It's Time for Businesses to Eliminate Dark Data

Complying with the new California Consumer Privacy Act requires detailed knowledge of the data you store.

Your browser doesn’t support HTML5 audio

Data backup has undergone a major transformation during the past decade. Backup now means so much more than just storage; it also includes privacy, protection and compliance. Organizations today must have a strong data protection strategy in place, or risk IT complexities that could prove costly.

The fact is, regulations such as the California Consumer Privacy Act and the General Data Protection Regulation have opened the door for millions of dollars in fines, making data compliance imperative for all organizations.

By now, the GDPR is well known. But less is understood about the CCPA, which took effect in January. As enforcement gets underway, organizations must adhere to the regulations or risk facing consequences. With additional states now seeking to implement similar laws, all data must be organized and classified to meet consumer demands under these regulations.

The Risks of Unintended Breaches

There are plenty of ways a business can unwittingly breach the CCPA. For example, personal information that’s incorrectly tagged could be sold despite belonging to an individual who previously opted out. Similarly, if a business is not currently using personal information, this data might be archived in a way that makes it challenging to locate when a person seeks to access or delete the information.

A recent study found 52 percent of an organization’s data is dark — without defined value or unable to be leveraged for decision-making. Such dark data poses significant risk.

Therefore, it’s imperative that b­usinesses pinpoint which data is valuable, and rid data centers of dark data. But this is often easier said than done. Companies often get stuck in the data collection stage, lacking the time or resources to analyze and determine the usefulness of what they’re gathering. This idle data poses great risk to business operations and jeopardizes security and compliance.

Now is the time for businesses to gain full visibility into the data itself, while delivering intelligence and risk mitigation to regain control of it all.

Implement a Strong Strategy to Protect Data

Before businesses can begin to comply with CCPA, they must understand what data they have and where it is stored. Once they separate valuable data from dark data, a strong data management strategy comes next, which should include the following steps:

Identify all data stores and gain an overview. Data mapping and data discovery are the first steps toward understanding organizational information flow. Gain visibility and insight into where sensitive information is stored, who can access it and how long it’s being retained.

Automate discovery and data insight routines. To keep pace with the growing universe of data, companies must automate analytics, tracking and reporting to deliver organizational accountability for dark data, file use and security. Companies may be handling petabytes of data, so their data strategy should integrate with archiving, backup and security solutions.

MORE FROM BIZTECH: Three steps to get on the right side of GDPR compliance.

Minimize and place controls on data. Data minimization and purpose limitation ensure organizations can reduce the amount being stored and establish that what’s retained is directly related to the purpose for collection. Classification, flexible retention and compliant policy engines allow confident deletion of nonrelevant information — a cornerstone of any dark data project and companywide compliance.

Monitor for adherence to compliance standards. Under GDPR or CCPA, all businesses have a duty to report certain types of breaches to the relevant supervisory authority, and in some cases, to the individuals affected. Companies should monitor breach activity and quickly trigger reporting procedures to ensure compliance.

The Challenge and Opportunity of CCPA

While regulatory compliance is always a challenge, CCPA also gives businesses the unique opportunity to kick-start effective data management strategies and eliminate dark data waste.

By integrating a comprehensive data management strategy, organizations can better understand their data — finally unlocking its true value to ultimately achieve compliance. 

More On Data Management, Data protection, Privacy,