In one of the first analysis to date regarding adoption of the California Consumer Privacy Act (“CCPA”), Consumer Reports has exposed what many in the industry already knew: many companies are not complying with one of the central tenets of CCPA’s requirements. These noncompliant practices can cause consumer frustration as well as exposure to significant financial penalties for companies both within and outside of California.
In May and June 2020, Consumer Reports conducted a study to examine whether CCPA is working as intended for consumers. The study focused on the Do Not Sell My Personal Information (“DNS”) provision in the CCPA, which gives consumers the right to opt out of the sale of their personal information to third parties through a “clear and conspicuous link” on the company’s homepage. As part of the study, 543 California residents made DNS requests to 214 data broker companies, and study participants reported their experiences through a survey.
Even given the somewhat limited scope of the study (and its focus specifically on data broker companies, who should be out in front of any data privacy regulation), Consumer Reports showed that companies are struggling to comply with DNS, which is a primary component of CCPA, and novel in its implementation (Europe’s GDPR does not have a similar DNS requirement). Primary takeaways for the study included:
The study did find that some companies made the opt-out process easier when they allowed participants to click on prominent links on company home pages that read “Do not sell my data,” filled out a short form, and were quickly emailed a confirmation that the company would make good on the request. In these cases, participants expressed a positive view of the company.
Data broker companies, like the ones subject to this survey, should have a heightened sensitivity to data privacy laws. The fact that a large number aren’t properly complying with CCPA is troubling, and it may mean that companies in other industries have a lower compliance adoption rate. CCPA is industry agnostic, and if your company is subject to CCPA, you need to ensure you’re in compliance so that you avoid significant noncompliance penalties.
Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:
You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.