Report: Nearly Half of U.S.-based Employees Unfamiliar with Looming California Consumer Privacy Act (CCPA)

CCPA awareness results part of the latest Eye on Privacy Report, which surveyed employee knowledge of data privacy best practices

BOTHELL, Wash.–(BUSINESS WIRE)–With the impacts and repercussions of the looming California Consumer Privacy Act (CCPA) on the minds of many privacy professionals, new research from MediaPRO shows more work is needed to train U.S. employees of this first-of-its-kind privacy regulation.

MediaPRO’s 2019 Eye on Privacy Report reveals 46 percent of U.S. employees have never heard of the CCPA, which sets specific requirements for the management of consumer data for companies handling the personal data of California residents.

Passed last year and going into effect in January 2020, the CCPA has been referred to as a U.S. General Data Protection Regulation (GDPR) for its scope and focus on data rights. Privacy experts expect the law to apply to more than 500,000 U.S. companies. The 2019 Eye on Privacy Report findings suggest that raising employee awareness should play a key role in preparing for this new regulation.

Data Privacy and the Public

The CCPA awareness findings come from MediaPRO’s 2019 Eye on Privacy Report, a survey of more than 1,000 U.S.-based employees. The survey tested knowledge on data privacy best practices and privacy regulations in addition to gauging opinions on a variety of different privacy topics.

The survey presented participants with questions concerning when to report potential privacy incidents, what qualifies as sensitive data, how comfortable respondents were with mobile device apps having specific permissions, and the most serious threats to the security of sensitive data.

Additional findings from the report include:

  • 58 percent of employees said they had never heard of the PCI Standard, a global set of payment card industry (PCI) guidelines that govern how credit card information is handled.
  • 12 percent of employees said they were unsure if they should report a cybercriminal stealing sensitive client data while at work.
  • Technology sector employees were least likely to identify and prioritize the most sensitive information. For example, 73 percent of those in the tech sector ranked Social Security numbers as most sensitive, compared to 88 percent of employees in all other industries ranking this type of data as most sensitive.
  • Employees were more comfortable with a mobile device app tracking their device’s location than with an app accessing contact and browser information, being able to take pictures and video, and posting to social media.
  • Theft of login credentials was considered the most serious threat to sensitive data, with disgruntled employee stealing data and phishing emails coming next.

The findings give weight to the vital role employees play in a strong data privacy posture and the continuing need for privacy awareness training in protecting sensitive information. Working toward a “business-as-usual” approach to data privacy, with best practices embedded into all employee actions, is increasingly becoming a must for companies of all sizes.

“We’re at a pivotal time in history for privacy, and more people than ever are paying attention to privacy and data protection,” MediaPRO’s Chief Learning Officer Tom Pendergast said. “Some of our survey results might make you think that people are starting to get it—but until everybody gets it, we in the privacy profession really can’t rest. In today’s world, protecting personal information really is everyone’s responsibility, and that’s why it’s up to us to champion year-round privacy awareness training programs that aim to create a risk-aware culture.”

To download the full report, visit:

Survey Methodology

MediaPRO used an online survey-response-gathering tool to survey 1,004 U.S. employees on their knowledge and opinions concerning data privacy best practices, corporate data protection policies, and both national and global regulations. All respondents were based in the U.S., 18 years or older, and employed. The survey asked both opinion-based and scenario-based questions in which respondents were asked to choose the best option. Each question dealt with a different aspect of data privacy knowledge or a privacy best practice. The survey was conducted in April 2019.

About MediaPRO

MediaPRO security and privacy training solutions are used by organizations of all sizes to protect sensitive data, demonstrate compliance, and reduce the risk to their reputation and bottom line. With MediaPRO, it’s easy to keep employees engaged and track program effectiveness. Unlike phishing-focused security awareness training solutions, MediaPRO covers security, privacy, and compliance so you can address a more complete threat landscape. Whether you’re looking to more effectively demonstrate compliance, stop phishing attacks, or want a best-in-class security awareness program, MediaPRO makes training fun, fast, and impactful. MediaPRO has been named a leader in Gartner’s Magic Quadrant for Security Awareness Computer-based Training for five years in a row. For more information, please visit, or follow MediaPRO on LinkedIn, Facebook, and Twitter.


Danielle Ruckert, 206-607-1311
[email protected]