CCPA is Coming: How to Prepare

America’s most significant data privacy legislation is just months away and organizations around the country need to be prepared.

The California Consumer Protection Act (CCPA) goes into effect January 1, 2020. Similar to the European Union’s General Data Protection Regulation implemented in May 2018, CCPA is intended to establish greater transparency around data use and to give consumers control over their personal information.

The law is written to apply to businesses selling, collecting or disclosing personal information of Californians. Despite those geographic parameters, many lawyers and privacy experts expect companies doing business nationally to comply rather than have disparate policies for individual states, according to a recent article in Fortune.

More broadly, the new law is going to change how companies view data in the first place. In the past, firms adopted a “data is gold” mentality and made an effort to collect as much personal information as possible, but that is now changing, says Hayley Tsukayama, an activist with the Electronic Frontier Foundation.

Fortune: Here Comes America’s First Privacy Law

As significant as the requirements may seem, it is possible to adequately prepare for CCPA with the right knowledge and tools. Data is still incredibly valuable, but it is simply more important than ever to know where it lies, what purpose it serves, and who is responsible for it.

Heureka in a CCPA regulated workflow 

In the wake of CCPA and other pending privacy laws, organizations must be able to interrogate unstructured data on-demand and at its source. Heureka has revolutionized this process by enabling searches across thousands of machines simultaneously to surgically target personal information in minutes. Here is the step-by-step approach to preparing for CCPA.

Step 1: Data Assessment (Data Inventory) 

To truly assess where your company stands regarding personal information, you must first understand what type of data your company is storing. Heureka allows you to quickly run inventory reports for all your endpoints including file shares using a single console. Key PII information is automatically classified and scored making it a simple process to find the most potentially risky computer in your environment.

Step 2: Eliminate ROT (Redundant, Obsolete, Trivial) data 

A massive concern within any organization is the storage or archiving of redundant, obsolete or trivial information. Where CCPA is concerned, the endless saving and storing of information becomes a larger and larger risk to the organization as personal information continues to be saved or re-saved. Heureka’s remediation and defensible deletion allows organizations to identify and either delete or quarantine redundant, obsolete or trivial information from endpoints including file shares. 

Step 3: Identify PII information

Heureka’s automated PII classification engine runs nightly across all endpoints and file shares. Additional advanced searches can be constructed which may include regular expressions in conjunction with keywords to reduce false positives. Scheduled searches provide a hands-off search strategy with a remediation path for your most sensitive data. 

Step 4: Protect your most sensitive data 

Once sensitive data is detected, verify that the user/custodian should be in possession of the information. If not, you may use Heureka tools to delete or quarantine the information directly from the endpoint or file share. 

Step 5: Continuous, automated compliance searches 

Heureka can be set up with scheduled, continuous searches to help an organization comply with internal policies for both sensitive data and data retention. Remediation tools continue to provide a path for elimination of ROT or sensitive data. 

Step 6: Rapidly Respond to CCPA-related issues 

Heureka can be used for specific sections of CCPA. Heureka allows you to respond to CCPA requests rapidly with customized data export capabilities. Heureka allows you to report, collect or remove data subject information according to company privacy policy or CCPA regulations. 

Should a data breach occur, Heureka provides targeted endpoint information for all custodians who may be part of the breach. Valuable information such as data volume, content, and potential PII-related information can help determine the severity of a breach and assist in a notification list. 

Heureka has broad computer OS support including macOS®, Windows™ and Linux™ and can be deployed as a cloud-based or on-premises installation. IT teams can quickly assess and report on file-level information across their enterprise using a single tool. 

For more information, request your demo now or download our CCPA checklist.