New Research Shows Companies Aren’t Prepared for California’s Incoming…

“The outcomes of this report reflect a troubling gap both in terms of understanding the nuances of CPRA, and preparedness to comply with what is one of the most technical privacy laws to date.”

Transcend, the privacy platform that makes it easy to encode privacy across a company’s tech stack, today announced the release of new research into corporate readiness for the California Privacy Rights Act (CPRA) and the compliance challenges that remain. With enforcement beginning January 1, 2023, companies have less than six months to complete their compliance efforts.

Based on a survey of legal and engineering leaders conducted by Gartner Peer Insights, the findings from Transcend’s 2022 CPRA Preparedness Report reflect significant knowledge gaps around new CPRA requirements, insufficient resources to achieve compliance, and new risks due to expanded regulations around data transfers for the purpose of targeted advertising.

Transcend’s research found that:

  • Only 10% of survey respondents consider themselves well versed on the new CPRA requirements.
  • As the creation of the California Privacy Protection Agency translates to greater scrutiny than ever before, over half of those surveyed were either not confident or unsure if their organization will be fully compliant with CPRA before the January 1, 2023 deadline. Only 30% are confident or very confident that their organization will be fully compliant.
  • 97% of respondents reported using one or more advertising tracking platforms that collect personal information on their organization’s website(s). But close to half (46%) either don’t have or don’t know if they have proper event tagging to ensure “Do Not Sell or Share” requests are passed through to these platforms.
  • As a result, 50% of leaders feel the new opt-out requirements for ‘Do Not Share’ will increase their compliance risk.

“The outcomes of this report reflect a troubling gap both in terms of understanding the nuances of CPRA, and preparedness to comply with what is one of the most technical privacy laws to date. With just a few months to go until CPRA comes into effect, and alongside the establishment of the California Privacy Protection Agency to oversee enforcement, the burden of corporate compliance with a growing canon of more technically complex privacy laws is only increasing,” said Transcend’s General Counsel and Head of Privacy Brandon Wiebe.

Transcend’s research also found that while 50% of leaders feel ‘Do Not Share’ will increase their compliance risk, and 41% are attempting to implement ‘Do Not Share’ with in-house resources, only a fraction of those surveyed (4%) currently having the engineering bandwidth to build and maintain compliance across all their ad-tech.

“The most painful and time-consuming part of getting ready for any new privacy law is finding the engineering and product resources to re-architect data processing activities at a technical level, and this is more true than ever with CPRA and shown in these findings” said Wiebe.

Despite significant knowledge gaps, insufficient resources, and lagging compliance, the majority of companies (58%) reported they are willing to invest considerable amounts—between $50,000 to $250,000—to reduce their compliance risk in the future.

“The future resource commitment reflected in this report is a positive sign—signaling that, though corporations aren’t yet where they need to be in terms of technical privacy compliance, they are starting to head in the right direction.” said Wiebe.

The full 2022 CPRA Preparedness Report from Transcend can be found at: go.transcend.io/cpra-preparedness-report-2022/

About Transcend

Transcend is the privacy platform that makes it easy to encode privacy across a company’s tech stack for complete personal data observability, governance, and compliance. Backed by Accel and Index Ventures, the company is the data privacy partner of choice for brands such as Robinhood, Clubhouse, Eventbrite, CircleCI, and more. Transcend customers go beyond the patchwork compliance and manual offerings of yesterday to realize an easy, efficient, and secure privacy program at scale, with industry-leading technical solutions for the most urgent data mapping, consumer request, and consent management challenges. By future-proofing its technology, Transcend also enables customers to confidently address new or future regulatory requirements, whatever they might be. In addition, Transcend’s privacy platform incorporates a standard-setting secure by design architecture that security-conscious brands have come to expect, including an on-premise security gateway, E2EE (end-to-end encryption), and more.

Founded in 2017, Transcend is headquartered in San Francisco.

You can also find us on:

Twitter

LinkedIn

GitHub

Sign up for Transcend’s weekly newsletter on privacy and technology, Privacy XFN.

Share article on social media or email:

Time Stamp:

More from Computer Security