No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Survey: Leaders Claim to Be Ready for State Privacy Laws; Few Actually Are.

Risks regarding geolocation and biometric data among areas where companies report they lack progress

by Staff and Wire Reports
June 29, 2022
in Data Privacy
snooping on private data

With state laws looming, where do companies actually stand today? A Womble Bond Dickinson survey examined current corporate preparedness along with progress on steps to manage risk associated with geolocation and biometric data.

With new consumer privacy laws set to take effect in several states in 2023, nearly six in 10 executives say their organizations are very prepared to meet these requirements. Yet when asked about particular actions taken, less than half have completed key steps toward compliance.

That discrepancy is one of the key findings in 2022 State of US Data Privacy Law Compliance Survey Report, which draws on the insights of nearly 200 executives — 62 percent of whom hold C-suite titles — from company leadership and critical departments. In addition to providing a window into where companies stand in their data privacy compliance journeys, the report delves into two increasingly popular forms of consumer data collection: precise geolocation data and biometric information. 

The survey was designed and implemented by Womble Bond Dickinson, a transatlantic law firm with offices in 27 locations in the U.K. and U.S. 

State data privacy laws: preparedness and challenges

Five states — California, Colorado, Virginia, Utah and Connecticut — have now passed data privacy laws or amendments that will take effect in 2023, while several other states are weighing similar comprehensive legislation. 

Though 59 percent of executives say their companies are very prepared to meet the guidelines set forth by new privacy legislation — and 89 percent have increased their budgets to do so — less than half have completed most key compliance actions, including conducting data mapping (49 percent), performing data assessments (43 percent), and establishing metrics and deadlines to track compliance (38 percent).

“Companies often feel they are ready for compliance, but that optimism starts to fade when it comes to applying the often unsettled regulations and granular tactics they need to effectively prepare,” said Tara Cho, chair of Womble Bond Dickinson’s Privacy and Cybersecurity team. “The new requirements affect so many aspects of how companies do business that it can be challenging, particularly at the executive level, to make sure all the bases are covered.”

A large part of the problem is operational, which is exacerbated by the pandemic consuming a disproportionate amount of legal and IT resources. Respondents who do not feel their organizations are very prepared cite lack of available staff to address compliance (39 percent) and challenges around tracking the status of legislation and differences between state laws (60 percent).

The survey data also reveals potential issues in how companies assign primary responsibility for privacy compliance. Less than a third of those that have designated a project manager for data privacy compliance, or are in the process of doing so, have assigned the role to a member of the risk or compliance (18 percent) or legal (11 percent) departments. Most project leads reside in technology (56 percent) or information systems (14 percent).

“Preparing for these new laws, understanding the necessary policies, procedures, compliance and governance practices, is really a risk management and legal issue,” said Ted Claypoole, a partner at Womble Bond Dickinson with extensive experience in privacy and security issues. “Ideally, organizations would have a cross-functional task force that includes tech and compliance professionals, with a primary lead to ensure things get done.”

The growing risks posed by geolocation and biometric data collection

The growing ubiquity of smartphones and wearables offers significant opportunities for businesses but also potential challenges. More than 70 percent of executives say they are very (42 percent) or moderately (29 percent) concerned about state privacy laws that include specific restrictions on collecting and using precise consumer geolocation data for mobile tracking purposes. The primary concerns expressed by respondents center on securing consent from consumers to gather and apply this data (68 percent) and on defining the specific business purpose for such data applications (64 percent).

As for biometric data, while 59 percent of survey respondents are already using it and another 19 percent plan to do so, fewer than 60 percent of those respondents have assessed their risks (58 percent) or developed risk management strategies and compliance plans (55 percent). Even fewer have conducted internal training sessions (41 percent) or drafted notice templates (36 percent). 

With an uptick of complaints alleging violations of the Illinois Biometric Information Privacy Act and other states considering similar legislation, now is the time for companies that collect biometric data to conduct risk assessments and take steps to avoid potential enforcement actions and litigation.

Additional key findings

  • Retail and tech sectors are more concerned about data privacy compliance. Executives from these industries, who together comprised 47 percent of all respondents, expressed significantly more concern than their counterparts about several issues covered in the survey. For example, of those who fear enforcement actions related to geolocation data, 75 percent of retail executives say it is due to their industry being a likely target (compared to 57 percent of respondents overall). In addition, 33 percent of retail and tech executives say their organizations have increased their budgets for complying with new state privacy laws by 20 percent or more (compared to 24 percent of all respondents).
  • Nearly nine in 10 respondents support a federal data privacy law. Eighty-eight percent of executives would like to see a federal law that preempts individual state legislation and creates a consistent set of requirements – echoing the sentiments of corporate and technology trade groups concerned about a growing patchwork of state privacy laws.
  • Influence of consumer privacy-related requirements from tech companies. While respondents indicated that their privacy policies are more heavily influenced by state privacy legislation than requirements from tech companies, the latter holds more sway for companies in the tech and especially retail industries. One respondent said of the influence of tech companies: “We depend on those relationships, and we need to stay in compliance with their guidelines.”
Instant download: Read the complete report 

The survey was completed by 182 decision-makers who play an active role in data privacy issues across a range of departments within their organizations, including general management (17 percent), information systems and information technology (31 percent), privacy and security (19 percent), legal and compliance (18 percent), marketing (8 percent), and operations and finance (7 percent).


Tags: California Consumer Privacy Act (CCPA)GDPR
Previous Post

Where in the World Is Joe’s Blood?

Next Post

Big Benefits of Advanced Tech for FinCrime Compliance Don’t Kick in Until Silos Are Toppled

Staff and Wire Reports

Staff and Wire Reports

Related Posts

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
farm silo leaning over

Big Benefits of Advanced Tech for FinCrime Compliance Don’t Kick in Until Silos Are Toppled

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT