The Risks of Unintended Breaches
There are plenty of ways a business can unwittingly breach the CCPA. For example, personal information that’s incorrectly tagged could be sold despite belonging to an individual who previously opted out. Similarly, if a business is not currently using personal information, this data might be archived in a way that makes it challenging to locate when a person seeks to access or delete the information.
A recent study found 52 percent of an organization’s data is dark — without defined value or unable to be leveraged for decision-making. Such dark data poses significant risk.
Therefore, it’s imperative that businesses pinpoint which data is valuable, and rid data centers of dark data. But this is often easier said than done. Companies often get stuck in the data collection stage, lacking the time or resources to analyze and determine the usefulness of what they’re gathering. This idle data poses great risk to business operations and jeopardizes security and compliance.
Now is the time for businesses to gain full visibility into the data itself, while delivering intelligence and risk mitigation to regain control of it all.
Implement a Strong Strategy to Protect Data
Before businesses can begin to comply with CCPA, they must understand what data they have and where it is stored. Once they separate valuable data from dark data, a strong data management strategy comes next, which should include the following steps:
Identify all data stores and gain an overview. Data mapping and data discovery are the first steps toward understanding organizational information flow. Gain visibility and insight into where sensitive information is stored, who can access it and how long it’s being retained.
Automate discovery and data insight routines. To keep pace with the growing universe of data, companies must automate analytics, tracking and reporting to deliver organizational accountability for dark data, file use and security. Companies may be handling petabytes of data, so their data strategy should integrate with archiving, backup and security solutions.
Minimize and place controls on data. Data minimization and purpose limitation ensure organizations can reduce the amount being stored and establish that what’s retained is directly related to the purpose for collection. Classification, flexible retention and compliant policy engines allow confident deletion of nonrelevant information — a cornerstone of any dark data project and companywide compliance.
Monitor for adherence to compliance standards. Under GDPR or CCPA, all businesses have a duty to report certain types of breaches to the relevant supervisory authority, and in some cases, to the individuals affected. Companies should monitor breach activity and quickly trigger reporting procedures to ensure compliance.
The Challenge and Opportunity of CCPA
While regulatory compliance is always a challenge, CCPA also gives businesses the unique opportunity to kick-start effective data management strategies and eliminate dark data waste.
By integrating a comprehensive data management strategy, organizations can better understand their data — finally unlocking its true value to ultimately achieve compliance.