DataGrail recently released a mid-year report on trends related to the California Consumer Privacy Act (CCPA) and how it has affected consumers and businesses. The report indicates that consumers are regularly opting out of the sale of their personal information, with the “do not sell” right being the most exercised right, occurring 48 percent of the time, more than access rights (at 21 percent) and deletion requests (at 31 percent).

Overall, according to this report, about 83 percent of consumers expect to have control over how businesses use their data, and this research confirms that people are taking action to control their privacy by exercising rights provided by the CCPA. 

When the CCPA first went into effect in January 2020, DataGrail found that Californians began exercising those rights right away. In January 2020, there was actually a surge of individual requests to exercise their rights granted under the CCPA. Since that initial surge, such requests have leveled off at about 13 requests per million records every month. Data from a recent Gartner report show that the manual processing of one single request costs an average of $1,406. If companies continue to process these requests manually, that could be upwards of $240,000 per million records. It seems like a call for a standardized process that can be implemented by companies across the board to handle these requests more efficiently.

DataGrail also found that 3 out of 10 requests go unverified (i.e., no fraud detection for requests that might be made for purposes of stealing personal information). This again shows a need for a scalable verification process to prevent harm to consumers, which the CCPA aims to protect against.