When it Comes to CCPA, Manual Methods Can Kill You

The perfect storm is brewing within global enterprises. The convergence of exploding data volumes and increasing data privacy regulatory requirements are creating conditions that require serious attention from businesses. IDC expects that by 2023, 102.6 zettabytes of new data to be created every year. These 102.6 zettabytes will most certainly be scattered with personal information of individuals — personal information that will be protected by the California Consumer Privacy Act (CCPA) when it goes into effect on January 1st, 2020.

Following a wave of heightened public awareness about privacy, CCPA endows data subjects with certain rights to their data and imposes penalties and grants private rights of action in the event of non-compliance. California by itself is one of the world's largest economies, so a state law enacted to protect the residents and visitors to the state will have effects far beyond its borders.

CCPA grants rights to California consumers and places requirements on businesses that make more than 50% of their revenue by selling data or have more than $25 million in annual revenue. These rights and requirements include:

• The right to receive all data a company has on a consumer
• The right to be forgotten/deletion of personal data
• The right to prevent the sale of personal data
• A private right of action related to personal data lost through a data breach

Traditional manual methods of privacy compliance, driven off spreadsheets or simple web portals are no match to the real-time data control & orchestration needs of modern privacy regulations like CCPA.  Following are the issues companies will see with manual or legacy compliance methods:

To comply with modern regulations like CCPA, we need to rethink privacy.  Privacy needs to be operationalized with automated discovery of each individual’s data across structured and unstructured systems and layers of automation and orchestration on top of it to comply with all aspects of global privacy regulations.  A PrivacyOps framework is required, which enables such individual-level data intelligence and layers of automation in a collaborative environment for various stakeholders.