Less than half of businesses are prepared to comply with the California Consumer Protection Act

Published: Tuesday, 26 November 2019 10:40

Egress has published the results of a survey, conducted by Osterman Research, Inc., which looks at the current state of security team preparedness and critical gaps in compliance with the California Consumer Protection Act (CCPA) before it comes into effect on 1st January 2020.

Key findings include that only 15 percent of organizations report having a mature approach to data privacy, more than half (59 percent) have yet to allocate budget to CCPA compliance, and 58 percent are currently using or will look to implement machine learning-driven systems to improve manual processes for data security.

In succession to the EU’s landmark GDPR legislation, the CCPA is set to revolutionise data privacy and security within the United States, with major penalties and litigation slated for those unable to protect residences’ new privacy rights. To gain better insight into the state of preparedness for compliance with CCPA, Osterman Research surveyed 149 security professionals about the state of organizational compliance, the successes and challenges associated with satisfying compliance, lessons learned from GDPR, and the level of buy-in security professionals believe they’ve received from the wider organization.

“CCPA is a monumental piece of legislation in the United States that will drive forward data protection for consumers not just in California, but more broadly as it inspires other states into similar action,” said Tony Pepper, Chief Executive Officer at Egress. “The results from Osterman Research show clear gaps in compliance and preparation, including a robust email security strategy, efficient processes that can quickly respond to data subject access requests (DSARs), and measures to reduce the risk of email compromise or the accidental exposure of sensitive data.”

“Our research found that most organizations just aren’t yet ready for compliance with the CCPA, despite the fact that we conducted the survey less than three months before it becomes enforced,” said Michael Osterman, Principal Analyst at Osterman Research. “This is likely to present some serious consequences for non-compliant organizations given our view that the State of California will be reasonably aggressive in pursuing non-compliant organizations during 2020.”

Survey findings include:

With findings also showing that many organizations are holding off on actions, improvements, or compliance until 2020 or later, and less than half (41 percent) have allocated budget for compliance, it’s more important than ever for organizations and security professionals to understand the risks and implications of non-compliance. Email security, in particular, is a major component of data privacy that organizations need to consider when preparing for CCPA.

More details.