18 March 2020

US companies lack resources to check on data privacy compliance, survey finds

Concept illustration depicting privacy

The far reaching California Consumer Privacy Act came into force this year

More than half of respondents unsure if they are fully compliant with new regulations

A significant proportion of large US companies say they don’t have the resources to ensure they are fully compliant with data privacy regulations, according to a new study by FTI Consulting.

Almost 60% of respondents said they are not equipped to properly assess their regulatory compliance, with tech and financial services companies being most at risk, the data showed.

The survey, entitled ‘Corporate Data Privacy Today: A Look at the Current State of Readiness, Perception and Compliance’, polled more than 500 leaders of large private-sector companies based in the US. Nearly every company that responded said they intend to ramp up spending on data privacy over the next year, with an average increase of 50%.

Jake Frazier, a senior managing director in FTI Consulting’s technology business, said: “Normally this level of budget increase is virtually unheard of, especially in an area long viewed as providing nominal business value. The fact that nearly all of the survey respondents plan to increase data privacy budgets, and most by a significant margin, indicates a major shift in thinking.”

Tougher data privacy laws in Europe and the US are making it harder for companies to keep pace with regulatory change, with a fifth of respondents saying they are impacted but not fully compliant with GDPR, and more than a quarter saying they are affected by but under-prepared for the California Consumer Privacy Act.

Four in every five organisations said they feel at risk of a data privacy crisis, with nearly 40% saying they are very vulnerable.

One reason why companies are planning to spend more on data privacy is the potential cost of a data breach. The survey showed that, on average, expected losses from a data privacy crisis would amount to $79m. 

More than half of respondents said they agree or strongly agree that their company is under more scrutiny now about how they manage their customer data.

Deana Uhl, a senior director at FTI Technology, said: “Consumers are going to be more aware of how their data is being used and increasingly ready to exercise the new rights and controls they have over it. Consumer concerns around privacy are on the rise. This will lead to an increase in data subject access requests, right of action claims and other activity related to consumer privacy rights.”

Further reading on data privacy

Total GDPR fines climb to €114m as companies struggle to comply with regime

GPR regime emerges as early candidate for post-Brexit divergence

Data ethics transforming privacy law after 'social media hangover'

Relief after ECJ backs global data transfers

Calling out e-privacy regulation shortcomings

Email your news and story ideas to: news@globallegalpost.com