It comes as little surprise that so many businesses that process personal information are still unprepared for the California Consumer Privacy Act (CCPA) that comes into force on 1st January, 2020.
Some 88% of companies have yet to reach “an adequate state of compliance” ahead of the CCPA, according to privacy technology firm Ethyca,
Despite the fact that many of the world’s technology giants are based in California, only 12 percent of respondents from a survey of 85 businesses said they were ready for the new privacy regulation.
The survey found that 38 percent of companies need a further 12 months in order to achieve compliance the CCPA.
Yahoo Finance UK reports that last week Microsoft became the first tech giant to agree to honour the principles of the CCPA across the entire United States.
Calling the CCPA a “landmark privacy law”, the company pointed to its early compliance with GDPR as a motivating factor.
Julie Brill, Microsoft vice-president for global privacy, said in a statement.
While many of our customers and users will find that the data controls we already offer them through our GDPR commitment will be stronger than those rights offered by the new California law, we hope this step will show our commitment to supporting states as they enact laws that take us in the right direction,
But other companies are “running out of time”, according to Cillian Kieran, the CEO of Ethyca, which builds automated data privacy infrastructure and tools for companies.
More than 70% of respondents to the survey have not built an engineering solution for policy compliance. This means they are instead reliant on retrofitting old processes and additional work from employees.
Meanwhile, none of the startups surveyed have built privacy infrastructure or made budgetary allocations for privacy-related technology.
Noting the recent rise of enforcement activity from privacy regulators related to GDPR, which was introduced in May 2018, Kieran said that actions from regulators under CCPA may build “slowly” before gaining pace.
Ethyca also cautioned that companies were very focused on the US and Europe, even though similar privacy laws are now being introduced in other parts of the world.