CCPA Is Here, But Many Companies Are Still Not Compliant

For months, survey data has shown that very few US businesses are ready to comply with the California Consumer Privacy Act (CCPA). With the legislation having kicked in on January 1, at least half of US companies may still be struggling to comply.

About half of US security professionals surveyed by data security software company Egress in October 2019 said their firms were already compliant with CCPA or would be by the end of the year.

While not all companies may be fully compliant, that’s not to suggest they are sitting idly. A November 2019 Egress survey found that 93% of US IT decision-makers said they had at least taken some steps to comply with privacy regulation such as CCPA or the EU's General Data Protection Regulation (GDPR). At least half of respondents said they had taken steps like improving their use of existing security technologies, investing in new technologies and improving their data handling practices.

”Like we saw with GDPR, CCPA compliance is a journey that most companies won’t be able to complete before the January 1, 2020, deadline,” said Lauren Fisher, principal analyst at eMarketer. “Even those who feel ready and say they’re compliant will likely have to make modifications and changes as the year progresses and the true nature of the regulation becomes clearer. Companies need to look at compliance as an ongoing process and not a static checklist.”

CCPA compliance can be a costly endeavor for companies. According to August 2019 data from consent solutions provider PossibleNOW, 35% of US businesses polled said that they won’t be CCPA compliant by January 1, 2020, because they feel it’s too expensive to attain compliance.

But noncompliance isn’t cheap, either. Companies can be fined $2,500 for each record of unintentional violation and $7,500 for each record of intentional violation, which can add up to enormous sums for companies that are responsible for thousands or millions of data records.

For more eMarketer coverage of CCPA and GDPR:

• Brush up on CCPA requirements and whether it will have GDPR-like effects on companies.
• Look back on privacy in 2019 and how it’s a preview of what’s in store for 2020.
• Read our Q&A with publisher Meredith Corp’s chief marketing and data officer on the effects of CCPA and GDPR on publishing.
• Read our report on GDPR one year out and what’s ahead for marketers where privacy is concerned.