Armanino Blog

Is CCPA Making Sense of Unstructured Data?

by Pippa Akem
July 16, 2019

Is the California Consumer Privacy Act (CCPA) forcing your organization to create structure for your unstructured data? Beginning with a full inventory of the personal data companies house, the CCPA puts companies on the path to not only knowing what data they have collected, but also fully understanding and recording how they use or share that information.

While we understand that most transactions and engagements today involve a greater exchange of personal information than in the past, the need to have a valid reason for collecting this data should be closely scrutinized by the companies collecting it. When you think about it, a secondary benefit of the CCPA is that it will help companies define their focus by zeroing in on the quality of the data a company has – and not just the volume of information it gathers. (The General Data Protection Regulation, GDPR, is having a similar impact.)

If your company's data operation includes processing unstructured data, you are likely challenged both by how to create structure for the data you must maintain and by how to dispose of the "extra stuff." It's obvious you cannot address the full spectrum of your organization's privacy risks if you don't fully understand the information you currently house.

We encourage you to view the new requirements as an opportunity to take control of the true data your company requires to do business — and put in place transparent processes that allow you to meet your compliance obligations and close trust gaps.

The CCPA and similar laws are mushrooming across the country and expose where privacy regulation is headed, with many states inclined to give consumers greater control over their personal information. The takeaway from the flurry of activities is that companies should not delay their compliance preparations. Instead, they should begin to draw up their roadmap for how they plan to respond to consumers' privacy rights given their business practices.

With varying priorities and strategies for tackling privacy requirements, given that no business is exactly alike, there are still baseline rules to go by. Start with knowing what is done with the personal information that your organization has collected, document a business purpose, and identify the source of the information and who has access to it. Do not delay — when will you have time to structure your unstructured data if not now?For more information on Armanino's data privacy, inventory and mapping solutions visit Risk Assurance & Advisory Privacy Services.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Related News & Insights
How Saas Companies can Leverage the Inflation Reduction Act to Boost Growth in 2023
Increase cash runway and reinvest in your business in 2023.

October 25, 2022 | 10:00 AM - 11:00 AM PT
Accounting Best Practices for Crypto Startups
Virtual event covering the best tax, audit and risk management methods for crypto startups.

October 20, 2022 | 10:00 AM - 11:00 AM PT
Sage Transform VIP Experience
Live Event
VIP luncheon for top finance executives attending Sage Intacct 2022.

October 12, 2022 | 09:30 AM - 10:45 AM PT