On the first day of 2020, California residents woke up with new data rights at their disposal. The California Consumer Privacy Act gave them more control over their personal information, with some rights similar to those EU residents enjoy under the General Data Protection Regulation.
Though this new era is only a few months old, a Truyo study shows companies have already begun to receive a high volume of requests, numbers that may be heightened by the COVID-19 pandemic.
The study was conducted by Dimensions Data on behalf of Truyo and featured responses from 221 privacy professionals who worked at companies that have more than 1,000 employees. A vast majority of those surveyed expressed a level of anxiousness about the requests, as 92% said they are concerned about honoring data subjects' rights under the CCPA. The study also found 51% said data subject request fulfillment is the most difficult part of CCPA compliance.
Those challenges may stem from the amount of requests companies have been receiving weekly since January.
Of those privacy professionals who were polled, 24% said they receive 10 to 50 requests per week. On the higher end of the spectrum, 11% said they received 100 to 500 requests, while 9% said they received more than 500 per week. The latter two figures were the ones that caught the eye of Truyo Demand Generation Manager Ryan Foster.
"We didn’t know how many there were prior to this. We knew this was going to be a big deal. We looked at the GDPR as a model for this, and it took a long time for those under the GDPR to start exercising their rights," Foster said. "The adoption rate for the CCPA has been so much faster, and I think it’s been surprising for a lot of people."
Foster believes the media coverage in the U.S., efforts to publicize the law by the California attorney general, and complexity of the GDPR are among the factors for the faster adoption of the CCPA.
The COVID-19 pandemic may also be factored into the elevated volume, as 56% of privacy professionals said they expect an increase in requests as people stay home.
"More people are online, and companies they haven’t heard from in years are sending them emails saying, ‘We are in this together,’" Foster said. "I think it’s just digging up a lot of data that wasn’t as top of mind before and people have more time on their hands."
To respond to these higher-than-expected levels of requests, 64% of organizations plan on spending more than $100,000 on privacy tech solutions, staff, training and consultants to reach compliance. That figure breaks down to 37% saying they will spend between $100,000 to $500,000, 17% plans to invest between $500,000 and $1 million, and 10% expects to pay more than $1 million to ensure data subject right compliance.
"This really shows that companies are taking it very seriously. The California (attorney general)
When assessing what solution will best help their organizations respond to the inquiries, organizations are turning to third parties, with 56% of respondents saying they have purchased tools from a
"We’ve spoken to the smaller companies, and we’ve spoken to the people in the middle, and they are looking at CCPA and saying, ‘We are not going to be in scope for this.' The California (attorney general) is not going to go after the mom and pop. They are going to go after the big guys that they know have breaches and all this data," Foster said. "We wanted to go after a group that we know was doing something around privacy. I think a lot of smaller companies are doing the 'wait-and-see approach.'"
Photo by Vital Sinkevich on Unsplash
