Armanino Blog
Article

Is CCPA Making Sense of Unstructured Data?

by Pippa Akem
July 16, 2019

Is the California Consumer Privacy Act (CCPA) forcing your organization to create structure for your unstructured data? Beginning with a full inventory of the personal data companies house, the CCPA puts companies on the path to not only knowing what data they have collected, but also fully understanding and recording how they use or share that information.

While we understand that most transactions and engagements today involve a greater exchange of personal information than in the past, the need to have a valid reason for collecting this data should be closely scrutinized by the companies collecting it. When you think about it, a secondary benefit of the CCPA is that it will help companies define their focus by zeroing in on the quality of the data a company has – and not just the volume of information it gathers. (The General Data Protection Regulation, GDPR, is having a similar impact.)

If your company's data operation includes processing unstructured data, you are likely challenged both by how to create structure for the data you must maintain and by how to dispose of the "extra stuff." It's obvious you cannot address the full spectrum of your organization's privacy risks if you don't fully understand the information you currently house.

We encourage you to view the new requirements as an opportunity to take control of the true data your company requires to do business — and put in place transparent processes that allow you to meet your compliance obligations and close trust gaps.

The CCPA and similar laws are mushrooming across the country and expose where privacy regulation is headed, with many states inclined to give consumers greater control over their personal information. The takeaway from the flurry of activities is that companies should not delay their compliance preparations. Instead, they should begin to draw up their roadmap for how they plan to respond to consumers' privacy rights given their business practices.

With varying priorities and strategies for tackling privacy requirements, given that no business is exactly alike, there are still baseline rules to go by. Start with knowing what is done with the personal information that your organization has collected, document a business purpose, and identify the source of the information and who has access to it. Do not delay — when will you have time to structure your unstructured data if not now?For more information on Armanino's data privacy, inventory and mapping solutions visit Risk Assurance & Advisory Privacy Services.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Authors
Resources
Related News & Insights
IPO Prep & SOX Compliance: Instacart & Armanino Share Hard-Earned Knowledge
Webinar
Know your compliance requirements today to avoid obstacles tomorrow.

December 16, 2021 | 11:00 AM - 12:00 PM PT
General Contractor Trends to Consider in 2022 Webinar
Webinar
Hear from experts how you can better manage your subcontracts — and more.

December 16, 2021 | 10:00 AM - 11:00 AM PT
Why COP26 Matters for Your Business Webinar
Webinar
Get informed of COP26 developments and how you can act now.

December 15, 2021 | 10:30 AM - 11:00 AM PT