PossibleNow Survey Indicates 50% of Companies will not be Ready for CCPA Introduction

by | Sep 11, 2019

The results of a recent survey published by privacy experts PossibleNOW has revealed that more than 50% US companies do not expect to be fully prepared for the introduction of the Californian Consumer Privacy Act when it comes into effect on January 1 2020.

1,500 US businesses were surveyed during July 2019. The results of the survey revealed a large range of reasons for the respondents believing that their company would not be ready for the date the new legislation becomes enforceable. This is a serious issue aas the possible financial penalties include a maximum of €7,500 per violation for an intentional violation and $2,500 for an unintentional violation. These figures can rapidly increase though is a company fails in its obligations to process a large number of privacy requests. In other words, the failure to process 100 consumer privacy requests would possibly lead to a fine of $750,000.

Respondents provided several reasons for not being ready, including:

  • 35% said their primary reason is the cost of becoming compliant.
  • 32% stated they were waiting to see how the CCPA will be enforced.
  • 17% said they didn’t think their organization is large enough to face fines.
  • 11% said the law is new to them and they are unsure of the requirements.
  • 4% stated they didn’t think the law applies to them (in truth, some smaller companies are exempt from CCPA).

The results of this survey indicate that not much has changed since we covered the result of surveys earlier in 2019 that revealed that the same approximate levels, 50%, of companies were not prepared to avoid the possible fines under the new CCPA legislation. You can view those news stories here:

CCPA is complicated legislation and companies must invest some time to correctly understand its stipulations and the obligations on them to achieve compliance.

For your business to be subject to CCPA it does not have to be located in California. If your company does business in that state or is planning to,  your company must conform to CCPA regulations it meets just one of these criteria:

  • Your annual gross revenue is over $25m.
  • Your organization receives, shares, or sells personal data of over 50,000 people
  • Your company earns 50% or more of its annual revenue from selling personal data of consumers

Outside of California, many other states are considering implementing their own privacy laws as, it appears, more and more people become increasingly disillusioned with how companies are using their private personal data. A recent Pew Research Center study discovered that around half (49%) of Americans believe that their personal information is less safe than it was five years ago.

We have previously dealt with the topic with our ‘Are you ready for CCPA? and CCPA Compliance articles which will give you some comprehension of what the new law deal with. However, it would be in the best interests of your business to seek professional legal assistance to help you see to it that your organisation does not fall foul of the stringent obligations under CCPA.


Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy