New data protection and data privacy regulations are popping up all over the place and CCPA – the California Consumer Privacy Act came into effect on January 1, 2020. This means that now most companies that do business with consumers in California have to protect their customers’ personal data.
The new regulation applies to for-profit entities, regardless of physical location or where they are incorporated, who do one or more of the following:
- Generate annual gross revenue of at least $25 million
- Annually receive or share personal information on 50,000 or more California residents
- Derive at least 1/2 of their revenue by selling California residents’ personal information
CCPA holds a much broader definition of personal information than many other regulations do – for example, while GDPR considers name, address, phone number, identification number, credit card number, date of birth to be personal identifiable information, under CCPA, a customer’s search history and location is also considered personal information that demands protection. This means that if you’re compliant with GDPR you may not be in compliance with CCPA.
How do organizations go about protecting their customer’s personal information? In order to protect the data of their customers, they must first locate it throughout their often crowded data environments. If they are meant to mask or erase, for example, search history or telephone numbers, they must be able to locate every place this information resides throughout every system in their environment. Doing so can be extremely time consuming and difficult, even impossible if done manually, however many organizations understand that automated metadata management tools for data lineage, data discovery and business glossary are critical for achieving regulatory compliance.