May 16, 2022

Volume XII, Number 136

Advertisement
Advertisement

May 13, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

What Percentage of Access Requests Do Retailers Deny Each Year?

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access requests that the business denied.1

Based upon a review of the websites of the Fortune 500, retailers denied on average 21.3% of the access requests that they received.2 It is important to note, however, that there may be little standardization between how companies count “denials.” Specifically, it is possible that two retailers could respond to an access request in the same manner by providing some personal information to the requesting data subject, but not providing other information (e.g., information that might violate the privacy rights of third parties), and yet one retailer might report the request as “denied” due to the partial denial, and the other might report the same request as “not denied” due to the partial grant. Another possible explanation for the denial rate may be that some retailers appear to be denying access requests from residents of states other than California – i.e., those that do not have a right of access under the CCPA. Those retailers may be including those denials when reporting denial rates under the CCPA.

FOOTNOTES

1 Cal. Code Regs. tit. 11, § 999.317(g) (2021).

Review was conducted in August of 2021.

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 250
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement