CCPA Data Mapping: Where Does It Fit Into Your Compliance Program?

The California Consumer Privacy Act (CCPA) is a California state statute designed to protect California residents’ privacy rights, particularly in regards to the personally identifiable information (PII) companies collect from them. Although the state of California passed CCPA in June 2018 and began enforcing it on July 1, 2020, many companies are still struggling to make a start on the CCPA compliance journey. 

CCPA gives California residents the right to:

• Know about the personal information a business collects about them and how it is used and shared
• Delete personal information collected from them (with some exceptions)
• Opt-out of the sale of their personal information
• Non-discrimination for exercising their CCPA rights

If your company does business in California and meets at least one of CCPA’s size and revenue criteria, you need to ensure you maintain compliance. Failing to do so could result in fines and loss of customer, partner and shareholder trust. The first step in developing a robust CCPA compliance program is identifying where your PII resides and who it belongs to.

CCPA Data Mapping and How to Get Started

Data mapping is the process of matching data fields in one source to data fields in another source. This process allows companies to connect sensitive data to the person it was collected from and is a critical first step in obtaining CCPA compliance. 

When you begin building your CCPA compliance program, you need to ask yourself a few key questions, which will help you begin mapping your data:

• What PII does your organization collect and possess?
• How is the PII collected?
• Where and how is the PII stored?
• To what entities does the organization transfer PII?
• What is the nature of the transfers (e.g., sale, provision of service)?

However, answering all of the above questions manually is an error-prone, time-consuming process. Many companies assume that their customers’ PII data is only stored in their main database and file server, but this assumption is almost always incorrect. Companies often unknowingly store data in multiple locations, including cloud storage providers, databases, servers, email, and endpoint workstations.

Take the Next Step in CCPA Data Mapping

If you want to feel confident about your compliance program, a more reliable method is to start with a ground-up, evidence-based approach that removes all assumptions. The fastest way of going about this is to deploy data scanning technology that is capable of interrogating and scanning all data storage locations across your business. Ground Labs’ Enterprise Recon is a data scanning tool that can help organizations:

• Identify more than 300 data types of structured and unstructured data including pre-configured, CCPA-specific PII patterns
• Scan immediately and fast thanks to a low-impact distributed design, complementing and strengthening your data loss prevention strategy
• Demonstrate CCPA compliance with custom reporting and analytics available in the Enterprise Recon 
• Accurately map data across networks, servers, and platforms to keep tabs on PII and more easily respond to consumer requests
• Easily build custom data types and search platforms to locate unique data types to address your organization’s unique needs
• Search within both structured and unstructured data sources including files, databases, emails, cloud, big data and more
• Provide the ability to remediate and remove PII data found and when appropriate, assign this responsibility to individuals across the organization to reduce reliance on security and compliance personnel.
• Easily view and analyze the access permissions for sensitive data locations and immediately take action to minimize risk by managing and controlling access to those locations
• Establish a ‘Risk Profile’ based on a Risk Scoring feature, enabling the tagging of high, medium and low data risks across your network
• Execute a proactive approach to data security — as opposed to a reactive approach that relies on damage control post-breach — to build a stronger foundation of trust within your organization

Data mapping is a critical first step in building a CCPA compliance plan. Ground Labs’ Enterprise Recon tool will help your business establish an ongoing understanding of where all your data is stored so you can maintain CCPA compliance. 

Interested in learning more? Book a demo with one of our experts to get started on your CCPA compliance journey today.