Only 11% of US businesses fully comply with CCPA privacy law

B2C and B2B companies are equally poor at compliance.

Only 11% of US businesses fully meet California Consumer Privacy Act (CCPA) requirements, according to a new study. This is actually higher than the 6% fully compliant with the EU’s General Data Protection Regulation (GDPR).

The rest of the companies are either non-compliant (44%) or partially compliant (45%) with these privacy protection laws, according to research from CYTRIO, a data privacy compliance company. The EU and California laws require companies to provide people with a way to exercise their rights, something 44% of the 5,175 businesses surveyed failed to do. A company was judged somewhat compliant if it used manual processes – email, web forms – for handling data requests. 

Worth noting: 

Only 11% of US businesses fully comply with CCPA privacy law
Source: CYTRIO. Used with permission.
  • More than 50% of companies fail to comply with these laws despite stating on their websites that they need to do so.
  • While B2C companies collect more consumer data, their compliance rate is essentially the same as B2B companies (11.3% for B2C vs. 10.3% for B2B).
  • The most compliant business sectors are Media & Internet (30%) and Consumer Services (25%). The least: Healthcare Services (0%) and Education (8%).
  • Only 15% of California companies are compliant. New Hampshire does best in the state rankings with 24%. Alaska, Arkansas, Idaho, Montana, New Mexico, South Dakota and West Virginia all had 0%. 

Why we care. GDPR can levy fines of up to 4% of annual revenue and they mean it: Google, British Airways, H&M and Marriott are among the companies hit with fines of $ 10 million or more. The CCPA can charge up to $ 7,500 per record for each intentional violation. That’s just direct fiscal cost. Brand reputational damage is likely to be much higher. Consumers have been very forgiving about data being stolen. This won’t be the case if a company has been misusing it on purpose.

The post Only 11% of US businesses fully comply with CCPA privacy law appeared first on MarTech.


About The Author

Constantine von Hoffman is managing editor of MarTech. A veteran journalist, Con has covered business, finance, marketing and tech for, Brandweek, CMO, and Inc. He has been city editor of the Boston Herald, news producer at NPR, and has written for Harvard Business Review, Boston Magazine, Sierra, and many other publications. He has also been a professional stand-up comedian, given talks at anime and gaming conventions on everything from My Neighbor Totoro to the history of dice and boardgames, and is author of the magical realist novel John Henry the Revelator. He lives in Boston with his wife, Jennifer, and either too many or too few dogs.