MediaPRO’s 2019 Eye on Privacy Report has found that 46 percent of U.S.-based employees are unfamiliar with the California Consumer Privacy Act (CCPA) AB375, which goes into effect in January 2020. Included within the framework of the act is the proviso that from January 1, 2020, any Californian resident will have legal right to ask any major firm in the U.S. what is being done with their data, and each company will have to respond within 45-days.
READ MORE: What the California Consumer Privacy Act means for business
The U.S. state of California has agreed to implement a new data privacy law, along the lines of a new regulation recently enacted in Europe (The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)). It is also possible that this legislation, given the size and impact of California, could trigger a U.S.-wide roll-out.
READ MORE: Why California’s data privacy law is set for U.S. roll out
Privacy experts expect the new law to apply to more than 500,000 U.S. companies. To assess how prepared companies are for the this major data privacy legislation, cybersecurity consultancy MediaPRO surveyed more than 1,000 U.S.-based employees in order to understand their knowledge on data privacy best practices and privacy regulations. This was in addition to gauging opinions of business executives on a variety of different privacy topics.
The survey found that in relation to the new act’s credit card information guidelines, 58 percent of business employees said they had not heard of the privacy requirements which are based on a global set of payment card industry (PCI) guidelines that govern how credit card information is handled.
In terms of cybercrime reporting, the poll showed that 12 percent of employees said they were unsure if they should report a cybercriminal stealing sensitive client data while at work. Theft of login credentials was considered the most serious threat to sensitive data, such as with disgruntled employee stealing data and phishing emails coming next.
In another area, technology sector employees were found to be those who were least likely to identify and prioritize the most sensitive information. With this, 73 percent of those in the technology sector ranked Social Security numbers as most sensitive, compared to 88 percent of employees in all other industries ranking this type of data as most sensitive.
A different types of data – GPS information – was considered less sensitive. For this data, employees indicated they were more comfortable with a mobile device app tracking their device’s location than with an app accessing contact and browser information, being able to take pictures and video, and posting to social media.