The final enforcement of the California Consumer Privacy Act (CCPA) starts on July 1, 2020. But it is expected to put further pressure on the overstretched IT resources and budgets – according to a new study.
Netwrix, the cybersecurity firm, has recently published its “2020 Data Risk & Security Report”, focused on financial organizations. It was found that nearly 73% of the organizations, especially their IT teams, are under pressure to persuade requests for data subject rights. Another 27% of the financial firms reported that the increasing interest in privacy rights execution has led to a surge in their operational expenses.
The Rise in Data Subject Access Rights (DSARs)
Earlier Gartner had clarified that most organizations fulfilling a single DSAR request take about two or more weeks and costs $1,400 (on average) if done manually. Hence, it is clear that the financial organizations that are going through tough times, would require more workforce and allocate additional budget – to ensure compliance with the CCPA. As per the Netwrix study, about 32% of the financial companies have experienced an increase in their data subject access rights requests. This is linked with the CCPA compliance that went into effect on January 1, 2020.
Basically, the security experts are now under pressure to make sure that personal data processed is brought under control. However, this is tricky and expensive to manage them all without technology aid – thus, the demand for AI-powered applications is also increasing.
Some principal findings from the study are –
- Nearly 33% of organizations found sensitive or regulated customer data that were out of designated secure locations.
- About 40% of the respondents agreed their IT teams approved direct access to sensitive data in the past 12 months. This was solely based on the users’ requests.
- Around 75% of the organizations that classify data can identify data misuse in minutes and those who don’t generally require days (43%) or months (29%).
- About 70% of the unauthorized data sharing events in this vertical ushered data compromise.
- Around 44% of CISOs and CIOs either do not have or do not know if they have KPIs for IT security and risk management.
As cited by Steve Dickson, CEO at Netwrix in the company blog post, “While organizations are unlikely to be flooded with data subject access requests on July 2, they do need to be prepared to process requests accurately and promptly. One missed deadline or incompletely fulfilled request could result in a thorough audit from the authorities and sizable fines…To ensure compliance while controlling costs and relieving the burden on IT, financial organizations need to automate the DSAR process.”