According to a study of nearly 10,000 companies, data privacy security company CYTRIO reports the marjority of companies have still not taken proactive measures to comply with the California Consumer Privacy Act (CCPA). CCPA and the enhanced CPRA becomes fully enforceable on January 1, 2023 and includes employees’ rights to their personal data.

“Companies should be aware of numerous changes coming in the more expansive CPRA that goes into effect on January 1, 2023, including employees’ right to exercise data privacy, requiring companies to deploy an effective and scalable CCPA/CPRA and GDPR compliance management solution. Further, as the new California Privacy Protection Agency (CPPA) takes on the CPRA enforcement role starting January 1 with a 12-month lookback window, there will be an increase in enforcement resources resulting in CPRA penalties.”

Vijay Basani, founder and CEO of CYTRIO

The study reports that Of the companies researched in Q3, 52% stated they need to comply with CCPA but do not provide a mechanism for consumers to exercise their data privacy rights, while 39% of companies are using expensive and error prone manual processes. Comparatively, Q2 research indicated that as of June 30, 2022, 91% of companies that must comply with CCPA were still not prepared to meet those compliance requirements

Q3 2022 saw the first enforcement action under CCPA with Sephora being fined $1.2 million for selling consumers’ personal information to online tracking companies without their consent.