CCPA Part 3: Taking (file) action. Managing (D)SAR and deletion for CCPA
The California Consumer Privacy Act is less than 30 days away, so it’s a great time to learn the ins and outs.
In this third segment of our CCPA Series, we’ll cover the topic of managing ambiguity, deletion requests and Data Subject/Subject Access Request under CCPA, which goes into effect on January 1, 2020 and establishes greater transparency around data use.
As we’ve noted, data deletion rights under CCPA are much broader than those under Europe’s General Data Protection Regulation. Consumers have the right to deletion of personal information collected by businesses, which also must instruct their service providers to delete the data.
From a CCPA perspective, the endless saving and storing of information becomes an ever-growing risk to the organization as personal information continues to be saved or re-saved. Heureka’s remediation and defensible deletion allows organizations to identify and either delete or quarantine redundant, obsolete or trivial information from endpoints including file shares.
(See how remediation and defensible deletion fits into a greater CCPA workflow.)
Your organization may have to respond to a Data Subject/Subject Access Request under CCPA.
One of the biggest challenges facing companies today is the inability to provide a “complete subject access request” across all of their data and not just structured or cloud-based information. This problem is primarily due to the lack of tools focused solely on unstructured data. Heureka solves this issue, as we are specifically designed to handle unstructured data created and stored in a combination of sources, systems and file types regardless of where they are operating.
Handling Ambiguity for CCPA
One tricky thing about CCPA is that it is not specific as to what data should be included or excluded. So how should unstructured data be handled?
The Heureka Intelligence Platform is designed to help organizations automate and overcome the challenges of locating and classifying unstructured data. We require minimal server infrastructure and deliver real-time data and risk analytics enterprise-wide. Heureka allows organizations to analyze unstructured data to respond quickly to not only CCPA requests but to E-Discovery and investigations, GDPR requests, privacy inquiries, regulatory and compliance events and data governance.
A consumer’s Personally Identifiable Information (PII) can reside in many databases, and a single consumer’s PII can be listed differently from place to place. Few providers can reach the endpoint level like Heureka does. Moreover, Heureka’s system keeps those indexes local, which is critical in a privacy environment that is hyper-sensitive to copying and moving data around.
In the wake of CCPA, organizations must be able to interrogate unstructured data on-demand and at its source. Heureka has revolutionized this process by enabling searches across thousands of machines simultaneously to surgically target personal information in minutes.
See the first segment of our CCPA Series, highlighting the key differences between CCPA and GDPR, and the second segment, focused on unstructured data.