美国网络隐私法规分析报告-培训课件外文版2024.5

DIGITAL

&

TRENDSOnlineprivacyregulationsintheUnitedStatesCHAPTER

01OverviewU.S.statesthathaveconsumerprivacylawssignedasofJuly2023U.S.signedconsumerprivacylaws2023,bystateConsumer

privacy

protection

lawCaliforniaConsumerPrivacyActCaliforniaPrivacyRightsActProposedin'18,effective-Jan1,'20Proposedin'20;fullyoperative-Jan1,'23Proposedin'21;effective-Jul1,'23Proposedin'22;effective-Jul1,'23Proposedin'23;effective-Jan.1,'26Proposedin'23;effective-Jan.1,'25Proposedin'23;effective-Oct.1,'24Proposedin'23,effective-Jul.1,'25Proposedin'23,effective-Jul1,'24Proposedin'22;effective-Dec31,'23Proposedin'21;effective-Jan1,'23ColoradoPrivacyActConnecticutDataPrivacyActIndianaConsumerDataProtectionActIowaConsumerDataProtectionActMontanaConsumerDataPrivacyActTennesseeInformationProtectionActTexasDataPrivacyandSecurityActUtahConsumerPrivacyActVirginiaConsumerDataProtectionAct4Description:AsofJuly2023,tenU.S.stateshadconsumerprivacylawssigned.California,thefirststatetodevelopaprivacybillin2018,hastwosuchlaws:theCaliforniaConsumerPrivacyAct(CCPA),whichhasbeeneffectivesinceJanuary2020,anditsamendment,theCaliforniaPrivacyRightsAct(CPRA),fullyoperativesinceJanuary2023.TheColoradoPrivacyActandConnecticutDataPrivacyActhavebeeneffectivesincethebeginningofJuly2023.ReadmoreNote(s):UnitedStates;July2023Source(s):IAPPStatelawsondataprivacyintheUnitedStatesasofJuly2023,byconsumerrightscoveredStateprivacylawsintheU.S.2023,byconsumerrightscoveredPrivacy

lawsRight

to

accessRight

to

correctRight

to

deleteRight

to

optCaliforniaConsumerPrivacyAct(effective-Jan1,'20)YesYesYesYesYesYesYesNoYesYesYesYesNoYesYesYesYesYesYesYesCaliforniaPrivacyRightsAct(fullyoperative-Jan1,'23)IncaseofaColoradoPrivacyAct(effective-Jul1,'23)IncasesofproadvertConnecticutDataPrivacyAct(effective-Jul1,'23)IncasesofproadvertIndianaConsumerDataProtectionAct(effective-Jan.1,'26)IncasesofproadvertIowaConsumerDataProtectionAct(effective-Jan.1,'25)MontanaConsumerDataPrivacyAct(effective-Oct.1,'24)YesIncasesofproadvert5Description:AsofJuly2023,10statesintheU.S.hadstate-levelprivacylawssigned.Whilethecorecontentwasmainlysimilarintheseregulations,theydifferedincoveringcertainconsumerrights.Allsignedlawsprotecttherightofaconsumertoaccesspersonalinformationcollectedbycompaniesandsharedwiththirdparties.Thefirststate-levelprivacylawproposedinCaliforniain2018hadgaps,asitdidnotreferencetheconsumer'srighttorequestacorrectionofincorrectoroutdated[...]

ReadmoreNote(s):UnitedStates;July2023Source(s):IAPPStatelawsondataprivacyintheUnitedStatesasofJuly2023,bybusinessobligationsStateprivacylawsintheU.S.2023,bybusinessobligationsPrivacy

lawsOpt-in

default

(requirementNotice/transparencyrequirementRisk

assesage)CaliforniaConsumerPrivacyAct(effective-Jan1,'20)16YesYesYesYesYesYesYesCaliforniaPrivacyRightsAct(fullyoperative-Jan1,'23)16Sensitivedata/13Sensitivedata/13Sensitivedata/13Sensitivedata/13Sensitivedata/13ColoradoPrivacyAct(effective-Jul1,'23)ConnecticutDataPrivacyAct(effective-Jul1,'23)IndianaConsumerDataProtectionAct(effective-Jan.1,'26)IowaConsumerDataProtectionAct(effective-Jan.1,'25)MontanaConsumerDataPrivacyAct(effective-Oct.1,'24)6Description:AsofJuly2023,10U.S.stateshadstate-leveldataprivacylawssigned.Whilethecorecontentwassimilarintheseregulations,theydifferedinaddressingcertainbusinessobligationsregardingdataprivacy.Accordingtoallstate-levellaws,businesseswereobligatedtonotifyconsumersaboutcertaindataprivacyoperations.Furthermore,accordingtoallsignedlaws,companiesarerequiredtotreatconsumersunderacertainagewithanopt-indefaultforthesaleoftheirpersonalinformation.

ReadmoreNote(s):UnitedStates;July2023Source(s):IAPPSelectedfederallawsfordataprivacyprotectionintheUnitedStatesasofJuly2023,byenactmentdateU.S.selectedfederallawsfordataprivacy2023,byenactmentdateDate

ofenactmentEnactedonSeptember27,'75EnactedonAugust21,'96PrivacyActof1974HealthInsurancePortabilityandAccountabilityAct(HIPAA)Children'sOnlinePrivacyProtectionAct(COPPA)Gramm-Leach-BlileyAct(GLBA)EnactedonOctober21,'98EnactedonNovember12,'997Description:AsofApril2023,theUnitedStateshadseveralfederallawsdedicatedtoprotectingdataprivacy.Eachofthem,though,coversoneorafewspecificareas.ThefirstonewasthePrivacyActof1974,whichcontrolsthedatacollectionandusebyfederalagenciesandwasenactedinSeptember1975.Thelawregulatingdataprivacyinthehealthcareindustry,theHealthInsurancePortabilityandAccountabilityAct(HIPAA),wasenactedonAugust21,1996.TheU.S.federallawprotectingthedata[...]ReadmoreNote(s):UnitedStates;April2023Source(s):ForbesActionstakentowardcompliancewithstatedataprivacylawsororganizationsintheUnitedStatesasofMay2022U.S.companiescomplianceactionstakenforstateprivacylaws2022ShareofrespondentsCompletedInprogressConsideringorplanningNotplanningatthistime20%

40%

60%Unsure0%80%100%9%

4%2%7%

5%2%120%Designateaninternalprojectmanagerorowner60%49%25%37%32%39%34%40%41%38%42%ConductdatamappingandunderstanddatapracticesacrosstheorganizationDevelopplatformsandsystemstoprocessandrespondtodataprivacyrightsrequests46%43%15%5%2%PlanandconductdataassessmentsEngageoutsidelegalcounceltoadviseonlegislativechangesandcomplianceUpdateprivacypolicies10%

7%1%43%14%7%2%41%11%

4%4%Setmetricsandspecificgoals/deadlinestotrackprogressDraftorupdateagreementswiththirdparties38%13%

5%3%37%14%14%8%

3%8%

3%Conductcomparisonofstateprivacylawframeworks34%8Description:AsurveyconductedfromApriltoMay2022foundthatsixin10organizationsintheUnitedStatesdesignatedaninternalprojectmanagerorownertomanagecompliancewithstate-levelprivacylaws.Aroundhalfoftheorganizationsconducteddatamappingandhadanunderstandingofdatapracticesacrosstheorganization.Afurther41percentsaidtheyupdatedprivacypolicies,while40percentsaidtheywereintheprocessofdoingso.

ReadmoreNote(s):UnitedStates;April20toMay5,2022;182respondents;companyrepresentatives;organizationsmayhaveheadquartersinseveralcountriesworldwideSource(s):WombleBondDickinsonLevelofpreparednessforstatedataprivacylawsamongcompaniesdoingbusinessintheUnitedStatesasofMay2023PrivacylawpreparednesslevelamongfirmsintheU.S.202350%45%45%40%35%30%25%20%15%10%5%36%13%6%0%VerypreparedModeratelypreparedSlightlypreparedNotprepared9Description:AsurveyconductedinAprilandMay2023amongtherepresentativesofcompaniesdoingbusinessintheUnitedStatesfoundthatlessthanhalf,only45percent,ofthecompaniesfeelverypreparedtocomplywiththestate-levelprivacylawsintheU.S.Afurther36percentbelievedtheyweremoderatelyprepared,while13percentsaidtheywerepreparedslightly.TheU.S.doesnothavecomprehensivedataprivacylegislation.However,somestateshavealreadysigned,andsomeareinthe[...]

ReadmoreNote(s):UnitedKingdom,UnitedStates;ApriltoMay2023;205respondents;companyrepresentatives;organizationsmayhaveheadquartersinseveralcountriesworldwideSource(s):WombleBondDickinsonPenaltiesunderGDPRfortransferringpersonaldataoutsidetheEuropeanUnionasofJuly2023FinesforpersonaldatatransfersoutsideEU2023Fine

in

euros12000000004300000MetaPlatformsIrelandLimited,Ireland(May2023)PortugueseNationalStatisticalInstitute,Portugal(Nov2022)BocconiUniversity,Italy(Sep2021)20000010Description:AsofJuly2023,threeorganizationshadreceivedfinesundertheEUGeneralDataProtectionRegulation(GDPR)fortransferringdataoutsidetheEuropeanUnion.Thehighestpenalty,withtheamountof1.2billioneuros,wasimposedonMetaPlatformsIrelandLimitedbytheIrishdataprivacyauthorityDataProtectionCommission(DPC).ReadmoreNote(s):Worldwide;July2023;finesbaseonviolationofArt.46GDPR;includesinsufficientlegalbasisfordataprocessingandnon-compliancewithgeneraldataprocessingprinciplesSource(s):GDPREnforcementTrackerImpactofconsumerdataprivacylawsontheabilityoforganizationintheUnitedStatesandUnitedKingdom(UK)totransferdatainternationallyasofMay2023PrivacylawsimpactonU.S.andUKcompaniestransferringdatainternationally2023ShareofrespondentsUK0%U.S.5%10%15%20%25%30%35%40%40%45%Regulationsaddextracostsbutaremanagable35%34%33%Regulationsencourageinternationalbusinessbyprovidingassurancethatdatawillbetreatedproperlyintheircountries16%15%Noimpact10%Regulationsaremajorimpedimenttocross-borderbusiness17%11Description:AsurveyconductedinAprilandMay2023revealedthataround35percentoforganizationsintheUnitedStatesand40percentoforganizationsintheUnitedKingdompayhighercostsforinternationaldatatransfersduetodataprivacyregulations,buttheyalsofinditmanageable.Furthermore,approximately35percentofrespondentsfrombothcountriesthinktheregulationsencouragebusinessesbyguaranteeingthatthedatawillbesafeguardedinothercountries.

ReadmoreNote(s):UnitedKingdom,UnitedStates;ApriltoMay2023;205respondents;representativesofcompanies;organizationsmayhaveheadquartersinseveralcountriesworldwideSource(s):WombleBondDickinsonCHAPTER

02Context:datacompromisesAnnualnumberofdatacompromisesandindividualsimpactedintheUnitedStatesfrom2005to2022Cybercrime:numberofcompromisesandimpactedindividualsinU.S.2005-2022DatacompromisesNumberofrecordsexposedinmillionsIndividualsimpactedinmillions3,0002,5002,0001,5001,0005002,541.072,227.851,8621,825.411,5061,8021,2791,1751,0991,108883.56783785656498662614471.23446447419422.14321318.28169.1310.12298.08222.5198157164.682019127.7200791.98

85.612013

201466.936.619.135.716.222.917.30200520062008200920102011201220152016201720182020

2021*

202213Description:In2022,thenumberofdatacompromisesintheUnitedStatesstoodat1802cases.Meanwhile,over422millionindividualswereaffectedinthesameyearbydatacompromises,includingdatabreaches,leakage,andexposure.Whilethesearethreedifferentevents,theyhaveonethingincommon.Asaresultofallthreeincidents,thesensitivedataisaccessedbyanunauthorizedthreatactor.ReadmoreNote(s):UnitedStates;2005to2022;datacompromisesincludedatabreaches,dataexposures,anddataleaks;individualsimpactedmaygobeyondtheUnitedStates;*Since2021,the"Numberofrecordsexposed"islistedas"Numberof[...]

ReadmoreSource(s):IdentityTheftResourceCenterTotalannualnumberofdatacompromisesintheUnitedStateshealthcaresectorfrom2005to2022NumberofdatacompromisesintheU.S.healthcaresector2005-2022450400350300250200398384373369344333330306275271165167150100501029970634416020052006200720082009201020112012201320142015201620172018201920202021202214Description:In2022,thereweremorethan340incidentsofdatacompromisesinthehealthcaresectorintheUnitedStates.Thisindicatesasignificantgrowthsince2005whentheindustrysawonly16casesofdatacompromisesinthecountry.In2019,thisnumberreacheditsall-timehighest,398intotal.ReadmoreNote(s):UnitedStates;2005to2022;*Datafrom2005to2018istakenfrompreviousreportsandreferstodatabreachesonly.Thesourceaddsthefollowinginformation:"DataCompromise-Theoveralltermusedtorefertoeventswhere[...]

ReadmoreSource(s):IdentityTheftResourceCenterNumberofcasesofdataviolationduetocyberattacksintheUnitedStatesfrom2020to2022,byindustryPrivatedataviolationincidentsintheU.S.2020-2022,byindustry202030613870202133027922218412579202234426824922410086HealthcareFinancialservicesManufacturingandutilitiesProfessionalservicesEducation14442Technology67GovernmentNon-profit/NGORetail476674318671531024465TransportationHospitality2136173334Unknown4Otheescription:In2022,thehealthcareindustryremainedthemosttargetedsectorbycyberattacksresultingindatacompromises.Forthethirdconsecutiveyear,theindustrysawmorethan300datacompromiseincidents,includingdatabreaches,dataexposure,anddataleaks.Inthelatestmeasuredyear,thesecondmosttargetedindustrywiththehighestnumberofdatacompromiseswasthefinancialservicessector,with268datacompromiseincidents.

ReadmoreNote(s):UnitedStates;2020to2022Source(s):IdentityTheftResourceCenterNumberofcasesofdataviolationduetocyberattacksinfinancialservicesindustryintheUnitedStatesfrom2019to2022DatacompromisesintheU.S.financialservicessector2019-2022300279268250200150100501721380201920202021202216Description:In2022,thenumberofdatacompromisesinthefinancialservicesindustryintheUnitedStatesreached268,upfrom138suchincidentsin2020.Thefinancialservicessectorwasthesecond-mosttargetedindustrybycybersecurityincidentsresultingindatacompromise.Thenumberofdatacompromisesincludesdatabreaches,aswellasexposureandleakageofprivatedata.

ReadmoreNote(s):UnitedStates;2019to2022Source(s):IdentityTheftResourceCenterMostsignificantcasesofpersonaldataviolationsintheUnitedStatesin2022,bynumberofvictims(inmillions)U.S.majordatacompromises2022,bynumberofvictimsNumberofindividualsaffectedinmillions50

1000150200250Twitter(Dec2022)Neopets221.5269AT&TData22.79CashAppInvesting,LLCBeetleEye8.27Twitter(Jan2022)5.493.773.763.373ReceiveablesPerformanceManagement,LLCFlexbookerEyeCareLeadersAdvocateAuroraHealth17Description:In2022,themostsignificantregisteredcaseofadatacompromiseintheUnitedStates,basedonthenumberofaffectedindividuals,wastheTwitterdatabreachincidentinDecemberofthatyear.Asaresultofthisincident,itisestimatedthatthee-mailaddressesofmorethan221millionuserswereleaked.Earlierthatyear,anotherdatabreachaccidenthappened,affectingTwitter.Thistime,theleakwasestimatedtohaveimpactedapproximately5.4millionTwitterusers.Thesecondmajor[...]

ReadmoreNote(s):UnitedStates;2022;aminimumestimate,datacompromiseincludedatabreached,exposures,anddataleakSource(s):IdentityTheftResourceCenterAnnualnumberofentitiesimpactedinsupplychaincyberattacksintheUnitedStatesfrom2017to2022U.S.numberofentitiesimpactedinsupplychaincyberattacks2017-20222,0001,8001,6001,4001,2001,0008001,743694600521400232200011910120172018201920202021202218Description:In2022,supplychaincyberattacksintheUnitedStatesimpacted1743entities.Thisisthehighestreportednumbersince2017.Inthelastmeasuredyear,thenumberofaffectedentitieshasincreasedbyapproximately235percentyear-over-year.Theimpactedentitieshaveaccesstomultipleorganizations'data,whichrepresentsasignificantriskfororganizations.ReadmoreNote(s):UnitedStates;2017to2022;estimatedminimum,includespersonaldatabreaches,exposures,anddataleaksSource(s):IdentityTheftResourceCenterAnnualnumberofdatacompromisesinthemanufacturingandutilitiesindustryintheUnitedStatesfrom2020to2022U.S.numberofdataviolationcasesinmanufacturingsector2020-20223002492502222001501007050020202021202219Description:In2022,therewere249casesofdatacompromiseinthemanufacturingandutilitiesindustryintheUnitedStates.Thisisasignificantincreasesince2020whenthenumberofpersonaldataviolationincidentsinthesectorwasonly70.Thecasesregisteredin2022impacted23.9millionpeople.ReadmoreNote(s):UnitedStates;2020to2022;includespersonaldatabreaches,exposures,anddataleaksSource(s):IdentityTheftResourceCenterCHAPTER

03EnforcmentandpenaltiesLawenforcementcasesagainstcompaniesviolatingdataprivacyregulationsintheUnitedStatesin2022and2023YTDDataprivacyandsecuritylawenforcementcasesintheU.S.2022-2023YTDCompany

nameEveralbum,Inc.Twitter,Inc.LastupdateMay5,'22May25,'22Jun.24,'22Aug.29,'22Dec.15,'22Jan.10,'23Jan.26,'23Feb.1,'23Feb.7,'23Mar2,'23CafePressKochava,Inc.BoostMyScoreLLCDrizly,LLC.CheggGoodRxHoldings,Inc.EpicGames,Inc.BetterHelp,Inc.EpicGamesInc.Edmodo,LLCRing,LLCMar.14,'23May22,'23May31,'2321Description:BetweenMay2022andJuly2023,theFederalTradeCommission(FTC)oftheUnitedStatestooklawenforcementactionsagainst17companiesfordataprivacyandsecurityviolations.ThelatestupdatedcasewaswithA.Thecompanyreceiveda25millionU.S.dollarpenaltyforviolatingtheChildren'sOnlinePrivacyProtectionActRule(COPPARule)andtrickingparentsandusersoftheAlexavoiceassistantserviceaboutitsdatadeletionpractices.ReadmoreNote(s):UnitedStates;2022and2023YTDSource(s):FederalTradeCommissionMonthlynumberofCaliforniaConsumerPrivacyAct(CCPA)filingsfromJanuary2020toFebruary2023MonthlynumberofCCPAfilings2020-20231817161412108151413121099999877666665555555544444333222111022Description:InFebruary2023,fivelawsuitcasesintheUnitedStatescitedtheCaliforniaConsumerPrivacyAct(CCPA).InJanuary2020,whenCCPAbecameeffective,therewasonesuchcase.Thenumberoffilingshadincreasedsincethen,reachingitspeakinAugust2021,when17newcasesnationwidementionedthelegislation.TheCCPAwasthefirstlegaldocumentintheUnitedStatesthatgaveconsumersaprivaterightofactionregardingprivacyanddataprotection.ReadmoreNote(s):UnitedStates;January2020toFebruary2023Source(s):PerkinsCoieCumulativenumberofCaliforniaConsumerPrivacyAct(CCPA)filingsfromJanuary2020toFebruary2023,byindustryCumulativenumberofCCPAfilings2020-2023,byindustryNumberoffilings051015202530354045FinanceSoftware/CloudHealthcare413226CommunicationFintech211212InsuranceSearch9MortgageservicingRetail77SocialmediaCybersecurityEntertainmentHealthandFitness655523Description:AsofFebruary2023,the41CaliforniaConsumerPrivacyAct(CCPA)caseswerefiledinthefinancesector.CCPAlawsuitfilingsrelatedtothesoftwareandcloudtechnologiesrankedsecond,with32cases,whilethehealthcaresectorfollowed,with26casescitingCCPA.Theregulation,whichcameintoeffectinJanuary2020,wasthefirstlegaldocumentintheUnitedStatesthatgaveconsumersaprivaterightofactionregardingprivacyanddataprotection.ReadmoreNote(s):UnitedStates;January2020toFebruary2023Source(s):PerkinsCoieChildren'sOnlinePrivacyProtectionAct(COPPA)enforcementcasesintheUnitedStatesfrom2018to2023YTD(inmillionU.S.dollars)COPPAfinesimposedagainstcompaniesintheUnitedStates2018-2023Company

and

date

offineRetina-XStudios,LLC.Oct.2019Fortnite(EpicGames),Dec.2022YouTube,Sep.2019Fine

in

million

U.S.

dollarsConsentagreement52017025Amazon,May2023Microsoft,Jun.202320Edmodo,May20236Musical.ly(TikTok),Feb.2019Oath(AOL),Dec.20185.74.953Recolor,Jul.2021OpenX,Dec,20212WWInternationalandKurboInc.,Feb.2022VTech,Feb.20181.50.650.5ExploreTalent,Feb.201824Description:Between2018andJuly2023,16companieswereissuedfineswithdisclosedamountsforviolationoftheChildren'sOnlinePrivacyProtectionAct(COPPA).EpicGames,thepopularFortnitevideogamedeveloper,receivedthemostsignificantpenaltyforCOPPAviolationinDecember2022.TheFederalTradeCommission(FTC)oftheU.S.issueda520millionU.S.dollarfineforfailingtonotifyparentsandobtainconsentbeforecollectingpersonalinformationfromchildrenunder13.[...]

ReadmoreNote(s):UnitedStates;2018to2023YTD;caseswithdisclosedfinesSource(s):PRIVOCHAPTER

04CompanypreparednessGeneralDataProtectionRegulation(GDPR)preparednessamongcompaniesintheUnitedStatesasof4thquarter2022GDPRpreparednessamongU.S.companiesQ42022GDPR(automation)8.78%GDPR(manual)91.22%26Description:Asofthefourthquarterof2022,morethan91percentofcompaniesintheUnitedStateslegallyexpectedtocomplywiththeGeneralDataProtectionRegulation(GDPR)wereunderpreparedtomeettheprivacylegislation.Thecompanieswereusingmanualservicesthatweremostlikelytocauseerrorsandwereexpensiveatthesametime.ReadmoreNote(s):UnitedStates;Q42022;11,348respondents;amongmidtolargeenterpriseswithrevenuesfrom25milliontomorethan5billionU.S.dollarsSource(s):CytrioGeneralDataProtectionRegulation(GDPR)readinessamongcompaniesintheUnitedStatesasof4thquarter2022,bycompanytypeGDPRpreparednessamongU.S.companiesQ42022,bycompanytypeGDPR(automation)91.97%GDPR(manual)100%90%80%70%60%50%40%30%20%10%0%93.12%8.03%6.88%B2CCompaniesB2BCompanies27Description:Asofthethirdquarterof2022,approximately93percentofU.S.B2BcompanieslegallyexpectedtocomplywiththeGeneralDataProtectionRegulation(GDPR)wereunderpreparedtomeettheprivacylegislation.Thecompanieswereusingmanualservicesthatweremostlikelytocauseerrorsandwereexpensiveatthesametime.AmongB2Ccompanies,nearly92percentprovidedonlymanualmechanismsofprivacyrightsmanagement.Incomparison,B2Bcompaniesweremorelikelyto[...]

ReadmoreNote(s):UnitedStates;Q42022;1,246*;amongmidtolargeenterpriseswithrevenuesfrom25milliontomorethan5billionU.S.dollarsSource(s):CytrioCaliforniaConsumerPrivacyAct(CCPA)readinessamongcompaniesintheUnitedStatesasof4thquarter2022CCPAreadinessamongU.S.companiesQ42022Compliant(automation)8.22%Non-compliant53.2%ManualCompliance38.58%28Description:Asofthefourthquarterof2022,approximatelyeightpercentofU.S.companieslegallyexpectedtocomplywiththeCaliforniaConsumerPrivacyAct(CCPA)werefullycompliantwiththelegislation.Another40percentofcompaniesprovidedmanualprocessestocomplywithCCPA,whileover52percentwerenon-compliant.ReadmoreNote(s):UnitedStates;Q42022;11,358respondents;amongmidtolargeenterpriseswithrevenuesfrom25milliontomorethan5billionU.S.dollarsSource(s):CytrioCaliforniaConsumerPrivacyAct(CCPA)readinessamongcompaniesintheUnitedStatesasof4thquarter2022,bycompanytypeCCPAreadinessamongU.S.companiesQ42022,bycompanytypeCompliant(automation)Partiallycompliant(manual)Non-compliant60%50%40%30%20%10%0%54.76%51.17%39.9%37.71%8.93%7.53%B2CCompaniesB2BCompanies29Description:Asofthefourthquarterof2022,only8.93percentofB2CcompaniesintheUnitedStatesthatwerelegallyexpectedtocomplywiththeCaliforniaConsumerPrivacyAct(CCPA)werefullycompliantwiththeprivacylegislation.Approximately42percentofB2Ccompanieswerepartiallycompliant,whichmeanstheyusedmanualsettings.Furthermore,around48percentdidnotprovidecompliancemechanisms.InthecaseofB2Bcompanies,therewasasimilarsituation,withamore[...]

ReadmoreNote(s):UnitedStates;Q42022;11,348*;amongmidtolargeenterpriseswithrevenuesfrom25milliontomorethan5billionU.S.dollarsSource(s):CytrioCaliforniaConsumerPrivacyAct(CCPA)readinessamongcompaniesintheUnitedStatesasof4thquarter2022,bycompanysizeCCPAreadinessamongU.S.companiesQ42022,bycompanysizeMid-sizedcompaniesLargecompanies60%50%40%30%20%10%0%54.73%51.02%39.15%38.18%9.84%7.09%Compliant(automation)ManualcomplianceNon-compliant30Description:Asofthefourthquarterof2022,onlyaroundsevenpercentoftheresearchedmid-sizedcompaniesintheUnitedStateslegallyexpectedtocomplywiththeCaliforniaConsumerPrivacyAct(CCPA)werefullycompliantwiththelegislation.Thoserelyingonmanualprocesseswereapproximately38percent,whilearound55percentdidnotprovidecompliancemechanisms.Largecompanies,ontheotherhand,weremorepreparedfortheCCPA,withnearlytenpercentprovidingcompliant[...]

ReadmoreNote(s):UnitedStates;Q42022;11,358respondents;amongmidtolargeenterpriseswithrevenuesfrom25milliontomorethan5billionU.S.dollarsSource(s):CytrioCHAPTER

05PrivacylawcomplianceLevelofconcernamongorganizationsintheUnitedStatesandtheUnitedKingdom(UK)regardingselecteddataprivacyissuesasofMay2023DataprivacyissuesconcernamongU.S.andUKcompanies20231

-

Low

levelofconcern212%14%3

-

Medium

levelofconcern429%29%5

-

High

levelofconcernDatabreaches/cybersecurity8%16%20%35%26%Litigation/regulatoryenforcementaction11%Lossofcustomerloyalty/trust(ifperceivedtonotberespectingtheirprivacy)13%19%20%25%23%Notfullyutilizingourdatatomaximizesales/revenue14%10%17%15%22%29%24%26%23%20%Costofcompliancewithprivacylaws32Description:AsurveyconductedinAprilandMay2023revealedthataroundaquarterofUnitedStatesandUnitedKingdomorganizationswerehighlyconcernedaboutdataprivacylawenforcementinvolvingtheircompany.Afurther35percentwereworriedaboutdatabreachesandothercybersecurityincidents.Dealingwithhighcostsofprivacylawcompliancewasaconcernforapproximately20percentoftherespondents.ReadmoreNote(s):Un