Home News California Consumer Privacy Act Puts Additional Pressure on Financial Organizations

California Consumer Privacy Act Puts Additional Pressure on Financial Organizations

California Consumer Privacy Act, Hanna Andersson to Pay $400K to Settle CCPA-related Class-Action Lawsuit

A survey from cybersecurity firm Netwrix revealed that the execution of the California Consumer Privacy Act (CCPA) will put additional pressure on IT resources and expenses, and especially on financial organizations. The survey “2020 Data Risk & Security Report” stated that 32% of financial organizations witnessed an increase in data subject access rights requests (DSARs) since the CCPA came into effect, which was on January 1, 2020.

According to the survey, nearly 73% of financial organizations are already under pressure to satisfy data subject rights requests, and 27% of them reported these requests have increased their expenses. It takes more than two weeks for organizations to fulfill a single data subject request and costs an average of $1,400, if done manually. This brings many financial organizations to put additional workforce and budget to ensure compliance with the CCPA.

“Organizations are investing more than ever in cybersecurity, yet data breaches and other security incidents are continuing to increase in both number and size. First, while security professionals successfully mitigate security issues at some of the six stages of the data lifecycle, they often overlook other stages, leaving their organization’s content vulnerable. In addition, security professionals generally know very little about what data they have, how sensitive it is, where it is stored, and who has access to it,” the report said.

Other findings from the research include:

  • 33% of financial organizations discovered sensitive or regulated customer data outside of designated secure locations.
  • 40% of respondents admitted their IT teams granted direct access to sensitive data based solely on a user’s request in the past 12 months.
  • 75% of financial organizations that classify data can detect data misuse in minutes, while those who don’t usually need days (43%) or months (29%).
  • 61% of organizations that are subject to the GDPR collect more customer data than the law permits.
  • 54% of organizations ignore the security best practice of reviewing access rights to data on a regular basis.
  • 70% of incidents of unauthorized data sharing within this vertical led to data compromise.
  • 44% of CISOs and CIOs don’t have or don’t know whether they have KPIs for IT security and risk.

Steve Dickson, CEO of Netwrix, said, “While organizations are unlikely to be flooded with data subject access requests on July 2, they do need to be prepared to process requests accurately and promptly. One missed deadline or incompletely fulfilled request could result in a thorough audit from the authorities and sizable fines. To ensure compliance while controlling costs and relieving the burden on IT, financial organizations need to automate the DSAR process.”