The review, released publicly by California’s Department of Finance, provided a broad range for the potential costs companies could face to become and stay compliant with the California Consumer Privacy Act (CCPA) if signed into law by Democratic Governor Gavin Newsom.
On the low end, the researchers estimated that firms with fewer than 20 employees might have to pay around $50,000 at the outset to become compliant. On the high end, firms with more than 500 employees would pay an average of $2 million in initial costs, the researchers estimated. The $55 billion researchers estimated companies will initially pay to become compliant is equivalent to about 1.8% of California’s Gross State Product in 2018, according to the report.
In addition, total compliance costs for all companies subject to the law could range from $467 million to more than $16 billion over the next decade, according to the report.
The assessment comes as amendments to the CCPA are nearing final approval this month. The law is set to go into effect on Jan. 1, 2020. The attorney general’s office is tasked with defining regulations that will help companies understand the steps they need to take to comply.
The bill grants rights to California residents to be informed about how companies collect and use their data, and allows them to request their personal data be deleted, among other protections. The law would apply to all businesses in the state that generate annual gross revenue over $25 million; derive at least half of their annual revenue from selling customers’ personal information; or that buy, sell or share personal information from at least 50,000 consumers, households or devices. Researchers estimated that as many as 75% of California businesses earning less than $25 million in revenue would be impacted by the legislation.
Lawmakers in Washington, D.C. are closely watching the legislation as they consider a federal privacy law. As states begin to take on their own privacy legislation efforts, tech executives like Facebook CEO Mark Zuckerberg have advocated for creating a nationwide policy. Setting one legal standard would likely be less costly and complicated for tech firms than a piecemeal approach to compliance.
Businesses operating in California could have a head start on tackling compliance costs should other state laws or a national policy take effect, according to the report. In the meantime, relatively few businesses will be hurt by having to compete with other firms that are not subject to California’s protections.
California’s legislation borrows some elements from Europe’s General Data Protection Regulation, which went into effect last year. Since many businesses in California that operate in Europe already had to make changes to comply with the GDPR, the report’s authors said compliance costs for California’s law would be reduced. The EU estimated average incremental compliance costs for the GDPR would total about 5,700 Euros a year (nearly $6,300), according to the report, though there is also evidence the regulation “reduced firm productivity in sectors that rely heavily on data.”
For access to live and exclusive video from CNBC subscribe to CNBC PRO:
» Subscribe to CNBC TV:
» Subscribe to CNBC:
» Subscribe to CNBC Classic:
Turn to CNBC TV for the latest stock market news and analysis. From market futures to live price updates CNBC is the leader in business news worldwide.
Connect with CNBC News Online
Get the latest news:
Follow CNBC on LinkedIn:
Follow CNBC News on Facebook:
Follow CNBC News on Twitter:
Follow CNBC News on Instagram:
#CNBC
#CNBC TV
0 Comments