A majority of U.S. businesses polled reported they do not expect to be fully prepared to meet California Consumer Privacy Act (CCPA) requirements by the Jan. 1, 2020 date of enforcement, a new survey found.
The CCPA grants consumers new rights with respect to the use and collection of their personal information. The law rewrites the rules of the road for the operations of many businesses that have any California employees, customers or operations.
Risks of non-compliance include liability for statutory damages, actual damages, punitive damages or enforcement actions brought by the California State Attorney General.
The survey was conducted by PossibleNOW, a provider of enterprise consent, privacy and preference management solutions. Results show 56% of companies polled do not expect to be compliance. When survey respondents were asked why their organization would not be compliant:
- 35% said their primary reason is the cost of becoming compliant
- 32% stated they were waiting to see how the CCPA will be enforced
- 17% said they didn’t think their organization is large enough to face fines
- 11% said the law is new to them and they are unsure of the requirements, and
- 4% stated they didn’t think the law applies to them.
Penalties for noncompliance are $2,500 per record for each unintentional violation and $7,500 per record for each intentional violation. So, a company that doesn’t honor or mismanages 1,000 consumer privacy requests could face a fine ranging from $2,500,000 to $7,500,000, according to a PossibleNOW press release.
While many factors come into play such as the size of a company and the scope of the project, the average cost for available compliance technology and implementation is typically less than one full-time employee. Businesses face unnecessary financial risks associated with fines by choosing to delay addressing their compliance gaps.
“Just as with GDPR, a significant number of businesses are caught between the cost and effort of complying with CCPA and the probability of enforcement actions against them,” states Eric Tejeda, marketing director at PossibleNOW.
He continues, “There are heightened concerns surrounding the CCPA specifically because of California’s strict approach to legislation across all facets of business within the state. Companies should actively seek the counsel of a privacy compliance organization as the deadline is quickly approaching. As time draws short, resources become more scarce and implementation becomes more costly.”
This article originally appeared on our sister publication Security Sales & Integration's website.