SHARE

October 27, 2021

What percentage of access requests do retailers deny each year?

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all Law.com OnPractice content.
Register Now

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access requests that the business denied.1

Based upon a review of the websites of the Fortune 500, retailers denied on average 21.3% of the access requests that they received.2 It is important to note, however, that there may be little standardization between how companies count "denials." Specifically, it is possible that two retailers could respond to an access request in the same manner by providing some personal information to the requesting data subject, but not providing other information (e.g., information that might violate the privacy rights of third parties), and yet one retailer might report the request as "denied" due to the partial denial, and the other might report the same request as "not denied" due to the partial grant. Another possible explanation for the denial rate may be that some retailers appear to be denying access requests from residents of states other than California - i.e., those that do not have a right of access under the CCPA. Those retailers may be including those denials when reporting denial rates under the CCPA.


1 Cal. Code Regs. tit. 11, § 999.317(g) (2021).

2 Review was conducted in August of 2021.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

Proposed UCC Amendments to Article 12 Shed New Light on Transacting and Securing Interests in Digital Assets

By John B. Hutton III Greenberg Traurig December 07 , 2022

As we know it, the emerging practice of transacting in digital assets has developed into a mainstream fragment of the financial market ecosystem.

Certain Ukrainian and Afghan Parolees Employment Authorized Incident to Parole

By Linnea Porter Greenberg Traurig December 07 , 2022

Effective Nov. 21, 2022, USCIS announced that certain Afghan and Ukrainian beneficiaries paroled into the United States are employment authorized incident to parole.

Trade Secret Law Evolution Podcast Episode 51: The Sixth Circuit Analyzes Key Concepts in Trade Secret Law in Affirming Major Jury Verdict

By Jordan D. Grotzinger Greenberg Traurig December 02 , 2022

You are invited to listen to Episode 51 of Greenberg Traurig’s Trade Secret Law Evolution Podcast, "The Sixth Circuit Analyzes Key Concepts in Trade Secret Law in Affirming Major Jury Verdict."

More From Consumer Protection

Deadline: 'Old' Standard Contractual Clauses (SCCs) Expire Dec. 27, 2022

By Dr. Viola Bensinger Greenberg Traurig December 02 , 2022

After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA).

Can a business require a consumer to submit a declaration under penalty of perjury in order to prove their identity?

By David A. Zetoony Greenberg Traurig November 22 , 2022

The regulations implementing the CCPA require that a business verify the identity of a consumer that submits a specific-information access request to a “reasonably high degree of certainty.”

What is the difference between a category-level access request and a specific-information access request?

By David A. Zetoony Greenberg Traurig November 21 , 2022

The CCPA and its implementing regulations identify six types of information requests that a consumer can submit to a business.

Featured Stories
Closeclose
Search
Menu

Working...