CCPA: Why Taking a Wait-and-See Approach Could Cost You – Big
May 5, 2020
Consumer privacy may be the name of the game with the newly-enacted California Consumer Privacy Act, but you can’t blame a corporate compliance officer for discovering it’s a “sticker shock” price issue, too.
The CCPA, which is aimed at boosting privacy protections for Golden State residents, went into effect on January 1, 2020. Built on the European Union’s General Data Protection Regulation regulatory model, the CCPA impacts about 75 percent of California businesses – as follows:
Companies that have gross revenue of at least $25 million.
Companies that buy, sell and share the personal information of 50,000 or more consumers, households or devices.
Companies that derive 50 percent of more of their annual revenue from selling consumers’ personal information.
Major Financial Penalties for Non-Compliance
With the rollout so recent, and the current focus of corporate compliance managers on the business impact from the ongoing pandemic, companies may be taking their eye off the ball on the new state mandate.
That would be a huge financial mistake, as the data points out.
According to the Berkeley Economic Advising and Research, California-based financial research think tank , initial compliance costs linked to the CCPA stands at $55 billion in the first half of 2020. That figure doesn’t count on the added costs for companies who are late to the CCPA compliance party.
The primary problem? Most companies weren’t compliant with the CCPA prior to the program’s ramp-up – and many are still figuring how to comply with the mandate amidst a major pandemic.
According to PossibleNOW, a data privacy services provider, 56 percent of Golden State businesses weren’t compliant with the CCPA on the January 1 rollout date. Reasons for non-compliance vary with 35 percent of companies blaming high compliance costs; 32 percent waiting for actual enforcement trends, and 29 percent who said the mandate either didn’t apply to them or weren’t sure the CCPA applied to them.
Procrastination may be tempting in this, the age of pandemic, but the financial costs of being found non-compliant with the CCPA should frighten any company compliance officer.
Consider this from the CCPA rulebook on non-compliance penalty costs:
$2,500 per record for each unintentional violation.
$7,500 per record for each intentional violation.
Think about those figures for a moment. A large company that holds hundreds of thousands – or even millions – of customer data profiles is courting huge financial trouble by dragging their feet on CCPA compliance.
Let’s say a firm is found non-compliant on 1,000 separate customer data privacy accounts. Depending on the resulting fines stemming from the incidents, that company could be fined anywhere from $2.5 million to $7.5 million in CCPA non-compliance penalties.
Plus, that firm will be firmly on the California regulatory radar going forward, and that’s a hot spot where no company wants to reside, not to mention the reputational damage from being deemed untrustworthy of client data.
Don’t Let CCPA Procrastination Happen to You
Yes, we live in historic times and yes, a company’s focus may well be on survival right now thanks to the coronavirus pandemic.
There are straightforward and efficient ways compliance officers can get and stay ahead on CCPA adherence, and avoid having the company shell out millions in non-compliance penalties. These action steps should be a priority for firms lagging on CCPA adherence:
Train your staff on CCPA, document “reasonable” data security safety procedures.
Review all vendor contracts.
Coordinate with your information technology team.
Establish a regular schedule to ensure your firm is in full compliance with CCPA.
Do your due diligence and check what other companies doing business in California are doing to better comply with the CCPA.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.