Only A Small Percentage Of Firms Are Compliant With CCPA And CPRA, Study Finds

Companies apparently are taking their time in complying with the tough California privacy laws covering data subject access requests: the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). 

Only 13.33% of the firms that were non-compliant in Q1 2022 moved to manual compliance by Q2 2023 despite the fact that stringent CPRA enforcement was to start on July 1, according to Cytrio’s 6th State of CCPA & CPRA Privacy Rights Compliance report.

Overall, 6.67% of firms using manual processes in Q1 2022 had moved to compliance automation solutions by Q2 2023, while 14.67% of non-compliant companies moved to either automated and manual compliance solutions.  

Of B2C firms, 12.67% went from being non-compliant to manual compliance during the quarter. And 5.33% went from manual compliance to automated solutions. 

Among B2B companies, 14% implemented manual compliance after being non-compliant. 8% went from manual compliance to automated tools.  

As for size, 11.33% of companies with $25 million to 100 million in revenue moved from non-compliance to manual during the quarter, while 4.67% of those using manual graduated to automated tools. 

In addition, 15.33% of firms with less than $100 million in revenue moved to manual compliance, while 8.67% embraced automation. 

“While the lack of active enforcement in the data privacy space seems to be resulting in slow movement toward compliance, our research shows that companies have in fact moved up the CCPA/CPRA compliance maturity curve from Q1 2022 to Q2 2023,” says Vijay Basani, founder and CEO of Cytrio.

Basani adds, “More changes are coming in data privacy compliance, including employees’ right to exercise data privacy in the expansive CPRA and active enforcement which began on July 1, 2023, which requires companies to deploy an effective and scalable CCPA/CPRA solution.” 

Cytrio notes that California Attorney General Rob Bonta has launched a Consumer Privacy Interactive Tool to make it easy for consumers to report non- companies for failing to post an easy-to-find Do Not Sell My Information link on their website. And this tool will be expanded to cover other consumer rights under CCPA and CPRA.   

Cytrio examined 600 of the previously researched 11,000+ companies with revenues from $25 million to $5+ billion.


Next story loading loading..