CCPA enforcement to put pressure on financial organizations’ IT resources
Enforcement of the California Consumer Privacy Act (CCPA), which begins on July 1, 2020, is going to put additional pressure on already overstretched IT resources and budgets, Netwrix reveals.
Increase in DSARs
According to the survey, 32% of financial organizations have already seen an increase in data subject access rights requests (DSARs) since the CCPA came into force on January 1, 2020.
73% of respondents stated that manual processing of these requests puts significant or moderate pressure on their IT teams. Every fourth organization (27%) noted that rising interest in execution of privacy rights has increased their expenses.
Gartner warns that fulfilling a single request takes most organizations two or more weeks and costs an average of $1,400 if done manually. This means that many financial organizations, which are already facing tough times, will need to allocate additional workforce and budget to ensure compliance with the CCPA.
Other findings
- 33% of financial organizations discovered sensitive or regulated customer data outside of designated secure locations.
- 40% of respondents admitted their IT teams granted direct access to sensitive data based solely on a user’s request in the past 12 months.
- 75% of financial organizations that classify data can detect data misuse in minutes, while those who don’t usually need days (43%) or months (29%).
- 70% of incidents of unauthorized data sharing within this vertical led to data compromise.
- 44% of CISOs and CIOs don’t have or don’t know whether they have KPIs for IT security and risk.
“While organizations are unlikely to be flooded with data subject access requests on July 2, they do need to be prepared to process requests accurately and promptly. One missed deadline or incompletely fulfilled request could result in a thorough audit from the authorities and sizable fines.
“To ensure compliance while controlling costs and relieving the burden on IT, financial organizations need to automate the DSAR process,” said Steve Dickson, CEO of Netwrix.