Only half of US businesses affected by the California Consumer Privacy Act of 2018 expect to be compliant by the 2020 deadline, according to a PwC survey of more than 300 executives at US companies with revenues of $500 million or more.
The law — CCPA for short — is expected to provide state residents sweeping data-privacy rights that most businesses will only be able to honor by first overhauling their personal data-governance capabilities.
The US retail sector — largely unaffected by last year’s scramble for compliance with the EU’s General Data Protection Regulation — may be particularly challenged in meeting the deadline: less than half (46%) of retail and consumer respondents say they will be compliant by 2020. Confidence in meeting the deadline is similarly lacking in the industrial products (44%) and health (47%) sectors.
Respondents from financial services (58%) and telecommunications, media and technology (TMT) (56%) sectors are relatively more confident about meeting the deadline.
The CCPA mandates a wide range of safeguards to protect the personal data of California consumers and employees. The act significantly broadens the definition of personal data to include a range of individual, or household, identifiers. It defines consumer as a “natural person who is a California resident.”
CCPA’s impact will extend well beyond the Golden State and its 39.5 million residents. More than three quarters of respondents to our survey say they collect personal information on California residents. Many are considering whether to extend CCPA’s rights to all of their US employees and consumers for operational simplicity and long-term readiness for potential federal privacy legislation.
Read the Full Article