California's new privacy law gives gives state residents the ability to wield control over their personal data, including the right to learn what information about them is held by businesses, and to opt out of the sale of that information.
The California Consumer Privacy Act also requires companies to implement security measures, and allows consumers to sue over data breaches.
The law only grants rights to residents of California, but many companies that collect data are considering changing their policies nationwide.
That's according to a new study by accounting firm PwC (formerly PricewaterhouseCoopers), which recently surveyed 300 executives at US companies with revenues of at least $500 million.
“CCPA's impact will extend well beyond the Golden State and its 39.5 million residents,” PwC writes.
“More than three quarters of respondents to our survey say they collect personal information on California residents,” the report says. “Many are considering whether to extend CCPA’s rights to all of their US employees and consumers for operational simplicity and long-term readiness for potential federal privacy legislation.”
PwC also reported that many businesses are not ready for the new law. Only 52% of survey respondents said they anticipate complying by January 2020, when the measure goes into effect. (Enforcement won't begin until six months later.) That figure varied by industry.
Only 47% of respondents in the health care field said they expected to comply by January 2020, compared to 58% of respondents in the financial services industry.