January 31, 2023

Volume XIII, Number 31

Advertisement

January 31, 2023

Subscribe to Latest Legal News and Analysis

January 30, 2023

Subscribe to Latest Legal News and Analysis
Advertisement

CPRA’s effective date is around the corner… but how many businesses actually updated their privacy policies the first time for the CCPA?

In order to help businesses understand and benchmark industry practice, Greenberg Traurig attorneys analyzed the publicly available privacy policies of companies within the Fortune 500.[1] As of October 2022 – nearly two years after the CCPA took effect – 71% of companies had updated their privacy policies to account for the CCPA.[2] It is not clear whether the rate at which Fortune 500 companies updated their privacy policies is representative of the rate at which small, emerging, or mid-sized companies updated their privacy policies. As many smaller companies may not meet the de minimis threshold for complying with the CCPA, it is possible that fewer small companies have updated their privacy policies for the CCPA.


[1] Greenberg Traurig LLP reviewed the publicly available privacy policies and practices of 554 companies (the Survey Population). The Survey Population comprises companies that had been ranked within the Fortune 500 at some point in the past five years as well as additional companies selected from industries that are underrepresented in the Fortune 500. While the Survey Population does not fully match the current Fortune 500 as a result of industry consolidation and shifts in company capitalization, we believe that the aggregate statistics rendered from the Survey Population are representative of mature companies. Greenberg Traurig’s latest survey was conducted between September and October 2022.

[2] Note that whether a company updated its privacy policy for the CCPA is not necessarily indicative of whether the company is, or is not, complying with California privacy laws. For example, a company that has not updated its privacy policy for the CCPA, but is not subject to the statute (i.e., does not do business in California), would not be out of compliance.

©2023 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 322
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement