Financial Organizations Face Increase in CCPA Compliance Workload and Expense

Netwrix survey reveals that 73% of financial organizations are already under pressure to satisfy data subject rights requests, and 27% of them report that this led to an increase in expenses.

Netwrix, a cybersecurity vendor that makes data security easy, today announced findings from its 2020 Data Risk & Security Report specifically for financial organizations. The report reveals that enforcement of the California Consumer Privacy Act (CCPA), which begins on July 1, 2020, is going to put additional pressure on already overstretched IT resources and budgets.

According to the survey, 32% of financial organizations have already seen an increase in data subject access rights requests (DSARs) since the CCPA came into force on January 1, 2020. The majority of respondents (73%) stated that manual processing of these requests puts significant or moderate pressure on their IT teams. Every fourth organization (27%) noted that rising interest in the execution of privacy rights has increased their expenses. 

Gartner warns that fulfilling a single request takes most organizations two or more weeks and costs an average of $1,400 if done manually. This means that many financial organizations, which are already facing tough times, will need to allocate additional workforce and budget to ensure compliance with the CCPA. 

Other notable findings of the report include:

  • 33% of financial organizations discovered sensitive or regulated customer data outside of designated secure locations.
  • 40% of respondents admitted their IT teams granted direct access to sensitive data based solely on a user’s request in the past 12 months.
  • 75% of financial organizations that classify data can detect data misuse in minutes, while those who don’t usually need days (43%) or months (29%).
  • 70% of incidents of unauthorized data sharing within this vertical led to data compromise. 
  • 44% of CISOs and CIOs don’t have or don’t know whether they have KPIs for IT security and risk.

“While organizations are unlikely to be flooded with data subject access requests on July 2, they do need to be prepared to process requests accurately and promptly. One missed deadline or incompletely fulfilled request could result in a thorough audit from the authorities and sizable fines. To ensure compliance while controlling costs and relieving the burden on IT, financial organizations need to automate the DSAR process,” said Steve Dickson, CEO of Netwrix. 

To get the complete findings of the 2020 Netwrix Data Risk & Security Report, visit https://www.netwrix.com/2020datariskandsecurityreport.html   

LEAVE A REPLY

Please enter your comment!
Please enter your name here