Only 12 percent of companies are ready for new privacy regulations
With the California Consumer Privacy Act (CCPA) and other US privacy regulations on the horizon, a new study reveals that many companies are not yet ready to comply.
The report from data privacy company Ethyca shows just 12 percent of respondents believe they have achieved an adequate state of compliance/readiness for the emerging regulatory landscape.
A worrying 38 percent of companies say they will need 12 months before they are compliant with data regulations. In addition more than 70 percent of companies in the study have no engineering solution to policy compliance, relying instead on man-hours and retrofitted processes to do the work.
75 percent of companies use a manual solution in their approach to data privacy, none are fully reliant on software, the rest using a mix of both software and manual solutions.
There is huge variation in which team takes responsibility for privacy budgets too. 38 percent of companies allocate the budget to the IT team, 12 percent of companies allocate it to the security team, 25 percent allocate it between the legal and IT teams, while 25 percent haven't assigned the budget to a specific division.
Startups are least likely to have formalized data privacy resources and processes. None of the startups surveyed have implemented privacy infrastructure or made budgetary allocations for privacy technology.
Cillian Kieran, the CEO of Ethyca, says:
We embarked on this exercise to understand the different ways businesses are solving for privacy compliance, understand the trade-offs between different solutions, and the particular obstacles that constrain success for a given solution.
There's a prevailing sense that organizations fall short of a state of privacy compliance. This shouldn’t be surprising. Regulatory compliance in any domain doesn't happen the moment legislation comes into effect. Rather it’s a process that’s heavily influenced by the obstacles to adoption. But companies are running out of time to tackle these obstacles, with incidents of GDPR enforcement continuing to rise as citizens and regulators find their footing with the new legislation. The CCPA's implementation in 2020 may follow a similar path with enforcement building slowly over an initial period, then reaching a more active maturity. The trend toward enforcement should be concerning for companies that have to work to do to reach a state of readiness for the regulations.
The full report is available from the Ethyca site.