PWC Survey on CCPA: Enterprise Compliance Expected at 52% by January 1, 2020
PwC has released a survey of business executives on compliance with the California Consumer Privacy Act. It is the first of what we expect to be many updates from the business community over the next few years about the state of their preparations for privacy laws. The survey questioned more than 300 executives at US companies with revenues of $500 million or more.
It is clear from the survey that organizations are taking the new California privacy law seriously. 86% of survey respondents rank CCPA compliance as one of their top business priorities. Executives in the retail industry and Telecom/Media/Tech put the highest level of emphasis on it compared to other industries. PwC placed the cause for this concern on the limited time available to prepare. Under GDPR, organizations had two years to become compliant and many are still finalizing their compliance efforts.
Only 5-15% of businesses (depending on industry) have not yet started their preparations for California. Most business are assessing their current level of readiness or have just completed their initial assessment of the state of their compliance effort. However, the average company still has not begun to implement a solution – only between 25 and 41% of companies have started operationalizing their preparations for the CCPA.
About half of respondents (52%) expect their company to be in compliance with the terms of the CCPA by January 2020. The highest expected compliance was anticipated in financial services and Telecomm/Media/Tech, with 58% and 56% respectively. Only 46% of retail/consumer products companies expect to be prepared for the new California privacy law by the start of 2020.
Organizations may technically have until July 1st to prepare as the California legislature authorized a potential delay in enforcement to July 1, 2020 (six months after the California Attorney General issues the final regulations for the law). However, PWC noted concern that there is no prohibition on the CaAG pursuing violations that occur between Jan. 1 and July 1 following the start of enforcement under the terms of the amended law.
Many executives expect that their preparations will be easier because of GDPR. Of the 300+ survey respondents, GDPR applies to 79% of their companies. Of the organizations that must comply with GDPR, 79% responded that their compliance efforts with the European law will make compliance with the California law easier in some respect. Approximately 19% believed that there would be no impact on their compliance efforts with California or that it would make CCPA compliance slightly harder.
Another component of the survey revealed that executives are concerned about the terms of enforcement. Although the law provides 30 days for an organization to cure violations, 84% of respondents were concerned about uncertainty about what it means to “cure” a violation because the law does not define the term.
Learn more about the California Consumer Privacy Act.
Federal Privacy Laws
– Pending Congress Bills
Other Blog Posts on the California Consumer Privacy Act:
Debate Over CCPA Amendment Heats Up as Business Preparations Ramp Up
California AG Holds First Public Forum for CCPA Rulemaking in San Francisco
New Mexico Privacy Bill Copies CCPA – Consumer Information Privacy Act Introduced in NM Legislature
CCPA Rulemaking Public Forums Announced by California Attorney General
CCPA Compliance Note: The Lookback Period Starts on January 1, 2019
A Sale for Valuable Consideration Under California’s CCPA Defined
Consumer Organizations Defend California Consumer Privacy Act (CCPA) in Letter to Legislators
California AG Tells Congress Not to Preempt California Privacy Law
CCPA Privacy Lawsuits Implicated in United States Challenge to Injury Standing in Frank v. Gaos
California Adopts SB-1121 Amendments to Consumer Privacy Act