By Chris Blake, Account Director
Here we go again.
According to an article in Information Management, only 14% of U.S.-based companies are ready to comply with the California Consumer Privacy Act (CCPA).
With about eight months to go, 44% haven’t even begun the implementation process. The findings from Dimensional Research and TrustArc echo the GDPR readiness of organizations eight months before that law was to go into effect. The deadline for compliance with CCPA is January 1, 2020.
California, Here We Come
The CCPA will give California-based consumers similar data protections that EU-based individuals now enjoy under GDPR. These include the right to know what data is being collected and how it’s being used, the right to refuse the sale of such data, and the right to delete such data.
The law, based on an opt-out consent model as opposed to GDPR’s op-in requirement, will impact any business, large and small, that collects data on California-based customers. Once implemented, CCPA will be the toughest privacy law in the country.
History Repeating Itself?
Will organizations straighten up their act in time? Not if GDPR taught us anything. In fact, according to a recent IT Governance report, 71% of EU-based organizations are still struggling to fully comply with GDPR. This leaves them vulnerable to major fines (as much as 4% of global revenue) and other damages related to erosion of customer trust and reputation.
Granted, despite EU organizations experiencing 60,000 data breaches through January (DLA Piper), only 100 fines were issued. Clearly, regulators are overtaxed, but businesses should not expect to slip through the cracks forever. GDPR and the CCPA are just the beginning as public opinion against the indiscriminate use of personal data begins to take hold. As a recent survey we conducted with Janrain showed, people are increasingly taking control of their data—71% told us they use software to protect their data or otherwise control their web experience. Make no mistake, more governments are sure to follow suit.
Besides, the cost of non-compliance goes well beyond penalties. They can also result in loss of customer trust, bad press, and a decline in stock valuations. People begin to wonder if there are other issues afoot. The brand takes a hit.
All organizations simply must accept that all customers will eventually own their data and have the right to have their data deleted or returned to them.
Regulations That Actually Help Businesses
But that’s not all. As MSR client and Waterline Data founder Alex Gorelik wrote in an article about companies struggling with GDPR compliance, complying with these regulations shouldn’t just be a defensive maneuver. Getting your data house in order brings big, long-term benefits. Not only are you cutting down on wasteful data sprawl and non-compliant data consumption, you’re improving the analytics health of your enterprise.
The organizations that will remain competitive tomorrow aren’t just looking to meet CCPA, GDPR and other regulatory requirements today. They’re leveraging compliance with these laws as a starting point for deriving more value from their data. This allows them to move from a defensive approach to data to bold revenue-generating and cost-saving offense.
Penalties aside, compliance is a competitive imperative. For a lot of brands, this means there’s work to be done. Consumers aren’t going to willfully share their data with just anybody. Businesses need to show they can be trusted, and this requires more than some fancy messaging that talks about being trustworthy.
Brands need to actually be trustworthy.