Organization-Wide Control Over Consumer Data

The California Consumer Privacy Act took effect on January 1, 2020, creating a new set of requirements for companies that collect or process personal information. Like Europe's GDPR, the California law establishes rights for consumers who want to control how their personal data is used, and sets financial penalties for organizations that fail to meet their obligations.

Customer information stored as unstructured data—in files on servers, laptops, and desktops—represents a significant compliance risk. With PKWARE's data security solutions, companies can maintain complete control over customer data in files, and ensure compliance with California Consumer Privacy Act requirements.

Background: The California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) applies to organizations that collect, sell, or use personal information on California residents and meet any of the following criteria:

  • Have $25 million or more in annual sales
  • Buy, sell, or share information on 50,000 or more households or individuals
  • Derive more than half of their annual revenue from selling personal information

The CCPA's definition of "personal information" includes a variety of commonly-collected data types. Identifying information such as names, addresses, driver's license numbers, Social Security numbers, and email addresses are all covered by the law, as are biometric data, geolocation data, employment information, internet activity, and consumer profiles.

In addition to new requirements for policy disclosures, consent gathering, and breach reporting, the law creates new rights for California residents:

  • The right to request information about the data a company a company has collected and sold
  • The right to request deletion of personal data
  • The right to sue for damages after a data breach involving unencrypted or unredacted personal information

The Challenge: Unstructured Data

Most organizations already have tools in place to manage the consumer information stored in their database systems. However, when data is extracted from a database and saved in spreadsheets, documents, or other files, organizations typically lose control over it. Files containing consumer data can be shared in inappropriate locations and with unauthorized parties, creating compliance gaps and exposing the company to unnecessary risks.

Regain Control with PKWARE

PKWARE solutions enable companies to manage their unstructured data with the same level of control they have over database records. PKWARE technology monitors file activity in real time and takes automated action based on the company's information security policies. Organizations can use PKWARE to address a variety of California Consumer Privacy Act requirements:

  • Automated encryption: PKWARE can be configured to encrypt files containing consumer data as soon as the files are created or modified. Persistent encryption keeps data safe from misuse even in the event of a theft or loss, and protects the organization from fines, lawsuits, and other potential consequences of a data breach.
  • Automated redaction: PKWARE's data redaction technology can redact credit card data within files, leaving other file contents unchanged. Like encryption, redaction prevents the exposure of data when files are lost, stolen, or shared with unauthorized parties.
  • Data deletion: When a California resident submits a qualified request for data deletion, organizations can use PKWARE to find and delete the resident's information in files across the organization.
  • Reporting: PKWARE's logging and reporting capabilities allow organizations to maintain real-time visibility into the personal data stored in files, and to comply with information requests from residents and regulatory authorities.