Californians Take Action with CCPA To Protect Their Privacy; Proprietary DataGrail Research Finds that 50% of Requests Made Are to Restrict the Sale of Personal Information

Research Shows Fraud is a Valid Concern, With Three in Ten Data Subject Requests (DSRs) Going Unverified

News provided by

DataGrail

Sep 15, 2020, 09:00 ET

SAN FRANCISCO, Sept. 15, 2020 /PRNewswire/ -- Today, DataGrail, a leading privacy management platform, released its Mid-Year CCPA Trends Report, which uncovers how the California Consumer Privacy Act (CCPA) is affecting consumers and businesses. The proprietary research finds that people are regularly opting-out of companies who sell their personal information, with "do-not-sell" being the most commonly exercised right, occurring nearly 50% of the time over access and deletion requests. DataGrail automates the process of fulfilling data subject requests (DSRs), giving it unique insight into the number of requests processed by companies.

DataGrail's CCPA H1 2020 Trends Report showing the breakdown of the types of CCPA requests made by Californians in H12020.
DataGrail's CCPA H1 2020 Trends Report showing the breakdown of the types of CCPA requests made by Californians in H12020.

Research Highlights Include:

  • Californians are exercising their CCPA rights to access & delete their data, and opt-out of their personal information being sold
    • Consumers opt-out of their personal information being sold most of the time — by nearly 2x. (48%)
    • Deletion requests make-up 31% of DSRs
    • Access requests make-up 21% of DSRs
  • B2C companies should prepare to process approximately 170 total DSRs per one million consumer records each year.
    • In 2020, B2C companies should plan to process 84+ DNS requests per million records.
  • In 2020, companies manually processing DSRs should expect to pay $240,000 per million records to fulfill requests.
  • 3 of every 10 DSRs will go unverified, confirming the need for a robust and scalable verification method to prevent fraud.
  • Approximately 40% of access requests were not verified, suggesting that concerns around fraudulent requests being made to steal personal data are valid.

83% of consumers expect to have control over how businesses use their data, and this research confirms that people are taking action to control their privacy by exercising rights provided by the CCPA.  Consumers are accessing their data (21%), deleting their data (31%) and requiring that businesses do-not-sell their personal information (48%). When CCPA went into effect in January 2020, DataGrail saw people exercise their rights immediately, with a surge of data subject requests (DSRs) going across its platform in January 2020. 

Since the initial surge, DSRs have stabilized around 13 DSRs per million records every month, a substantial rate which confirms that organizations need an established privacy program. Gartner data shows that manually processing a single DSR costs on average $1,406. At this rate, organizations can expect to spend almost $240,000 per million records to fulfill DSRs — if they are done manually. Additionally, organizations could find themselves on the hook for fines likely to appear in October (if CCPA follows the same timeline as GDPR).

Fraud is a top concern for organizations who process DSRs— no organization wants to send personal information to the wrong person or someone who might be impersonating one of their customers. DataGrail's Smart Verification technology tracks how many unverified (and potentially fraudulent) DSRs go through the platform. They also found that 3 out of every 10 DSRs will likely not be verified and could be fraudulent attempts at accessing or deleting data.

When breaking down unverified requests (access vs. deletion), the data shows that access requests (DSARs) make up 70% of the unverified requests. This finding offers validity to the concern that nefarious characters could be submitting access requests to gain access to another person's personal information.                                          

Methodology
DataGrail automates the process of fulfilling data subject requests (DSRs), which provides it a unique insight into the number of requests processed by companies. DataGrail examined the data subject requests it helped process on behalf of select B2C customers, with a substantial volume of privacy requests in the period January 1 to June 30th, 2020. This customer set had more than sixteen million consumer records, where a "consumer record" is defined as a single, individual record associated with a unique email address within a customer's database. To determine the cost of manually processing requests, DataGrail used Gartner's estimate that manually processing a single request costs $1,406. Gartner published this statistic after releasing details from its 2019 Gartner Security and Risk Survey in February 2020.

About DataGrail
DataGrail helps companies comply effortlessly with existing and emerging privacy laws, such as GDPR and CCPA. It was designed from the ground up to automate data discovery and streamline privacy programs to create less work for customers, while also ensuring a higher level of accuracy and reduced risk. DataGrail built its solution to directly integrate with an organization's internal databases and developed 250+ pre-built connectors with companies — such as Salesforce, Shopify, Adobe, AWS, Oracle, Okta, and many others.

These connections provide organizations with an accurate, real-time view of the internal systems and third-party applications used and all the personal data that maps onto each of those systems. DataGrail also allows customers to manage their privacy request workflows and email preferences across applications.

Contact: Alicia Divittorio, [email protected]

SOURCE DataGrail

Related Links

datagrail.io