Press release

Report: Nearly Half of U.S.-based Employees Unfamiliar with Looming California Consumer Privacy Act (CCPA)

Sponsored by Businesswire

With the impacts and repercussions of the looming California Consumer
Privacy Act (CCPA) on the minds of many privacy professionals, new
research from MediaPRO shows more work is needed to train U.S. employees
of this first-of-its-kind privacy regulation.

MediaPRO’s 2019
Eye on Privacy Report
reveals 46 percent of U.S. employees have
never heard of the CCPA,
which sets specific requirements for the management of consumer data for
companies handling the personal data of California residents.

Passed last year and going into effect in January 2020, the CCPA has
been referred to as a U.S. General Data Protection Regulation (GDPR) for
its scope and focus on data rights. Privacy experts expect the law to
apply to
more than 500,000 U.S. companies
. The 2019
Eye on Privacy Report
findings suggest that raising employee
awareness should play a key role in preparing for this new regulation.

Data Privacy and the Public

The CCPA awareness findings come from MediaPRO’s 2019 Eye on Privacy
, a survey of more than 1,000 U.S.-based employees. The survey
tested knowledge on data privacy best practices and privacy regulations
in addition to gauging opinions on a variety of different privacy topics.

The survey presented participants with questions concerning when to
report potential privacy incidents, what qualifies as sensitive data,
how comfortable respondents were with mobile device apps having specific
permissions, and the most serious threats to the security of sensitive

Additional findings from the report include:

  • 58 percent of employees said they had never heard of the PCI Standard,
    a global set of payment card industry (PCI) guidelines that govern how
    credit card information is handled.
  • 12 percent of employees said they were unsure if they should report a
    cybercriminal stealing sensitive client data while at work.
  • Technology sector employees were least likely to identify and
    prioritize the most sensitive information. For example, 73 percent of
    those in the tech sector ranked Social Security numbers as most
    sensitive, compared to 88 percent of employees in all other industries
    ranking this type of data as most sensitive.
  • Employees were more comfortable with a mobile device app tracking
    their device’s location than with an app accessing contact and browser
    information, being able to take pictures and video, and posting to
    social media.
  • Theft of login credentials was considered the most serious threat to
    sensitive data, with disgruntled employee stealing data and phishing
    emails coming next.

The findings give weight to the vital role employees play in a strong
data privacy posture and the continuing need for privacy awareness
training in protecting sensitive information. Working toward a
“business-as-usual” approach to data privacy, with best practices
embedded into all employee actions, is increasingly becoming a must for
companies of all sizes.

“We’re at a pivotal time in history for privacy, and more people than
ever are paying attention to privacy and data protection,” MediaPRO’s
Chief Learning Officer Tom Pendergast said. “Some of our survey results
might make you think that people are starting to get it—but until
everybody gets it, we in the privacy profession really can’t rest. In
today’s world, protecting personal information really is
everyone’s responsibility, and that’s why it’s up to us to champion
year-round privacy awareness training programs that aim to create a
risk-aware culture.”

To download the full report, visit:

Survey Methodology

MediaPRO used an online survey-response-gathering tool to survey 1,004
U.S. employees on their knowledge and opinions concerning data privacy
best practices, corporate data protection policies, and both national
and global regulations. All respondents were based in the U.S., 18 years
or older, and employed. The survey asked both opinion-based and
scenario-based questions in which respondents were asked to choose the
best option. Each question dealt with a different aspect of data privacy
knowledge or a privacy best practice. The survey was conducted in April

About MediaPRO

MediaPRO security and privacy training solutions are used by
organizations of all sizes to protect sensitive data, demonstrate
compliance, and reduce the risk to their reputation and bottom line.
With MediaPRO, it’s easy to keep employees engaged and track program
effectiveness. Unlike phishing-focused security awareness training
solutions, MediaPRO covers security, privacy, and compliance so you can
address a more complete threat landscape. Whether you’re looking to more
effectively demonstrate compliance, stop phishing attacks, or want a
best-in-class security awareness program, MediaPRO makes training fun,
fast, and impactful. MediaPRO has been named a leader in Gartner’s Magic
Quadrant for Security Awareness Computer-based Training for five years
in a row. For more information, please visit,
or follow MediaPRO on LinkedIn,
and Twitter.