Select Page

CCPA Part 3: Taking (file) action. Managing (D)SAR and deletion for CCPA

Author: Tim Steele

The California Consumer Privacy Act is less than 30 days away, so it’s a great time to learn the ins and outs.

In this third segment of our CCPA Series, we’ll cover the topic of managing ambiguity, deletion requests and Data Subject/Subject Access Request under CCPA, which goes into effect on January 1, 2020 and establishes greater transparency around data use.

Data Deletion/(D)SAR

As we’ve noted, data deletion rights under CCPA are much broader than those under Europe’s General Data Protection Regulation. Consumers have the right to deletion of personal information collected by businesses, which also must instruct their service providers to delete the data.

From a CCPA perspective, the endless saving and storing of information becomes an ever-growing risk to the organization as personal information continues to be saved or re-saved. Heureka’s remediation and defensible deletion allows organizations to identify and either delete or quarantine redundant, obsolete or trivial information from endpoints including file shares. 

(See how remediation and defensible deletion fits into a greater CCPA workflow.)

Your organization may have to respond to a Data Subject/Subject Access Request under CCPA.

One of the biggest challenges facing companies today is the inability to provide a “complete subject access request” across all of their data and not just structured or cloud-based information. This problem is primarily due to the lack of tools focused solely on unstructured data. Heureka solves this issue, as we are specifically designed to handle unstructured data created and stored in a combination of sources, systems and file types regardless of where they are operating.

Handling Ambiguity for CCPA

One tricky thing about CCPA is that it is not specific as to what data should be included or excluded. So how should unstructured data be handled? 

The Heureka Intelligence Platform is designed to help organizations automate and overcome the challenges of locating and classifying unstructured data. We require minimal server infrastructure and deliver real-time data and risk analytics enterprise-wide. Heureka allows organizations to analyze unstructured data to respond quickly to not only CCPA requests but to E-Discovery and investigations, GDPR requests, privacy inquiries, regulatory and compliance events and data governance.

A consumer’s Personally Identifiable Information (PII) can reside in many databases, and a single consumer’s PII can be listed differently from place to place. Few providers can reach the endpoint level like Heureka does. Moreover, Heureka’s system keeps those indexes local, which is critical in a privacy environment that is hyper-sensitive to copying and moving data around.

In the wake of CCPA, organizations must be able to interrogate unstructured data on-demand and at its source. Heureka has revolutionized this process by enabling searches across thousands of machines simultaneously to surgically target personal information in minutes.

Heureka allows you to respond to CCPA requests rapidly with customized data export capabilities. You can report, collect or remove data subject information according to company privacy policy or CCPA regulations.

Schedule your demo now and get to know Heureka’s step-by-step approach for preparing for CCPA.

See the first segment of our CCPA Series, highlighting the key differences between CCPA and GDPR, and the second segment, focused on unstructured data.