didn’t think the law applies to them (in truth, some smaller companies are exempt from CCPA).
The results of this survey indicate that not much has changed since we covered the result of surveys earlier in 2019 that revealed that the same approximate levels, 50%, of companies were not prepared to avoid the possible fines under the new CCPA legislation. You can view those news stories here:
- 50% of US Organizations Not Prepared for CCPA
- TrustArc Report Highlights Lack of Preparation for CCPA by Tech Companies
CCPA is complicated legislation and companies must invest some time to correctly understand its stipulations and the obligations on them to achieve compliance.
For your business to be subject to CCPA it does not have to be located in California. If your company does business in that state or is planning to, your company must conform to CCPA regulations it meets just one of these criteria:
- Your annual gross revenue is over $25m.
- Your organization receives, shares, or sells personal data of over 50,000 people
- Your company earns 50% or more of its annual revenue from selling personal data of consumers
Outside of California, many other states are considering implementing their own privacy laws as, it appears, more and more people become increasingly disillusioned with how companies are using their private personal data. A recent Pew Research Center study discovered that around half (49%) of Americans believe that their personal information is less safe than it was five years ago.
We have previously dealt with the topic with our ‘Are you ready for CCPA? and CCPA Compliance articles which will give you some comprehension of what the new law deal with. However, it would be in the best interests of your business to seek professional legal assistance to help you see to it that your organisation does not fall foul of the stringent obligations under CCPA.