CCPA and the Tip of the Customer Information Iceberg

[fa icon="calendar"] Jul 15, 2020 11:14:27 AM / by David Yoon


You can be forgiven for having forgotten about the California Consumer Protection Act or CCPA considering all that's going on in the world. But that doesn't change the fact that what started quietly back in January of this year came into effect July 1, 2020.

If you remember GDPR you already know what's in store. Marriott and British Airways have seen GDPR fines of $120 million and $225 million respectively for failing to comply.

Last year, the California Department of Justice released an economic impact assessment that forecast CCPA compliance could run up to $16.5 billion by 2030.

Of course this doesn't apply to everyone. The rules are pretty specific. The company needs to have annual gross revenues over $25M USD, possess information on over 50,000 California consumers and derive at least 50% of their annual revenue from selling that data.

But before you heave a sigh of relief consider this. If the rules were broader, would you be able to comply? If a customer demanded that you provide copies of all records mentioning them how would you begin? Could you find all mentions across every employee's email? Would you have insight into your file shares and cloud repositories?

According to Gartner, unstructured data accounts for nearly 80% of the data footprint of an organization.

That's a lot of dark data. And hidden away in the darkest corners of that data is sensitive information that you need to uncover to meet these regulations.

All signs are pointing to this being a very real prospect for a lot more businesses. Massachusetts, New Mexico, New York and Washington are all looking at legislation similar to CCPA. At the same time, consumers are demanding increased accountability from organizations sitting on their personal data. Make no mistake, this is going to affect you.

So instead of waiting for the inevitable audit what steps can organizations take now?

How about managing information in-place to create a federated governance hub. Lift and shift processes may be inevitable as you move to migrate information into your ECM stack but you're never going to be able to do that with all your information. It's still important that you have insight into it wherever it sits and can find it if the need arises.

Start relying on machine learning to tackle the staggering growth of information in the enterprise. Information chaos if a very real problem. In fact AIIM revealed that 75% of organization are struggling with this. Acknowledge early on that this is a problem well beyond human scale. People alone are not going to be able to handle the load. Understand that this needs to be an ongoing process too, that compliance and security need to be automated if there's any hope of staying on top of it.

Consumers are demanding more rights over their personal information so companies need to start getting their digital house in order.

Compliance isn't just about responding to individual requests, but in the event of a data breach, contending with potentially millions of records that should have been disposed of in the first place and the fines associated therein.

Get started by actually uncovering the data you're sitting on. Find out exactly how big the mess is. We can help with providing insight and then with a process of remediating that uncovered information. The trick is to get a handle on it, before you have to get a handle on it.

Topics: Records Management

David Yoon

Written by David Yoon

Director of Marketing at Shinydocs Corporation. Delivering information management that embraces your current work culture and optimizes your technology investments.

Recent Posts

Subscribe to Email Updates