New TrustArc Survey Data Shows Nearly One-Third of Organizations Are Just Starting CCPA Planning

SAN FRANCISCO, June 17, 2020 /PRNewswire/ -- TrustArc, the leader in privacy compliance and risk management, today announced the results of its "Global Privacy Benchmark" survey on how organizations are protecting and leveraging data, their most valuable asset. One of the most extensive surveys ever conducted on data privacy, it polled more than 1,500 respondents from around the world at all levels of the organization. Survey results examined a wide range of topics, such as organizational commitment to privacy, the measures and investments companies are making to embed privacy, and company readiness for looming privacy regulations, such as CCPA and its July 1 enforcement date.

"There are more than 900 global privacy laws to which organizations must adhere, making privacy management an ongoing and dynamic challenge," said Chris Babel, CEO, TrustArc. "The TrustArc survey highlights just how difficult it can be to comply with even a single new regulation, such as CCPA, let alone the entire list of existing laws. The results also show how the COVID-19 pandemic and its attendant technologies, such as video conferencing, have exacerbated an already difficult privacy challenge and forced respondents to rethink their approaches."

CCPA Compliance Readiness Mostly Lacking; Prior GDPR Preparedness a Boost

Nearly one-third of survey respondents (29%) say they have just started planning for CCPA.

    --  More than 20% of respondents report they are either somewhat unlikely to
        be, very unlikely to be, or don't know if they will be fully compliant
        with CCPA on July 1.
    --  Just 14% of respondents are done with CCPA compliance. Nine percent have
        not started with CCPA compliance, and 15% have a plan but have not
        started implementation.
    --  Of respondents who reported as being slightly or very knowledgeable
        about CCPA and GDPR regulations, 82% are leveraging at least some of the
        work they did for GDPR in implementing CCPA requirements.

Privacy Professionals Still Use Inefficient Technologies for Compliance Programs

Though 90% of respondents agree or strongly agree that they are "mindful of privacy as a business," many privacy professionals are left building privacy programs without automation.

    --  19% of respondents report they are most deficient in automating privacy
    --  Just 17% of all respondents have implemented privacy management
        software, which matches the 17% who are still using spreadsheets and
        word processors.
    --  In addition, 19% are using open source/free software and 9% are doing
    --  Even in the U.S., which boasts the highest rate of privacy management
        software adoption, just 22% of respondents use privacy management
        software as their primary compliance software.

Respondents understand the importance of data privacy and continue to invest in ongoing privacy programs. However, many are still attempting to implement these programs using manual processes and technologies that do not offer automation. Moving forward, the companies that can leverage automation to simplify data privacy can protect their most valuable asset--data--and use it to drive business growth.

Pandemic, New Technologies Present Additional Challenges to Compliance

With the move to all-remote workforces, companies are increasingly turning to technologies, such as video conferencing and collaboration tools. These tools present new avenues for data creation that privacy professionals must consider in their company-wide plans.

    --  Twenty-two percent of respondents said personal device security during
        the pandemic has added a great deal of risk to their businesses.
        "Personal device security" received the highest proportion of "a great
        deal of risk" responses, compared to the other four response options.
    --  A majority of respondents said that third-party data, supply chain,
        personal-device security, unintentional data sharing, and required or
        voluntary data sharing for public health purposes all added at least a
        moderate amount of risk to their businesses.
    --  Seventy percent of respondents say video conferencing tools have
        required a moderate or great change to their privacy approach, and 65%
        of respondents say collaboration tools have required a moderate or great
        change to privacy approaches.

Despite Financial Impact of Pandemic, Privacy Compliance Remains a High Priority

Though many respondents expect a significant decrease in their company's revenues as a result of the COVID-19 pandemic, they are still prioritizing privacy-related investments.

    --  Forty-four percent of companies expect a decrease or steep decrease in
        overall company revenues for the balance of 2020 as a result of
    --  Just 15% of respondents report they plan to spend less or a great deal
        less on privacy efforts in 2020 as a result of the pandemic.
    --  Nearly half (42%) of respondents plan to spend $500,000 or more in 2020
        on CCPA efforts alone.

Boards of Directors Actively Involved in Privacy Management

The mandate for increased privacy investments is coming from the very top of organizations.

    --  Eighty-three percent of respondents indicate their board of directors
        regularly reviews privacy approaches.
    --  An impressive 86% of respondents say that everyone from the board of
        directors to the front-line staff knows their role in protecting
    --  Four out of five respondents view privacy as a key differentiator for
        their company.

To download the entire report, click here.

About TrustArc
TrustArc automates the creation of end-to-end privacy management programs for global organizations. As the leader in privacy compliance and data protection, TrustArc is the only company to deliver the depth of privacy intelligence that's essential for the growing number of privacy regulations in an ever-changing digital world. Headquartered in San Francisco, and backed by a global team across the Americas, Europe, and Asia, TrustArc helps customers worldwide demonstrate compliance, minimize risk and build trust. In 2019, TrustArc acquired Nymity to accelerate the development of its next-generation technology-driven privacy platform. For additional information visit

View original content to download multimedia: