CCPA is Here: Learn How Not To Fail CCPA Compliance


In the new world order, data compliance has trumped business interests. With CCPA enforcement starting July 1, organizations need to craft CCPA specific provisions in their systems to reduce risk of liability and non-compliance. Buno Pati, CEO, Infoworks details how to build a framework for CCPA and future privacy requirements with automation tools that can help meet challenges.

Pre COVID-19, most businesses were already struggling with the challenges of getting their arms around their consumer data assets and establishing a framework for complianceOpens a new window . These challenges are exacerbated with the backdrop of COVID-19 Opens a new window combined with a yet-to-be-finalized set of regulations. It is true that COVID-19 and the accompanying increase in online activity further highlights the need for data privacyOpens a new window , but businesses need adequate time to establish a scalable and flexible foundation for privacy compliance, as it is certain that the requirements will continue to evolve.

Companies underestimate how difficult it will be to organize their data in a manner where they can implement processes to help them comply with CCPAOpens a new window . Those that don’t meet these new standards will see not just a drain on their bottom line from the fines they’ll incur, they’ll suffer from a lack of trust from their customers, who will assume their data isn’t safe.

Learn More: CCPA Enforcement Kicks In on July 1. 5-Point Guide to Reviewing Data PracticesOpens a new window

What the CCPA treats as personal data goes well beyond the definitions as stated by other broad-based privacy laws such as GDPROpens a new window , and includes protected classifications, biometric information, browsing activity, geolocation data, employment-related information, IP addresses and data which can be associated with a specific household. To address this challenge head-on, businesses need to understand all the ways in which they obtain personal information, the types they collect and share, the purposes for which they use it, the parties with whom they share it and why, and how it’s retained and secured.

With the clock ticking, it’s nearly impossible for businesses to expect they can rely on manual recording of data. That’s where an enterprise data operations and orchestration (EDO2) system can help bridge the gaps. What these systems provide is automating the process of sorting through the data, delivering speed, agility, and flexibility while allowing data scientists to continue creating value for the business during the transition period.

The shift to data transparency is officially on. CCPA is only the first in a sea change of how personal data is handled in this country. Businesses who aren’t taking the urgency seriously will learn some harsh lessons if they don’t fall in line.

Learn More: How COVID-19 Transformed Data PrivacyOpens a new window

Automation tools can help organizations keep up with CCPA requirements From a business perspective, automation is about decision-making. Organizations need to be agile enough to act efficiently, based on industry changes. From a privacyOpens a new window perspective, it is very similar. Organizations need to be held accountable for data they gather and how they use it. We’re seeing more personal data being gathered by companies and used by companies in various ways, and therefore, it raises the bar on accountability.

For the next year or two we’ll be trying to figure out how organizations operate in this new environment, which is vastly different from the pre-COVID world. Organizations waiting for traditional business approaches, i.e. large corporate efforts with teams of people, extensive proofs of concept, to lean on will be disappointed and unprepared for our current and near-future world. Operational agility is the critical component to accommodate our uncertain times and changes in CCPA requirements.

This ranges from collecting the data, ingesting it into the CCPA data lakeOpens a new window , normalizing it, automating the customer-facing portal, and automating the removal or anonymization of the data upon request. By centralizing the data and processing it to meet CCPA requirements, that makes it much easier to properly manage requests like the one you mentioned to not have your personal data sold.

With a tight timeline, being agile and building a framework for future privacyOpens a new window requirements are the biggest challenges. Using a traditional data analytics approach to sift through the data, businesses will have to bring in specialists to hand-code the data and categorize each data recipient, impeding preparations for CCPA on an already tight timeline. Data OperationsOpens a new window and Orchestration is a powerful “no-code” tool that automates the process of sorting through the data, delivering speed, agility and flexibility while allowing data scientists to continue creating value for the business during the transition period.

Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!