SAN FRANCISCO (February 13, 2020) – Although most large companies committed significant time and resources to comply with the California Consumer Privacy Act (CCPA) in 2019, many appear hesitant to invest in implementing the new requirements found in CCPA's draft regulations issued late last year and updated on February 7, 2020, until the final requirements of the law are known, according to a new report from Holland & Knight. Read the full report here.
"A Report on Businesses' Implementation of the California Consumer Privacy Act in the First Month" is based on a survey of the websites of 125 top U.S. companies, including the Fortune 100, to assess how businesses have operationalized the CCPA's requirements despite lack of guidance from the state regulator. The survey was conducted between January 20 and 31, 2020.
Among the key findings:
"The range of approaches observed confirms that businesses are truly struggling to understand the nuances of the law and are hampered by not knowing the final requirements that will be enforced come July," said Ashley Shively, the Holland & Knight partner who authored the report. "Any company that has not made good faith efforts, however, risks becoming a target for enforcement, especially given that the California attorney general has been vocal about making an example of those companies that do not implement the new law properly."
Although the survey only looked at the publicly available aspects of a company's compliance and may not reflect the entire picture of a business's efforts to comply with the law, particularly after the attorney general released modified regulations on February 7, 2020, a website review was the most practical way to gauge the status of implementation.
About the Data Strategy, Security & Privacy Team: Holland & Knight's Data Strategy, Security & Privacy Team offers the full range of solutions companies need to operate in today's data-driven marketplace. The team has the broad set of litigation, legislative, legal, compliance, crisis management and technical experience required to develop holistic, tailored solutions for clients. The firm offers true one-shop capabilities with its full-service practice that addresses even the most complex cybersecurity and privacy issues.
Please note that email communications to the firm through this website do not create an attorney-client relationship between you and the firm. Do not send any privileged or confidential information to the firm through this website. Click "accept" below to confirm that you have read and understand this notice.