BOSTON — Cytrio released its sixth “State of CCPA & CPRA Privacy Rights Compliance” report to understand how well U.S. companies have improved their preparedness over the last five quarters for meeting California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) compliance requirements related to Data Subject Access Requests (DSAR). Cytrio examined 600 of the previously researched 11,000-plus mid to large companies with revenues from $25 million to more than $5 billion. The results identified 6.67% of companies that were using manual processes in the first quarter (Q1) of 2022 moved to compliance automation solutions by Q2 2023, while 14.67% of noncompliant companies moved to either automated and manual compliance solutions.
“While the lack of active enforcement in the data privacy space seems to be resulting in slow movement toward compliance, our research shows that companies have in fact moved up the CCPA/CPRA compliance maturity curve from Q1 2022 to Q2 2023,” said Vijay Basani, founder and CEO of Cytrio. “More changes are coming in data privacy compliance, including employees’ right to exercise data privacy in the expansive CPRA and active enforcement, which began on July 1, 2023, which requires companies to deploy an effective and scalable CCPA/CPRA solution.”
California Attorney General Rob Bonta also launched a Consumer Privacy Interactive Tool to make it easy for consumers to send notice of noncompliance to companies for failing to post an easy-to-find “Do Not Sell My Information” link on their website. There are plans to expand this tool to cover other consumer rights under CCPA and CPRA.
Key findings of the research, as of June 30, showed the change in companies’ compliance status from Q1 2022 to Q2 2023, including:
- 13.33% of researched companies across all verticals, states, and business size that were non-compliant moved to manual CCPA/CPRA compliance solutions.
- 5.33% of B2C companies moved from manual compliance to automated solutions.
- 12.67% of B2C companies moved from noncompliant to manual compliance.
- 8% of B2B companies moved from manual compliance to automated solutions.
- 14% of B2B companies moved from noncompliant to manual compliance.
The research also showed that among companies with $25 million to $100 million in revenue, 4.67% moved from manual compliance to automated solutions, while 11.33% moved from noncompliant to manual compliance between Q1 2022 to Q2 2023. Additionally, for companies with less than $100 million in revenue, 8.67% moved from manual compliance to automated solutions, while 15.33% moved from noncompliant to manual compliance during the same time period.