When was the last time you tried to inventorize your closet?
Inventorizing (or organizing, in plainspeak) your closet can be a frightening proposition; lots of clothes, all in the wrong places, some in boxes with labels, some in boxes without labels, some labeled incorrectly altogether.
Oh, and don’t forget about the clothes that made their way into your kid’s closet. How on earth did they get there? And that poncho—which doesn’t even resemble something a human could wear—tucked away in your linen closet. Let’s not even mention the clothes that are, for some unknowable reason, bundled up in the trunk of your car.
So when you need to make sense of the mess and find something specific, then you’re in real trouble.
Taking Inventory of Your Data
When was the last time you tried to inventorize your data?
Though a whole lot of brainpower has, of recent, been used upon a little issue called the coronavirus, it’s thankfully winding down. That means it’s time to return to our regularly scheduled program called “Oh Man, It’s Almost Time For CCPA.”
Yes, you might have forgotten about CCPA, which went into effect on Jan 1st, and will be enforced starting on July 1st. If your annual revenue is more than $25 million, if your business holds data on 50,000 consumers or more, if your business makes more than 50% of its annual revenue from selling data, and you serve residents of the Golden State, regardless of where your company is located, you need to make sure you’re CCPA compliant.
Being compliant means that when Sandy from San Diego submits a Subject Rights Request (SRR), asking you to
- Tell her exactly what you’ve collected about her;
- Delete everything you hold on her;
- Prevent her data from being sold;
- Provide her with copies of her records,
you are able to comply with her requests within 45 days of receipt.
But in order to fulfill her request, you have to know where all that data resides. This means all data—structured and unstructured, known and unknown, in motion and at rest. And this is where things get tricky if you haven’t established a robust data inventory process. According to Gartner, 80 percent of data is unstructured and thus, is not where you’d expect it to be. Data is likely to be stored in odd places like legacy databases, unstructured text files, structured data files, archive files, audio files, video files etc,. So in this mess, how can you possibly find what you’re looking for, let alone create a semblance of structure for the future?
Dynamic Data is Messy
Most compliance solutions protect areas that are known to contain sensitive data. But data usage is dynamic and it evolves over time. For example, last week, all you had on file for Sandy was her name and email address. Today, she made a purchase, so now, you hold new sensitive data on her—and this new data needs to be discovered, mapped, tracked, and aggregated. With each consumer interaction, the PI you hold changes and yesterday’s network isn’t the same as today’s. What this all adds up to is that it’s impossible to account for all the various places your data might have been scattered to—and yet, in order to comply with CCPA, and to fulfill Sandy’s request in a timely manner, you need to do exactly that.
Finding it All
Remember our closet, desperately in need of organizing?
There you are, a sea of shirts, pants, socks, other semi-square pieces of cloth surrounds you. Order is long overdue but it’s overwhelmingly impossible to put into practice when you don’t know which boxes are marked properly, if the one that says “winter shirts”, might, in actuality, contain ancient baby clothes. You need something to help you clean up the mess by automatically finding all the bags, boxes, and piles, even if they are in the least likely of places. Even if they aren’t stored in the right format. And even those items you don’t know you have, like that holiday sweater from Aunt Tildy.
Now back to that Subject Rights Request;
To be able to fulfill Sandy’s SRR, you must be able to locate all the data you hold on her—from the structured to the unstructured, to the known and unknown, to the data in motion and at rest regardless of where it’s located, even when you don’t know you were holding that data.
To do this effectively, you need to automatically discover, map, track, and aggregate sensitive data and its flow. By monitoring and analyzing traffic constantly, you can determine how sensitive data is processed, to build a complete picture of how your data is stored, processed, and shared in real time. This will help you maintain compliance and identify and reduce risks before they become real problems.
In compliance and in closet-keeping, continuously maintaining a dynamic and accurate view of what you have is critical to extracting what you need in a reasonable window of time. In compliance, it will also ensure you avoid the fines and potential lawsuits that come along with failing to fulfill requests in time (let’s hope no one’s planning on suing you for failing to find their favorite dress shirt in a timely fashion). The right tools not only contain the mess, they enable you to create a data program wherein you know effortlessly about all the PI you hold on your customers. Learn more on CMSwire.com