Price Tag for CCPA Compliance: $55B
Data privacy doesn’t come cheap.
According to a regulatory assessment released by the state attorney general, the California Consumer Privacy Act will hit businesses with upwards of $55 billion in initial compliance costs. That works out to about 1.8 percent of California’s gross state product.
The cost estimate assumes that about 75 percent of California businesses will be required to comply with CCPA.
The report prepared by Berkeley Economic Advising and Research and released in late September notes that some of those costs could be defrayed by compliance with the European Union’s General Data Protection Regulation. Many California companies must comply with broader GDPR rules, which took effect in May 2018, meaning those broader privacy rules could help reduce “their expected cost of CCPA compliance and may offer useful guidance regarding the costs of enterprise adaptation to California standards,” the cost assessment concludes.
Nevertheless, the study finds that CCPA compliance costs are expected to add as much as 40 percent to annual IT budgets.
Among the industry sectors seen as hardest hit by the new privacy rules are professional, scientific and technical services along with the healthcare sector.
“The CCPA will fundamentally change how firms work with personal data,” the cost estimate concludes. “Some industries will be forced to completely revise their business models to incorporate the newly required data protections.”
For example, controversial data brokers that helped fuel the drive for greater data privacy rules would be forced to clean up their act.
“Adapting to the new privacy conditions will require innovations in the way firms use data,” the study notes. “New data management systems that ensure privacy standards will need to be developed along with new techniques to extract useful information from data with obscured identifying personal information.”
Among the costs associated with implementing new data management tools required under CCPA are legal, operational and technical considerations. Among the required changes are renegotiating service provider contracts and adjusting business models to change the way personal information is handled.
Hence, the study concludes that total CCPA compliance costs are likely to vary based on company type and the amount of good and services delivered to California consumers.
Initial compliance costs associated with legal fees incurred while preparing for the new privacy law, which takes effect on Jan. 1, 2020, are estimated to range between $50,000 to $1 million.
Hefty fines for non-compliance with CCPA could add to legal fees. A recent survey by the International Association of Privacy Professionals found that only 2 percent of California businesses consider themselves fully compliant with the new privacy law.
Still, tools are available to help boost compliance. Earlier this year, data governance specialist Io-Tahoe released data discovery tools in that use machine learning algorithms to help track down and manage what the new privacy law refers to as “personally identifiable information.”
The tool also covers other sensitive data covered by the California law, GDPR and other privacy regulations.