Are you ready for CCPA?

Are you ready for CCPA?

Are you ready for CCPA?

Just as some of our client organizations are knee deep with GDPR compliance, another privacy based regulation is quietly signed in the United States! We summarize below CCPA implications and what steps should be taken to comply.

What does the California Consumer Privacy Act do?

Just as some of our client organizations are knee deep with GDPR compliance, another privacy based regulation is quietly signed in the United States! We summarize below CCPA implications and what steps should be taken to comply.

What does the California Consumer Privacy Act do?

Gives the consumer ownership

Grants the rights to tell a business not to share or sell personal information 

Gives the consumer ownership

Grants the rights to tell a business not to share or sell personal information 

Provides the consumer control

Control over personal information that is collected

Provides the consumer control

Control over personal information that is collected

Provides the consumer security

Holds businesses responsible for safeguarding personal information

In some ways, CCPA goes farther than GDPR in the definition of consumer data and includes derived data into the protected bucket; “Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”.

Personal information categories include:

  • "unique personal identifiers” (as defined);
  • geolocation data;
  • purchasing, browsing and search histories;
  • biometric information; Notably, CCPA’s personal information includes “olfactory” and “thermal” information linked to a consumer or household; and
  • "purchasing or consumer tendencies”; all of which are quite broad and indefinite.

Given this broad categorization, how then is consumer data to be identified?  Not only do companies have to tag information that is collected directly but also data that is linked to the consumer based on actions and other business processes.   For many organizations, conducting an initial assessment across disparate heterogeneous platforms is a daunting and time-consuming exercise. 

Sophisticated scanners such as the Orion MetaData Harvester can quickly and automatically examine different vendor databases across disparate technologies, file types and even determine where and how such personal data is linked and moving across the enterprise.  In addition, the content, format, range of values, and data types must be compared in an automated fashion for similarities, differences, and compliance with data management and data security policies.

Orion’s Term2Asset module maps business glossaries and terms that describe consumer data using a broad brush into the specific physical data for semantic querying, and can vastly enable reporting and discovery for the business data steward.  Finally, the results must be analyzed, documented, and communicated to a broad, diverse audience.

In some ways, CCPA goes farther than GDPR in the definition of consumer data and includes derived data into the protected bucket; “Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”.

Personal information categories include:

  • "unique personal identifiers” (as defined);
  • geolocation data;
  • purchasing, browsing and search histories;
  • biometric information; Notably, CCPA’s personal information includes “olfactory” and “thermal” information linked to a consumer or household; and
  • "purchasing or consumer tendencies”; all of which are quite broad and indefinite.

Given this broad categorization, how then is consumer data to be identified?  Not only do companies have to tag information that is collected directly but also data that is linked to the consumer based on actions and other business processes.   For many organizations, conducting an initial assessment across disparate heterogeneous platforms is a daunting and time-consuming exercise. 

Sophisticated scanners such as the Orion MetaData Harvester can quickly and automatically examine different vendor databases across disparate technologies, file types and even determine where and how such personal data is linked and moving across the enterprise.  In addition, the content, format, range of values, and data types must be compared in an automated fashion for similarities, differences, and compliance with data management and data security policies.

Orion’s Term2Asset module maps business glossaries and terms that describe consumer data using a broad brush into the specific physical data for semantic querying, and can vastly enable reporting and discovery for the business data steward.  Finally, the results must be analyzed, documented, and communicated to a broad, diverse audience.

harvester-02

Below are some steps that every organization could follow:

Data discovery and Identification – Automated discovery of data assets and cataloging metadata and their respective schemas, definitions, types, sizes, and inter-dependencies.   Personal and Customer data tends to be spread out across relational databases, archived records in a data lake / warehouse, and Distributed File System stores (e.g., Hadoop etc.).  The Orion Governance platform supports all of these disparate technologies and can harvest data automatically. 

Catalog external data sources - Vendor and third party data is often collected using different business processes than internal data, and may be used to enhance personal information through record matching and additional attributes.

Automatically document data flow and lineage - Data flow of various Critical Data Elements (CDEs) within the enterprise along with lineage is essential to ascertain where customer data moves, especially the primary customer identifiers, and sensitive personally identifiable data. Examples may be CRM systems like Salesforce, home-grown or SaaS applications such as email marketing), analytics tools, and other data stores.  BI  and/or reporting systems also tend to contain a lot of customer information that needs to be cataloged and included in the lineage process.

Implement a metadata repository and layer - Customer and prospect data may be spread across data stores, from transaction databases to marketing systems, under your control or through SaaS applications. A metadata layer is essential to help abstract different data sets and apply the proper restrictions on personally identifiable data.

Review data retention policies - While customer data cannot be deleted without a proper process in place, reviewing the company’s data retention policies with a metadata layer in place is a whole lot easier and provides the right level of visibility into these legal and regulatory processes that are essential for every company.


Orion MetaData Harvester platform accelerates compliance in many specific areas;

Data Inventory
Orion MDH Scanners discover all metadata (technical assets) to the finest grain

Data Mapping
Orion MDH Term2Asset, through pattern matching and machine learning algorithm, automates data mapping to business glossary

Data Portability & Transformation
Orion MDH data lineage (technical and business) provides insights on how data moves, transforms across systems end-2-end

Data Consumption & Metrics
Orion MDH dashboard provides metrics on how data is being reported or consumed across systems

Data Deletion (Right to be Forgotten)
Search on any data (field, job, task, report, etc) - and find out data flows (lineage) end2end throughout all systems to confidently delete the record

Data Reporting
Orion MDH Dashboard is configurable to meet reporting needs, in addition to REST API to extract data for external reporting

California, United States
info@oriongovernance.com

Orion Governance is a global leader in automated data governance. We serve a range of business sectors, including banking, insurance, retail and healthcare. With a strong global presence and deep industry knowledge, we help our clients to build, enrich and expand their data governance platform to fully meet audit and compliance requirements. Our smart solution sits comfortably alongside existing solutions and integrates seamlessly with Gartner’s Magic Quadrant vendors. Many Fortune 500 companies entrust the automation of their data governance to us.

California, United States
info@oriongovernance.com

Orion Governance is a global leader in automated data governance. We serve a range of business sectors, including banking, insurance, retail and healthcare. With a strong global presence and deep industry knowledge, we help our clients to build, enrich and expand their data governance platform to fully meet audit and compliance requirements. Our smart solution sits comfortably alongside existing solutions and integrates seamlessly with Gartner’s Magic Quadrant vendors. Many Fortune 500 companies entrust the automation of their data governance to us.

Articles
Resources
Partners
Career
Contact US

California, United States
info@oriongovernance.com

Orion Governance is a global leader in automated data governance. We serve a range of business sectors, including banking, insurance, retail and healthcare. With a strong global presence and deep industry knowledge, we help our clients to build, enrich and expand their data governance platform to fully meet audit and compliance requirements. Our smart solution sits comfortably alongside existing solutions and integrates seamlessly with Gartner’s Magic Quadrant vendors. Many Fortune 500 companies entrust the automation of their data governance to us.

Articles 
Resources
Partners
Career
Contact us


Articles          Resources          Partners          Career
Articles          Resources          Partners          Career
Articles          Resources          Partners          Career
logo-02