Ahead of the RSA conference, DataGrail (Booth #243), a leader in data privacy, released its 2024 Data Privacy Trends Report, which illustrates consumers' growing desire to take control over their data and helps businesses understand what to expect amid the rising demands. The findings reveal that Data Subject Requests (DSRs) — formal requests made to a company by a person to access, delete or request not to sell/share the personal data that the company holds on them — increased by 32% from 2022 to 2023. Data deletion requests were the most common type of DSR, on average accounting for more than 40% of requests across businesses
Data deletion requests were the most common type of DSR, on average accounting for more than 40% of requests across businesses
As data privacy requests increase, findings show increased financial pressures on the brands processing them. According to Gartner, a single access or deletion request costs around $1,524 to complete. DataGrail's data suggests that a company handling one million identities receives 578 access and data deletion requests in an average year, meaning these DSRs could cost businesses nearly $1 million per year.
Privacy Trends 2024 Report Key Findings
"Control is the name of the game with data privacy right now," said DataGrail Co-founder and CEO, Daniel Barber. "Consumers deserve to know where their personal data is and how it's being used, and the increase in privacy requests shows that in action. Consequently, businesses today are faced with unprecedented responsibility – not only must they manage data responsibly and effectively, but they also need to earn consumer trust by giving them autonomy over their data."
Consumers expect privacy regardless of location or legislationWhile privacy laws have emerged in some states and regions, data privacy requests come from virtually everywhere. Nearly half (46%) of DSRs arrived from IP addresses located outside of the U.S., Canada, the U.K., or the EU, meaning the people making them were not necessarily covered by strong privacy laws. In the U.S., 34% of requests were made by people in states that didn't have privacy laws in effect.
"Consumers want more control over their data even if they don't have legally protected privacy rights," added Barber. "No matter where you're located, organizations need to take the proper steps to ensure people trust you with their data."
Most businesses are not honoring GPC "Do Not Sell" preferences: Unraveling the underlying risksThe Data Privacy Trends 2024 Report uncovers how businesses respond to Universal Opt Out Mechanisms (UOOMs) like Global Privacy Control (GPC), which are supposed to enable consumers to automatically tell businesses not to sell or share their personal data for advertising.
DataGrail's research suggests that 75% of websites ignore GPC requests, which means most businesses are not respecting people's privacy requests. Some could be violating current laws or they are unprepared for upcoming legal changes. In fact, prominent law firm Gunderson & Dettmer recently reported a surge in privacy lawsuits.
Ecommerce and marketing industries see the most data privacy requestsPrivacy requests are on the rise across all industries, but the Ecommerce industry – defined in the report as brands with a direct-to-consumer (D2C) relationship – received the most DSRs (1,577 DSRs per million identities). This is indicative of the volume of personal data collected in online marketing campaigns. The Ecommerce industry also reflects the growing "Wellness" market, which encompasses multi-level marketing (MLM) companies and consumer health companies potentially carrying a lot of sensitive data
The Ecommerce industry also reflects the growing "Wellness" market, which encompasses multi-level marketing (MLM) companies and consumer health companies potentially carrying a lot of sensitive data
Marketing tech (Martech) companies, typically in a business-to-business (B2B) setting experience the second-greatest volume of privacy requests, likely linked to the data obtained through online campaigns, surveys, customer relationship management (CRM) tools and more.
Download the complete DataGrail 2024 Privacy Trends Report. DataGrail will also be at RSA, visit the team at booth #0243.
MethodologyDataGrail analyzed the Data Subject Requests (DSRs) it helped process on behalf of customers from January 1 to December 31, 2023. The customer set has more than 700 million records, where a "record" is defined as a single, individual record associated with a unique identifier within a customer's database. To determine the cost of processing requests, DataGrail used Gartner's manual processing estimate of $1,524 per DSR.
To normalize the data across various company sizes, DataGrail calculated DSRs per one million identities. To account for variability, DataGrail used a "10% trim mean" calculation to determine benchmarks. The dataset includes DSRs submitted under the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR), along with DSRs received in the U. and globally that don't fall under those regulatory umbrellas. As a United States-based company, with primarily U.-based customers, DataGrail's dataset may skew toward DSRs from the U
-based customers, DataGrail's dataset may skew toward DSRs from the U

Source prnewswire