Initial CCPA Compliance Costs Could Hit $55 Billion: Report
According to an economic impact assessment prepared for the state attorney general’s office by an independent research firm, California’s new privacy law could cost companies a total of $55 billion to get in compliance. Total CCPA compliance costs are likely to vary considerably based on the type of company, the maturity of the businesses’ current privacy compliance system, the number of California consumers they provide goods and services to, and how personal information is currently used in the business.
CCPA provides sweeping privacy protection to California’s residents. It includes a provision that will allow consumers to know what data companies are collecting on them. The bill grants rights to California residents to be informed about how companies collect and use their data, and allows them to request their personal data be deleted, among other protections. It represents the start of a new era of privacy laws designed to protect personal data, says Kelsey Finch of the Future of Privacy Forum. CCPA’s section gives consumers the right to delete personal information from the company’s database.
CCPA Affecting Businesses :
CCPA will affect three types of businesses based in California:
- Companies that have gross revenue of at least $25 million.
- Companies that buy, sell and share the personal information of 50,000 or more consumers, households or devices.
- Companies that get 50 percent or more of their annual revenue from selling consumers’ personal information.
By estimates, companies with less than 20 employees have to pay $50,000 for compliance. Large companies having more than 500 employees will have to pay an average amount of $42 million. This will make up for 1.8% of California Gross State Product. According to a report, total compliance costs for the companies subject to the law could range from $467 million to more than $16 billion over the next decade. Researchers estimated that as many as 75% of California businesses earning less than $25 million in revenue would be impacted by the legislation. States have begun to take efforts for privacy legislation. Facebook CEO Mark Zuckerberg advocated for creating a nationwide policy in this regard. Cost and complications will be lessened by setting one legal standard for tech firms than a piecemeal approach to compliance.
Since many businesses in California that operate in Europe had to make changes to comply with the GDPR which went into effect last year, CCPA has taken some elements from GDPR. The research suggests that the compliance costs for California’s law will be reduced this way. The EU estimated average incremental compliance costs for the GDPR would total about 5,700 Euros a year (nearly $6,300), according to the report, though there is also evident that the regulation lost productivity in sectors that rely heavily on data. Smaller firms are likely to take on a disproportionately larger share of compliance costs compared to larger firms with GDPR.
CCPA- An Inherit Part of GDPR:
Over a year after the introduction of the GDPR, concerns regarding its impact on larger firms appear to have been overstated, while many smaller firms have struggled to meet compliance costs. Resources explain this dichotomy as large technology companies are often several steps ahead of both competitors and regulators. In the long term, however, it is believed that the differential impact will likely shrink, driven in part by competition among third-party services that will help small businesses comply with the legislation.
Economic Impact on Companies:
Companies are going to face an economic impact due to CCPA. As smaller companies with less than 20 employees are expected to spend about $50,000 in initial CCPA compliance costs, while mid-sized firms with between 20 and 100 employees could incur costs of $100,000 to start, according to the study.
The expenses come at a time when companies are reaping big rewards from the buying and selling of personal consumer data. The use of personal data in online advertising is a $12 billion annual business in California. When combined with the buying and selling of information from data brokers, the number rises to $20 billion annually.
California businesses could spend an additional $16 billion over the next decade after initial compliance expenses to keep up with changes and other expenses, according to the report. Those expenses could include hefty fines for those who violate the law.
A recent report from the International Association of Privacy Professionals found that as of this summer, only 2 percent of affected businesses were fully compliant with the law.
Meanwhile, some other state legislators are using California law as a model. In Nevada, for instance, a new privacy law went into effect on Oct. 1. That law, known as Senate Bill 220, will give consumers more ways to keep websites from selling personal data.
Businesses that need to comply with CCPA:
Following are some businesses that have huge private data that needs to be protected by CCPA:
Online businesses have a huge private date of which they are taking advantage. The user surfing through the internet is analyzed by AI-based products and products of their interest are shown to get him attracted. This means that user data is being used to get more sales of their desired products by advertising it. So CCPA will enhance the privacy policies of businesses across the globe. The so-called rights over consumer data will be exploited by CCPA.
AI-based Verification Services:
As the regulations regarding KYC and AML are becoming more stringent businesses are adopting identity verification services for their customers and for other businesses. For this, they have huge data of clients that they have to verify. Identity verification service providers have the most confidential data on hand, hence they must follow the provisions of the California Consumer Privacy Act.
Social media plays a vital role in their shopping decisions. Its a platform to target audience of interest. According to a study, 87% of shoppers are satisfied with the shopping experience through social media. There are many social media marketing tools that are employed to get to the audience of interest and to improve the sales of a particular product. Businesses are aware of these tools and deploying them well. The use of these marketing products employe available information on social media platforms. Social media sites have to change their practices of selling the personal information of users to third parties. The consent of the user must be required for selling this data to a third party business.
So, businesses need to comply with CCPA for the protection of private data of consumers. Since many California businesses had to comply with Europe’s General Data Protection Regulation last year, some of the compliance costs for the new state law will likely be reduced, according to the report’s authors. Many businesses need to comply with CCPA to mitigate the risk of a data breach. The law will go into effect on Jan. 1, 2020.