Skip to main content

On-demand webinar coming soon...

Press Release

OneTrust-IAPP Research: Most U.S. Companies are Not Ready for the CCPA

With only six months until the CCPA implementation date, research reveals less than half will be prepared

April 30, 2019

Today at International Association of Privacy Professionals’ (IAPP) Global Privacy Summit, OneTrust and the IAPP announced the results from research analyzing California Consumer Privacy Act (CCPA) preparedness in advance of the regulation’s Jan. 1, 2020 compliance deadline. The IAPP, the largest and most comprehensive global information privacy community and resource, and OneTrust, the largest and most widely-used dedicated privacy management technology platform, surveyed U.S. organizations spanning size and industry, and found that while reputation and consumer privacy are the biggest drivers for CCPA compliance, only 55% of companies plan to be ready by the law’s Jan. 1, 2020 effective date.

Download the Research: Ready or not, here it comes: How prepared are organizations for the California Consumer Privacy Act?

The CCPA is the first of its kind U.S. consumer privacy law which broadly expands the data protection and privacy rights of California residents. The law, inspired by the EU’s General Data Protection Regulation (GDPR), requires organizations that do businesses in the state to undertake significant operational reform to meet the increased obligations of handling California consumer personal data.

In the first of three planned reports this year to assess CCPA readiness overtime, the OneTrust-IAPP research revealed most organizations still have a long way to go toward compliance. Key findings from the research found:

  • Only 55% of those surveyed plan to be ready for the CCPA by its enforcement date: Jan. 1, 2020. Another 25% plan to be ready by July 1, 2020, the date California will begin enforcement actions.
  • The biggest reason organizations are underprepared is due to a lack of time, whereas the biggest motivator for compliance is company reputation.
  • GDPR readiness is paying off: companies with a “high” level of GDPR compliance have early target dates for CCPA compliance (59% will be ready by Jan. 1), while none of the organizations that report “low” GDPR compliance plan to be ready by this same date.
  • Federal preemption is unlikely: 47% of those surveyed believe a federal privacy law that preempts the CCPA will not be passed by Congress over the next year or two.

Given the haste with which the CCPA became law, as well as a number of drafting errors, many organizations seem to have taken a wait-and-see approach to compliance. But now, with the law taking effect Jan. 1, 2020, and becoming enforceable July 1, 2020, it is clearly time for organizations to take a closer look at the CCPA and begin preparing toward compliance.

“The CCPA is a major moment for the U.S. privacy landscape and our research reveals companies that didn’t need to overhaul privacy practices for GDPR compliance are now struggling to meet the CCPA’s 2020 deadline,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “With OneTrust, organizations can simplify this compliance process and implement an automated and research-backed technology solution to fast-track their efforts and efficiently meet CCPA requirements, including the 12-month ‘look back’ clause which forces companies to handover consumer data handling practices as far bas as January 2019. We’ve already seen a massive increase in customer interest in the CCPA, and are helping many organizations make the necessary CCPA operational changes to leverage the new law as a stepping stone for building a global privacy program.”

“Our survey targeted a community of well-informed privacy professionals, and even they seem a bit caught off guard by the CCPA,” said Rita Heimes, IAPP Research Director and Data Protection Officer. “Nevertheless, they seem to think it’s not likely to be replaced by a federal law any time soon.”

Download the full research report to learn more. For additional information, or to request a live OneTrust Privacy Management Software demo, visit OneTrust.com or email Info@OneTrust.com. To learn more about the IAPP, visit IAPP.org.

 

About IAPP

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.

 

About OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management. According The Forrester New Wave™: GDPR and Privacy Management Software, Q4 2018, OneTrust “leads the pack for vision and execution.” Additionally, Fast Company named OneTrust as one of 2019’s World’s Most Innovative Companies.

More than 2,500 customers, both big and small and across 100 countries, use OneTrust to implement their privacy, security and third-party risk programs, automatically generating the specific record keeping needed to demonstrate compliance with privacy regulations including the EU GDPR, California Consumer Privacy Act (CCPA), Brazil LGPD, and hundreds of the world’s privacy laws.

OneTrust’s size and scale allows it to offer the easiest-to-use and most affordable solution for implementing use cases including: Privacy Maturity Benchmarking, Data Protection by Design and Default (PbD), Data Protection Impact Assessments (PIA/DPIA), Third-Party Vendor Risk Management, Incident and Breach Response, Data Mapping (Records of Processing), Customer Preference Management, Consent Management, Website Scanning & Cookie Compliance, Mobile App Scanning, Data Subject/Consumer Rights Management and Policy & Notice Management. The software, available in 60 languages, is backed by 50 awarded patents, integrates with 300 technology partners, and can be deployed in the cloud or on-premise.

The platform’s intelligence comes from DataGuidance by OneTrust, an in-depth and up-to-date source of privacy and security regulatory summaries, guidance, templates, case law, and analysis. Hundreds of global privacy and security laws and frameworks are built-in, including security frameworks like ISO27001. The database is updated daily by over 30 in-house privacy researchers, along with a network of 500 lawyers across over 300 jurisdictions, and by active input as part of OneTrust’s regulatory engagement program.

OneTrust’s customers are supported by a worldwide team of over 100 in-house privacy implementation and support resources and boasts a customer satisfaction score of 95%. Customers can also access more than 1,000 external individuals who have completed the OneTrust Certified Privacy Management Professional program.

The OneTrust Global Privacy Community is the largest, most active and globally available community for privacy technology. Each year, OneTrust brings together over 10,000 professionals across 400 events to share best practices and breakdown the latest technology innovations driving global privacy compliance. Events include PrivacyConnect workshops in 100+ international cities and PrivacyTech, OneTrust’s global user conference.

OneTrust’s 700 employees are located across co-headquarters in Atlanta and in London with additional locations in Bangalore, Melbourne, San Francisco, New York, Munich and Hong Kong. To learn more, visit OneTrust.com or connect on LinkedInTwitter and Facebook.


You may also like

Webinar

Privacy Management

CPRA in action: OneTrust Live Demo

Join us for a deep dive tour of our suite of technology solutions for operationalizing and automating CPRA requirements across Do Not Share, Consumer Rights and privacy governance operations.

August 01, 2024

Learn more

Webinar

Privacy Management

Going beyond CCPA

Join us for an in-depth webinar on "Going Beyond CCPA," where we will explore the intricacies of privacy laws, compare major regulations, and provide guidance on enhancing your privacy policy.

July 25, 2024

Learn more

Webinar

Privacy Management

The evolution of CCPA

Join us for an insightful webinar on "The Evolution of CCPA" where we will delve into the latest amendments, understand their impact, and explore the new requirements and implications for businesses.

July 18, 2024

Learn more

Webinar

Privacy Management

Mastering data privacy: Navigating CCPA, CPRA, and beyond

Mastering Data Privacy: Expert Guidance on CCPA, CPRA, GDPR Compliance, Privacy Policy Best Practices, and Live Demo Insights

July 18, 2024

Learn more

Webinar

Consent & Preferences

Global Privacy Control: CCPA enforcement of GPC opt-out signals webinar

Watch this on-demand webinar to gain an overview of what Global Privacy Control (GPC) is, the benefits of the signal, and how it works.

October 30, 2022

Learn more

Webinar

Privacy Management

Employee vs. consumer rights: Same concept, different reality

Join this webinar to learn about the rights request fulfillment complexities introduced by the end of the employee exclusion in the CPRA.

August 25, 2022

Learn more

White Paper

Privacy & Data Governance

How OneTrust helps with California privacy law compliance (CCPA & CPRA)

This guide to California privacy law compliance helps your organization understand the requirements under the CCPA and CPRA.

June 23, 2022

Learn more

Webinar

Privacy & Data Governance

Know your laws: Comparing CCPA & CPRA vs. GDPR

Watch this free webinar and see how the CCPA and CPRA compare with the GDPR.

January 04, 2022

Learn more

eBook

Privacy & Data Governance

The ultimate guide to CCPA compliance

The Ultimate Guide to CCPA Compliance eBook highlights key compliance areas of  the CCPA that you should consider when building a privacy program.

December 01, 2021

Learn more

Webinar

Privacy Management

CCPA, CPRA, and Global Privacy Control: Moving toward a more private web

Watch this webinar to learn about Global Privacy Control (GPC), how it centralizes user opt-out preferences, and streamlines compliance with CCPA and CPRA. 

September 08, 2021

Learn more

Webinar

Privacy & Data Governance

Breaking update: New California Consumer Privacy Act

This webinar dives into the details of the California Consumer Privacy Act and how it will impact the companies handling their data.

July 23, 2021

Learn more

Infographic

Privacy & Data Governance

CCPA vs. CPRA infographic

Compare California's privacy laws: CCPA vs CPRA in this downloadable infographic.

July 22, 2021

Learn more

Infographic

Privacy Management

CDPA vs CCPA: Comparing US privacy laws

Download this infographic comparing the Virginia CDPA to the California CCPA.

July 22, 2021

Learn more

Webinar

Privacy & Data Governance

CPRA vs CCPA: What you need to know

Join us for a webinar as our legal experts discuss the key differences between the CPRA vs the CCPA.

July 22, 2021

Learn more

Webinar

Privacy Management

CCPA identity verification

In this webinar we explore options for verifying a consumer's identity and how to fully automate this process with OneTrust.

August 13, 2019

Learn more

Webinar

Privacy & Data Governance

CCPA compliance masterclass

Watch our OneTrust CCPA Masterclass Series and learn how to prepare your organization for CCPA compliance.

Learn more