road to CCPA compliance will be a long one.

A study conducted by data privacy compliance firm CYTRIO revealed that businesses are dragging their heels to comply with CCPA regulations and CPRA. Only 14.67% of the 600 companies in the study who were not compliant a year earlier have since become compliant.

In addition, 13.33% (of the total number of non-compliant firms) adopted a manual system for compliance versus an automated one (1.33%).

California Privacy Rights Act, or CPRA, is an expansion of the California Consumer Privacy Act. It went into effect in 2023. A provision of the act, however, delayed implementation until July 1, 2020.

Vijay Basani is the founder and CEO at CYTRIO. He said, “CCPA/CPRA has been in place for a while, but it’s not enforced. This results in a very low level of compliance.”

Breakdown of B2B/B2C. CCPA/CPRA compliance is required by both B2B marketers and B2C.

Here is a breakdown of the compliance between the two cohorts.

• 5,33% of B2C businesses have moved away from manual compliance and towards automated solutions.
• 12.67% of B2C businesses have moved from manual compliance to non-compliant.
• 8% of B2B firms have moved away from manual compliance and towards automated solutions.
• 14 % of B2B firms have moved from manual compliance to non-compliant.

Interactive tool to help consumers. California Attorney General Rob Bonta has launched an Interactive Tool for Consumer Privacy that enables consumers to send notices to companies who are not in compliance.

The tool is currently focused on a single case: when marketers fail post a Do Not Sell My Information button on their websites. The tool will be expanded to include other rights under the CCPA and CPRA, which should encourage marketers to comply.

Find out why marketers should be concerned about privacy.

Basani said that “easy-to-find Don’t Sell My Information” is only the beginning. “Until we create an environment in which there is frequent and active enforcement by companies of all sizes, and across industries, there will be very little incentive for businesses to comply with the data privacy laws here in the U.S.”

He said, “It’s also important not to only focus on Do Not Sell My Information. Regulators must focus on ensuring that companies are implementing Privacy User Experience tools such as Privacy Notices and legally compliant Cookie Consent Banners. They should provide consumers with the capability to edit or modify their preferences. And they should give consumers the right to exercise their privacy rights.”

Why do we care? Basani estimates 39% of all companies have implemented a manual solution for compliance, while 9% have automated solutions. Over half of the organizations are still catching up in a more regulated world that includes laws in Virginia, Colorado and many other states.

The post The slow march to CCPA Compliance first appeared on MarTech.