eDiscovery Daily Blog

About Half of Surveyed Companies Haven’t Started Preparing for CCPA: Data Privacy Trends

Does this sound familiar?  Last week at the University of Florida E-Discovery Conference, I talked about the California Consumer Protection Act (CCPA) as one of the things that organizations need to be prepared to address these days as part of their compliance obligations.  Sounds like a lot of organizations haven’t gotten around to that just yet.

In an article in Legaltech® News (Almost Half of Companies Haven’t Started CCPA Compliance: Survey, written by Frank Ready), a recent survey of 250 executives and managers at U.S. technology, manufacturing, financial services, utilities and health care companies finds that 44 percent of companies that will impacted by the CCPA haven’t yet taken steps towards compliance.  Only 14 percent of respondents are fully CCPA compliant at this point.

The state’s forthcoming privacy regulation, which is scheduled to take effect next January 1st, empowers Californians with more control over the way their data is collected, shared or viewed by U.S. companies on a daily basis. According to the survey, a large majority of respondents, 71 percent, expect to spend at least $100,000 on compliance efforts. But consulting attorneys may not wind up seeing as much of that money as one might think.

The survey was conducted by Dimensional Research on behalf of the privacy compliance company TrustArc. Chris Bable, CEO of TrustArc, attributed some of the compliance delay to companies that have never had to wrap their heads around these issues before. While the European Union’s General Data Protection Regulation (GDPR) impacted only U.S. companies with business interests in Europe, the CCPA hits a little closer to home.

“One of the pieces that I had underestimated was truly the amount of companies that were not impacted by GDPR, so CCPA is their foray into doing this,” Babel said.

“The legal fees are going to play a role, but I don’t think the legal fee is going to be the largest chunk of the expense. It will really be the in-house kind of grind that needs to be done in order for the compliance steps to be in place,” said Jarno Vanto, a shareholder at Polsinelli.

The “grind” he’s referring to includes extensive work around understanding what data an organization holds and mapping the flow of that data. It also includes checking in with third party vendors and partners to determine what information they have access to as well.

So, how are companies planning on making the leap before the deadline? According to the survey, 72 percent of respondents plan on investing in some sort of technology to help smooth the way.  That doesn’t surprise me – as I discussed in Florida last week, Information Governance (IG) policies are vital to organizations’ ability to meet compliance obligations, but it’s going to take a combination of IG policies and technology for organizations to really get a handle on their data.

So, what do you think?  Are you surprised that so many companies haven’t begun to address CCPA yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.