The joyous holiday season is about to begin. But the Jan. 1 hangover is already beginning for marketers.
The California Privacy Protection Act (CCPA) takes effect on Jan. 1. And fewer than half of affected firms will be compliant by that date, according to Key Steps in Satisfying Your CCPA and Other Privacy Obligations, a study by Osterman Research, sponsored by Egress Software Technology.
Perhaps worse, senior management is clueless about the law’s provisions at most firms. And few companies feel their data practices are mature.
The CCPA is bringing GDPR-style rules to the United States, and this could be a model for other state or federal legislation.
Now it could be argued that the study has limited reach. Osterman Research surveyed 149 individuals. But all were security professionals.
And the research shows that “most organizations just aren’t yet ready for compliance with the CCPA, despite the fact that we conducted the survey less than three months before it becomes enforced,” states Michael Osterman, principal analyst at Osterman Research.
Among the gaps in compliance and preparation are lack of “a robust email security strategy, efficient processes that can quickly respond to data subject access requests (DSARs), and measures to reduce the risk of email compromise or the accidental exposure of sensitive data,” states Tony Pepper, Chief Executive Officer at Egress.
On the positive side, most firms have made at least some strides toward compliance. Here’s what they report:
For the record, the law applies to:
Here’s one more thing to keep in mind: That “the State of California will be reasonably aggressive in pursuing non-compliant organizations during 2020,” Osterman warns.