CCPA Part IV – Compliance Tips
In our fourth and final Heureka CCPA series we wrap up with some tips to think about as you drive toward CCPA compliance.
Preparing for every requirement of the impending California Consumer Privacy Act may seem like a tall order, but not after AdExchanger breaks down key compliance tips in a recent article as well as this article The Clock is Ticking: Three Steps Toward CCPA Compliance on Law.com.
The AdExchanger article notes that the Interactive Advertising Bureau and the IAB Tech Lab are developing a CCPA compliance framework, and in the meantime advises organizations to make a good faith effort to consider some high-level pointers.
Map your data
Organizations simply cannot comply if they don’t know what data they’re holding.
Getting your arms around unstructured data hasn’t always been easy—the endless saving and storing of information becomes an ever-growing risk to organizations as personal information continues to be saved or re-saved.
One of the biggest challenges facing companies today is the inability to provide a “complete subject access request” across all of their data (not just structured or cloud-based information). It’s been a problem caused primarily by the lack of tools catering to unstructured data.
Heureka solves this issue, however, as our system is tailor made to handle unstructured data created and stored in a combination of sources, systems and file types, regardless of where they are operating. The Heureka Intelligence Platform helps organizations automate and overcome the challenges of locating and classifying unstructured data. We require minimal server infrastructure and deliver real-time data and risk analytics enterprise-wide. Heureka allows organizations to quickly analyze unstructured data and respond to CCPA requests, in addition to GDPR requests, E-Discovery and investigations, privacy inquiries, regulatory and compliance events and data governance.
The bottom line: to comply with CCPA, organizations must be able to interrogate unstructured data on-demand and at its source, a process Heureka has revolutionized.
Conduct due diligence
On the subject of due diligence, AdExchanger suggests keeping copious records detailing how deletion requests are handled.
Heureka’s remediation and defensible deletion allows organizations to identify and either delete or quarantine redundant, obsolete or trivial information from endpoints including file shares (see how remediation and defensible deletion fits into a greater CCPA workflow).
Work on Data Governance (Preparing for CCPA)
Law.com mentions data governance in their article with an excellent recommendation. “Consider whether your organization can support an interdepartmental data privacy team – the benefit being that all key stakeholders get a seat at the table.” It is important from the onset of CCPA that multiple departments have a working knowledge on where data requests are coming from and how they are being fulfilled.
By now internal teams should be mapping out the methods by which data requests will flow into the company as well as how various departments will handle requests. Time is of the essence when responding to customers or consumers and performing pre-CCPA tests or even stress-testing the teams will be helpful when January 1st rolls around.
Heureka’s single-tool approach across unstructured data sources is a game changer as it allows for rapid (within minutes) search results across hundreds or thousands of endpoints or file shares.
Did you miss the earlier segments of our CCPA Series? Find them here: