CCPA is a journey, not a destination
It’s been over a month since CCPA was implemented and businesses are struggling to comply. Smart organizations, however, know that compliance doesn’t have to be a sunk cost; in fact, it can be used as a competitive differentiator. Instead of playing catch up with global, national, and state data privacy regulations, businesses should consider implementing broad policies and protections for consumer information that will prepare the organization for any future legislation.
For all the criticisms of GDPR -- and there are many -- the EU legislation set an important precedent for data privacy laws internationally. Businesses that are already GDPR-compliant are in a good position to satisfy requirements from new national and state data privacy laws.
For example, it’s recommended (and sometimes required) that organizations hire a Data Protection Officer to audit and independently guarantee businesses are in compliance with strict data regulations. Organizations should also put in place a process for disseminating breach notifications, should an incident occur, given both GDPR and CCPA stipulate that organizations only have 72 hours to report a data breach to authorities.
Another crucial compliance step in complying with both GDPR and CCPA is implementing a procedure to satisfy 'right to be forgotten' requests. This involves identifying and removing all digital data -- including active, archived, structured and unstructured data -- associated with specific individuals who make a data deletion request. Most businesses store that information in multiple locations and systems which compounds shadow IT challenges. These locations include structured file sharing solutions like SharePoint and CRMs like Salesforce, but also in unstructured places, such as email, PDFs, text documents or even photos. Fulfilling right to be forgotten requests using disparate systems often requires manual, time-consuming searches that span cloud and on-prem storage (more on that below). These manual searches are also extremely high-risk, given it’s easy to accidentally miss information.
Transparency is Critical
Organizations adopting the cloud -- particularly those using public, hybrid, or multi-cloud strategies -- often struggle with knowing where sensitive information is located and how it flows through their systems. In order to be able to prove compliance to auditors and quickly adapt to changes in the regulatory landscape, businesses must have visibility into their environment.
Achieving data transparency can be achieved through proper SaaS management, but it requires a partnership between IT and enterprise leadership, with both driving cultural change in the attitudes, mindset and behavior of the organization. IT can be a transparency leader by promoting the productive use of SaaS Management Platforms (SMP) and apps within the organization -- essentially acting as a test case, leading by example to streamline separate systems. Then IT, perhaps working with human resources (HR), business line managers, or the C-suite, can build a model to drive transparency origination-wide.
If IT is not already partnering with HR or business leaders on transparency initiatives, having solid achievements and a guiding vision is a great way to open the conversation and collaborate with these groups for a broader transparency strategy.
Complying with a wide range of data protection regulations comes with a unique set of challenges and necessary changes to how businesses work, some major. But compliance has value beyond helping businesses avoid fines (although, not incurring millions of dollars in penalties is beneficial for any organization.) Organizations can use their compliance efforts to attract new customers, differentiate themselves from competitors, and showcase their mature IT stack. Be sure to get started today in order to achieve maximum ROI on compliance efforts.
Michael Morrison is CoreView's CEO. As a growth-stage operating executive (CEO/COO/SVP) within global business analytics organizations, he has led several companies through critical stages of transformation, predictable revenue growth and successful exits, delivering notable returns for public shareholders. He is passionate about assembling, leading and working alongside amazing teams that effectively develop strategies, solve problems, excel at product innovation and profitably grow top line revenue.