DataGrail's 2024 Privacy Trends Report shows
246% boost in privacy requests since 2021 as consumers seek to
clear personal data online
Data Privacy request cost to businesses
increases 36%, estimated to reach $881,000 per year, per one million
identities
SAN
FRANCISCO, May 1, 2024 /PRNewswire/ -- Ahead of the
RSA conference, DataGrail (Booth #243), a leader in data privacy,
released its 2024 Data Privacy Trends Report, which
illustrates consumers' growing desire to take control over their
data and helps businesses understand what to expect amid the rising
demands. The findings reveal that Data Subject Requests (DSRs) —
formal requests made to a company by a person to access, delete or
request not to sell/share the personal data that the company holds
on them — increased by 32% from 2022 to 2023. Data deletion
requests were the most common type of DSR, on average accounting
for more than 40% of requests across businesses.
As data privacy requests increase, findings show increased
financial pressures on the brands processing them. According to
Gartner, a single access or deletion request costs around
$1,524 to complete. DataGrail's data
suggests that a company handling one million identities receives
578 access and data deletion requests in an average year, meaning
these DSRs could cost businesses nearly $1
million per year.
Privacy Trends 2024 Report Key Findings
- 2023 saw a 246% increase in the total volume of data privacy
requests compared to 2021. In 2021, there was an average of 248
DSRs per million identities, and 2023 reached 859 DSRs per million
identities.
- Access requests are on the rise, but data deletion requests
continue to dominate. Accounting for more than 40% of requests
on average across businesses, deletion outstripped all other types
of DSR for the third year in a row. Access requests increased most
significantly, booming by around 50% since 2022.
- Businesses are spending 36% more to meet the influx of
requests. Manual processing of DSRs were estimated to cost
businesses more than $881,000 per
year per million DSRs in 2023, compared to $648,000 in 2022.
- Consumers are automating "Do Not Sell / Share" preferences,
yet many businesses are not honoring their requests. 75% of
organizations are not up-to-date with using three or more cookie
trackers despite consumers not consenting to tracking via.
- In 2023, the DataGrail report estimated 80% of all DSRs came
from jurisdictions that didn't have privacy laws, evidence that
people around the world want more control over their personal
data.
"Control is the name of the game with data privacy right now,"
said DataGrail Co-founder and CEO, Daniel
Barber. "Consumers deserve to know where their personal data
is and how it's being used, and the increase in privacy requests
shows that in action. Consequently, businesses today are faced with
unprecedented responsibility – not only must they manage data
responsibly and effectively, but they also need to earn consumer
trust by giving them autonomy over their data."
Consumers expect privacy regardless of location or
legislation
While privacy laws have emerged in some states
and regions, data privacy requests come from virtually everywhere.
Nearly half (46%) of DSRs arrived from IP addresses located outside
of the U.S., Canada, the U.K., or
the EU, meaning the people making them were not necessarily covered
by strong privacy laws. In the U.S., 34% of requests were made by
people in states that didn't have privacy laws in effect.
"Consumers want more control over their data even if they don't
have legally protected privacy rights," added Barber. "No matter
where you're located, organizations need to take the proper steps
to ensure people trust you with their data."
Most businesses are not honoring GPC "Do Not Sell"
preferences: Unraveling the underlying risks
The Data
Privacy Trends 2024 Report uncovers how businesses respond to
Universal Opt Out Mechanisms (UOOMs) like Global Privacy Control
(GPC), which are supposed to enable consumers to automatically tell
businesses not to sell or share their personal data for
advertising.
DataGrail's research suggests that 75% of websites ignore GPC
requests, which means most businesses are not respecting people's
privacy requests. Some could be violating current laws or they are
unprepared for upcoming legal changes. In fact, prominent law firm
Gunderson & Dettmer recently reported a surge in privacy
lawsuits.
Ecommerce and marketing industries see the most data privacy
requests
Privacy requests are on the rise across all
industries, but the Ecommerce industry – defined in the report as
brands with a direct-to-consumer (D2C) relationship – received the
most DSRs (1,577 DSRs per million identities). This is indicative
of the volume of personal data collected in online marketing
campaigns. The Ecommerce industry also reflects the growing
"Wellness" market, which encompasses multi-level marketing (MLM)
companies and consumer health companies potentially carrying a lot
of sensitive data.
Marketing tech (Martech) companies, typically in a
business-to-business (B2B) setting experience the second-greatest
volume of privacy requests, likely linked to the data obtained
through online campaigns, surveys, customer relationship management
(CRM) tools and more.
Download the complete DataGrail 2024 Privacy Trends Report.
DataGrail will also be at RSA, visit the team at booth #0243.
Methodology
DataGrail analyzed the Data Subject
Requests (DSRs) it helped process on behalf of customers from
January 1 to December 31, 2023. The
customer set has more than 700 million records, where a "record" is
defined as a single, individual record associated with a unique
identifier within a customer's database. To determine the cost of
processing requests, DataGrail used Gartner's manual processing
estimate of $1,524 per DSR.
To normalize the data across various company sizes, DataGrail
calculated DSRs per one million identities. To account for
variability, DataGrail used a "10% trim mean" calculation to
determine benchmarks. The dataset includes DSRs submitted under the
California Consumer Privacy Act (CCPA) and General Data Protection
Regulation (GDPR), along with DSRs received in the U.S. and
globally that don't fall under those regulatory umbrellas. As a
United States-based company, with
primarily U.S.-based customers, DataGrail's dataset may skew toward
DSRs from the U.S.
About DataGrail
DataGrail is the data privacy company
for this era. We help brands minimize risk, stay a step ahead of
consumer and employee expectations, and safeguard their reputation.
Our complete, enterprise-grade data privacy platform is powered by
patented Risk Intelligence technology that detects shadow IT and
makes vulnerable data visible so brands can proactively manage
risk. Leveraging responsible automation at scale and the largest
integration network in data privacy, DataGrail automates privacy
workflows across systems to perform risk assessments, accelerate
data subject request (DSR) fulfillment, and optimize resources.
Headquartered in San Francisco,
the world's most trusted brands partner with DataGrail on their
data privacy journey, including Salesforce, FanDuel, Dexcom,
Databricks, Instacart, amongst others. It has 4.8/5 stars on G2 and
is backed by leading VCs and strategic investors, including Third
Point Ventures, Felicis Ventures, Next47, Cloud Apps Capital
Partners, Operator Collective, HubSpot, Okta Ventures, and American
Express Ventures. Visit www.datagrail.io or follow
DataGrail on Twitter and LinkedIn to learn more.
View original
content:https://www.prnewswire.com/news-releases/brace-for-pressure-datagrail-reports-worldwide-surge-in-data-privacy-requests-302132462.html
SOURCE DataGrail