'Most Innovative Startup 2020' by RSA - Watch the pitch video

View More

To comply with modern regulations like CCPA, we need to rethink privacy. Privacy needs to be operationalized with automated discovery of each individual’s data across structured and unstructured systems and layers of automation and orchestration on top of it to comply with all aspects of global privacy regulations.

The perfect storm is brewing within global enterprises. The convergence of exploding data volumes and increasing data privacy regulatory requirements are creating conditions that require serious attention from businesses. IDC expects that by 2023, 102.6 zettabytes of new data to be created every year. These 102.6 zettabytes will most certainly be scattered with personal information of individuals — personal information that will be protected by the California Consumer Privacy Act (CCPA) when it goes into effect on January 1st, 2020.

Following a wave of heightened public awareness about privacy, CCPA endows data subjects with certain rights to their data and imposes penalties and grants private rights of action in the event of non-compliance. California by itself is one of the world's largest economies, so a state law enacted to protect the residents and visitors to the state will have effects far beyond its borders.

CCPA grants rights to California consumers and places requirements on businesses that make more than 50% of their revenue by selling data or have more than $25 million in annual revenue. These rights and requirements include:

  • The right to receive all data a company has on a consumer
  • The right to be forgotten/deletion of personal data
  • The right to prevent the sale of personal data
  • A private right of action related to personal data lost through a data breach

Traditional manual methods of privacy compliance, driven off spreadsheets or simple web portals are no match to the real-time data control & orchestration needs of modern privacy regulations like CCPA.  Following are the issues companies will see with manual or legacy compliance methods:

To comply with modern regulations like CCPA, we need to rethink privacy.  Privacy needs to be operationalized with automated discovery of each individual’s data across structured and unstructured systems and layers of automation and orchestration on top of it to comply with all aspects of global privacy regulations.  A PrivacyOps framework is required, which enables such individual-level data intelligence and layers of automation in a collaborative environment for various stakeholders.

Key requirements of an effective PrivacyOps framework are the following:

  • The most foundational element of a PrivacyOps framework is the ability to automatically find personal data about an individual and make it easy for data, privacy and compliance teams to interact with that data.
  • An easy to use, secure platform to engage with individual consumers enabling them to exercise data rights and update the consent
  • Automation of critical privacy compliance requirements, such as DSRs, breach notifications, assessments
  • A comprehensive record of all privacy compliance activities
  • A secure collaboration system among privacy stakeholders to avoid personal data sprawl

Adopting a PrivacyOps framework reduces costs associated with compliance, avoids legal penalties and helps avoid brand damage. For example, automating the DSAR process leveraging continuous real-time data intelligence can dramatically reduce the cost per DSAR, as well as improving accuracy and time to complete. Being able to complete DSARs within the required timeframes at scale avoids penalties and potential lawsuits and builds trust equity with customers. Similarly, breach notifications can be more surgical, leveraging accurate data intelligence to identify only those customers that were impacted – avoiding overly broad notifications that could incur more costs and penalties. And harnessing automated orchestration and data insights for vendor assessments eliminates the back and forth of emailing surveys and provides accurate data with less operational effort.

Data privacy regulations create a prime opportunity to revamp your data organization and integrations and create an integrated enterprise. Real-time compliance should be a goal, not just with DSARs, but also across as many regulatory processes as possible.

Next Steps

Share this

Our Videos

data mapping video thumbnail View More
3:00

Data Mapping Automation

Simplify gathering information, dynamically update your data catalog, and automate assessments and reports

Learn More
View More
02:40

An IT Leader’s Perspective on CCPA

Meet Brian Lillie, Former CPO at Equinix as he discusses the potential challenges of CCPA and how the PrivacyOps framework can be the key to unlocking compliance.

Learn More
Most Innovative Startup 2020 SECURITI.ai View More
03:42

RSA Innovation Sandbox 2020: SECURITI.ai

Watch the 3-minute pitch presented by Rehan Jalil on SECURITI.ai in the RSAC Sandbox Competition

Learn More
CCPA View More
07:10

CCPA Compliance

CCPA protects consumers from mismanagement of their personal data and gives the consumer control over what data is collected, processed, shared or sold.

Learn More
Assessment Automation View More
2:25

Internal Assessment Automation

Audit once and comply with many regulations. Collaborate and track all internal assessments in one place.

Learn More
quinstreet privaci View More
02:44

QuinStreet Case Study

Learn how Quinstreet uses our product to simplify data mapping and automate their workflow to process and respond to CCPA requests.

Learn More

Schrems II Ruling & Resources
Get started for FREE

View