A recent study conducted by the University of California, Irvine revealed that nearly half of California’s registered data brokers may be violating the California Consumer Privacy Act (CCPA). The legislation requires companies to give consumers access to or delete personal data upon request and mandates that data brokers verify identity, acknowledge requests within 10 business days and respond within 45 calendar days.

In an interview with the Daily Journal, Regulatory partner Shruti Bhutani Arora praised the CCPA, describing it as a landmark in privacy protection.

“It made privacy accessible to individuals in unprecedented ways. Before the CCPA, the U.S. had nothing comparable,” Bhutani Arora said. “The CCPA stands alone in extending to HR and workplace contexts—it doesn’t exclude employee, contractor or other workplace data. This makes it wide-reaching legislation.”

In light of the study’s findings, there is growing momentum for stronger regulatory enforcement.

“California continues building on this foundation, passing laws governing specific privacy aspects and automated decision-making,” she added. “California was groundbreaking in defining how online tracking technologies essentially ‘sell’ your data. The state adapts continuously to rapidly changing data processing practices.”

Click here to read more (subscription required).