“Our current team doesn’t have the bandwidth to prepare for CCPA, and we can’t afford to staff up a task force.”

“We contacted one of the big consulting firms and the price they quoted was outrageous.”

“We figure it’s more cost-efficient to ignore it and take our chances of getting hit with a fine.”

When we talk to companies about their plans to prepare for the California Consumer Protection Act (CCPA), these are just a few of the cost-based reasons they give for not implementing a readiness plan. Before making a financial decision on CCPA readiness, it’s important to consider the true costs of not taking action … and to understand that the cost of preparing may not be as high as you thought.

The high costs of doing nothing

When some companies run CCPA readiness through a cost-benefit analysis, they may define “costs” as potential fines they could face if the state discovered a violation or if California residents sued for damages following a data breach. While these potential monetary outlays are important considerations, they don’t cover the full spectrum of what a do-nothing strategy could cost the company. These costs include

  • Lost business opportunities: Firms have started requiring CCPA readiness as a condition for entering business partnerships.
  • Lost customers: Consumers are intensely aware of how providers are handling their personal data, and they may cut their ties with those who fail to comply with data privacy laws.
  • Damage to brand reputation: Your brand is continuously being judged in the always-on, always-connected “court” of social media. Brands who fail to comply with CCPA could see their online reputations suffer, and regaining public trust will not be a quick or easy task.
  • The even higher costs of “rush” readiness programs: If an “emergency” situation arises that requires you to become CCPA-ready within a short time frame, the cost of doing so will be considerably higher than it would have been if you had prepared in advance.
  • Lack of preparedness for future data privacy laws: More jurisdictions are enacting data privacy laws that mirror the GDPR/CCPA model, and we almost certainly will see a U.S. federal law in the near future. By preparing for CCPA now, you can lay a foundation that will give you a head start on preparing for future data privacy legislation.

How to get ready without breaking your budget

 Now for the good news: getting ready for CCPA doesn’t have to require a huge budget allocation. Before you start allocating funds, keep the following tips in mind:

  • Understand how the law applies to you: Taking time at the outset to understand the requirements and how they apply to you can save you time, effort, and money down the road.
  • Start with what you have: Chances are you already have many of the necessary structures, policies, and procedures in place to prepare for CCPA. Determine which assets you have and what you need to do to align them with the law’s requirements.
  • Prioritize your plan of action: Once you know what you have to do, identify the areas of greatest risk and address those first, then work your way down your list in order of priority.
  • Bring in help where you need it: Identify areas where bringing in outside resources could help you save time and money and make some inquiries.

Like what you see?

Paul Lee

Executive Team member Jill Reber is a nationally recognized expert on data privacy — particularly GDPR, CCPA, and other data protection laws — and has spoken on the topic at conferences sponsored by American Banker, International In-House Counsel Journal, and other national and international organizations.

Paul Lee

Executive Team member Kevin Moos is recognized for his experience with knowledge management systems. He has lent his expertise to several prestigious industry panels on enterprise content management and other topics.