DataGrail is back with our annual CCPA benchmark report, the State of the CCPA, for the second year in a row.
We help companies build robust programs by automating the process of completing privacy requests (otherwise known as data subject requests) and data mapping. Giving us unparalleled insights into how privacy is evolving, particularly how fast people and businesses are adapting.
This report analyzed how many data subject requests (DSRs) were processed throughout 2021 across our customers, resulting in a robust industry benchmark of what to expect as the ripple effect of data privacy regulations takes hold.
With our second annual CCPA report, we can reflect on what happened over a broader data set while spotting new trends taking shape. This post features just a sampling of the insights covered in depth in the full report.
- The number of Data Subject Requests (DSRs) nearly doubled year over year.
- The cost of processing Data Subject Requests more than doubled!
- On average, 26-50 employees are involved in the manual processing of DSRs.
- DSRs are coming from every state—regardless of whether they have a privacy law enacted or not.
Deletion & Do-Not-Sell Requests Are On The Rise
2021 saw a dramatic uptick in the volume of DSRs. While it’s hard to pinpoint exactly why, but broad consumer awareness was likely a significant factor.
The Manual Cost of Privacy Compliance Skyrocketed for Many Businesses
Cost based upon our proprietary data and Gartner’s recent research. In just a year, the manual cost of processing DSRs jumped from $192,000 to almost $400,000 (per 1M identities). If this trend continues, the cost of privacy compliance will become an increasing portion of many businesses bottom line.
Privacy Expert Spotlights
In addition, to our first-party data, the CCPA report includes first-hand insights from the industry’s privacy leaders. Read how industry leaders like Crossbeam and Overstock.com approach privacy and secure savings.
CPRA Is Expected To Increase Costs
The CPRA will increase privacy costs for many companies in 2023.
One of the many advocate criticisms of CCPA was that it only enabled an opt-out for the selling of personal data but not sharing it. Companies like Facebook took advantage of this lack of clarity and did not offer users the option to opt-out.
The CPRA closes the “selling” vs. “sharing” loophole and clarifies that organizations must give people the option to opt-out of their data is sold or shared with a third party for advertising purposes. This suggests that companies that have yet to offer DNS—but are required to do so in 2023 because of CPRA—will see a considerable jump in the number of requests they receive. Organizations that share personal data for advertising purposes should prepare for a massive uptick in DNS requests in 2023.
Even before those changes go into effect, there has been incredible growth in the amount of Do Not Sell Requests executed by consumers/data subjects.
Use CCPA Trends to Build a World-Class Privacy Program
Keeping a pulse on privacy trends, and being adaptable, will help to ensure that your company will not fall behind the pack. If you want even more CCPA data and tips from privacy leaders, download the full report to take your privacy program to the next level. Here’s a look at the Table of Contents to get a sampling of what you can expect.