Forty-six percent of U.S. employees have never heard of the CCPA, according to MediaPRO’s 2019 Eye on Privacy Report.  

Passed last year and going into effect in January 2020, the CCPA has been referred to as a U.S. General Data Protection Regulation (GDPR) for its scope and focus on data rights. Privacy experts expect the law to apply to more than 500,000 U.S. companies. The 2019 Eye on Privacy Report findings suggest that raising employee awareness should play a key role in preparing for this new regulation.

Data Privacy and the Public

The survey tested knowledge on data privacy best practices and privacy regulations in addition to gauging opinions on a variety of different privacy topics such as potential privacy incidents, what qualifies as sensitive data, how comfortable respondents were with mobile device apps having specific permissions and the most serious threats to the security of sensitive data. 

Additional findings from the report include:

  • 58 percent of employees say they had never heard of the PCI Standard, a global set of payment card industry (PCI) guidelines that govern how credit card information is handled.
  • 12 percent of employees say they were unsure if they should report a cybercriminal stealing sensitive client data while at work.
  • Technology sector employees are least likely to identify and prioritize the most sensitive information. For example, 73 percent of those in the tech sector ranked Social Security numbers as most sensitive, compared to 88 percent of employees in all other industries ranking this type of data as most sensitive. 
  • Employees are more comfortable with a mobile device app tracking their device’s location than with an app accessing contact and browser information, being able to take pictures and video and posting to social media.
  • Theft of login credentials is considered the most serious threat to sensitive data, with disgruntled employee stealing data and phishing emails coming next.

The findings give weight to the vital role employees play in a strong data privacy posture and the continuing need for privacy awareness training in protecting sensitive information. Working toward a “business-as-usual” approach to data privacy, with best practices embedded into all employee actions, is increasingly becoming a must for companies of all sizes.