Amid the many challenges 2020 has thrown up, the business challenges expected for the year are also still a factor. That’s the case for companies across many sectors regarding privacy regulations, with the California Consumer Privacy Act (CCPA) put into effect this year.
With new regulations in the works in the United States and worldwide, a majority of companies expect to spend more on privacy in the coming year — despite the fiscal challenges COVID-19 has created across sectors. According to a survey released by Ethyca in July, three-quarters of companies are planning for increased security spending in 2021 due to increased regulations worldwide.
“The results of our survey reflect what we’re seeing on the ground: businesses really care about privacy and realise how crucial this will be to business going forward — both for consumer-facing business as well as B2B companies,” Ethyca CEO Cillian Kieran said in a media release.
CCPA Enforcement Has Begun
Ethyca, a software company focused on automated data privacy, surveyed 100 C-level executives and found that for half of them privacy is a bigger concern this year than in the last one. The executives flagged privacy concerns as key to customer trust and business reputation, with 76% of them saying privacy investment is a deciding factor for customers.
At the same time, 42% of respondents aren’t worried about fines under the data privacy laws California put into effect in January of this year, with enforcement beginning in July amid the ongoing COVID-19 pandemic.
That’s despite the penalties under that law, the California Consumer Privacy Act, being potentially steep for companies with thousands or millions of users. Under the CCPA, the state’s attorney general can seek civil penalties of $2,500 for each violation — or $7,500 each if the violations are intentional.
Several other states are considering data privacy laws of their own, so companies could soon be tasked with considering additional regulations in the expanding national and international patchwork of legislation when making plans for privacy investment.
“It can be very intimidating for companies to navigate brand-new regulations with looming deadlines for compliance and the increasing fragmentation of regulations across the world with a range of different requirements doesn’t make it any easier,” Kieran said in the release.
COVID-19 Privacy Challenges
This year’s privacy regulations aren’t the only factor C-level executives identified to explain their continued prioritization of privacy spending. According to almost 30% of those surveyed, the COVID-19 pandemic has increased the urgency in the handling of privacy issues for their business.
The year has presented new challenges for privacy and data management for many businesses. With employees working from home, many are remotely accessing data that would normally only be accessed on site. Others are working on personal equipment or over home network connections that may be less secure than those at their workplace.
That unexpected situation, coupled with new and upcoming privacy regulations and the fines they can bring, creates a risky situation for businesses that don’t continue to make investing in data privacy a priority.
Even in the earlier days of coronavirus-related shutdowns, increases in phishing, hacking and ransomware attacks were reported. For example, external attacks on cloud accounts grew by 630% from January to April 2020, with overall enterprise use of cloud services increasing by 50% over that period, McAfee found.
And in the coming months, data privacy will reach the attention of even more people beyond the C-suite. In California, a ballot initiative will be voted on in early November. If passed, the California Privacy Rights Act of 2020 (CPRA) would amend the CCPA and require businesses to once again evaluate their privacy spending priorities.