For now, this is probably true, especially if you are not a big company. Although being in violation of the law could subject you to a $2,500 fine per incident. It is likely (for now) you will receive a warning notice to comply within 30 days before being fined.
Here is just one example of a typical provision you see in privacy policies that could cause serious legal problems:
We use correct data-gathering measures, storage and very strict security procedures to protect your personal information against unauthorized access, change, disclosure or destruction of including your username, password, transaction information and data stored on our website.
Under the law, you have to take reasonable steps to keep important information secure. At the minimum, you have to comply with the privacy assurances you make to your visitors or customers. However, making statements or implying that a visitor or customer’s information will be secure significantly increases your risk for a lawsuit should someone hack your site.