What percentage of access and deletion requests do healthcare companies deny each year?
Free Article Limit This Month
The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access and deletion requests that the business denied.1
A review of the websites of the Fortune 500 indicates that only one healthcare company disclosed its data subject request metrics. While the limited quantity of companies that reported metrics makes extrapolating trends or conclusions impossible, extrapolation is further complicated as the one company that reported its volume of access and deletion requests chose not to indicate the percentage of those requests that were granted or denied.
1 Cal. Code Regs. tit. 11, § 999.317(g) (2021).
ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.