
This is a Brave New World


Richard Mendoza, Director, Data Privacy & Regulatory Compliance, Realogy Holdings Corp
The most over used phrase in this brave new world of the never-ending mission to monetize information is that “Data is the new Gold Rush”. Is it really? Can companies really benefit and profit from massive data stores? The push for organizations to develop the appropriate algorithms and analytics platforms that process data and provide the trending analysis and predictive models to all corners of their respective businesses have hit a major snag. The music is about to stop, and many organizations will not have a chair! The California Consumer Privacy Act (CCPA) looks to apply similar data privacy controls and legislation currently being promulgated within Europe (General Data Protection Regulation) to companies and enterprises doing business in California (CA).
This is the most comprehensive data privacy legislation seen in the U.S. in decades and comes at a time when the need for qualified staff, tools, and appetite to complete the necessary projects are at an all-time low. This law has weight based on the size of CA, reach of their economy, and potential punitive damages. This shift in philosophy starts with all of us in different businesses realizing this new world where any information pertaining to an individual will need to be protected as if it were at the highest levels of sensitivity. An individual’s personal email address will be treated the same as their social security number! This paradigm shift will put emphasis on U.S. organizations’ need for appropriate technical and organizational measures and spend your resources on areas that create the biggest risk to the individual and enterprise.
​Eliminating legacy data will help your company mitigate risk and implement data minimization philosophies asking why you are collecting sensitive data and if you need it
The likes of Google and Microsofts of the world are clearly the focus of this legislation, most likely. It is important to know the Attorney General’s office of CA will be charged with enforcing the law, and all fines resulting from punitive damages will find their way into the AG coffers to fund future enforcement and enhancements required. They are going big game hunting. This tells me an aggressive approach will be taken, and we will not get much leeway on findings. The law becomes effective on 1-1-2020, but chatter from AG’s office and in the community is that it will not be fully enforced until July of 2020, but with a 12-month look back. We are on the hook as we speak, so no time to waste to ramp up. The largest risk associated with this law is the ability for people to stop the selling of their information. This will need to be displayed on their client facing website home pages, and a link/button will need to be available to data subjects to opt-out of selling their information. This will also require additional back-end processes, so additional management will be necessary. The other major item which will need to be solidified, as final guidance will not be issued until October, is that “selling” information does not necessarily pertain to monies changing hands. The term selling is anything of a “valuable consideration”, so sharing information between brands, organizations, and preferred alliance partners will be impacted.
So, what do we do now? I hate when folks come to me with problems and no solutions, so I don’t want to be that person. Let’s look at this in a pragmatic way and look to apply “appropriate technical and organizational measures” for the risk the data poses to the data subjects. The first phase will be to understand where your sensitive data resides and define your critical assets and applications. The ability to understand your data inventory is critical for the CCPA and will allow you and team to fulfill data subject requests and inquiries (for instance, Right to be Forgotten). This will give you a roadmap to apply your resources in the most efficient way. The next step is to start to look at ways that reduce risk and have far reaching tentacles. A specific example would be encrypting data in-transit and at-rest. These types of enhancements are in-expensive and can be implemented relatively quickly. This will help your organization significantly reduce the risk of an unauthorized breach because encrypted and/ or obfuscated data will not be in-scope for potential regulatory or compliance notifications. Another big step you can take is to apply data minimization principles and start to purge data that you no longer need. Most organizations tend to keep data much longer than necessary. So eliminating legacy data will help your company mitigate risk and implement data minimization philosophies asking why you are collecting sensitive data and if you need it. My last suggestion would be aligning with your legal team and having an assessment done to help find gaps, and provide more ammunition for your team to solve additional concerns.
"The most over used phrase in this brave new world of the never-ending mission to monetize information is that “Data is the new Gold Rush"
To make this work, you need good partners knowing what you don’t know. In the end, good solid Information Security and Data Privacy principles/techniques applied will get you close to the finish line, and with buy-in from management will get you the rest of the way. Don’t let great get in the way of good!
See Also:
ON THE DECK
Featured Vendors
TraceAir Technologies: Empowering the Least Tech-Savvy People with Tools and Data On Construction Sites
Info Tech: Developing Internet Bidding and Construction Management Software to Satisfy Unique Busines
GadellNet Consulting Services: Accessible IT Solutions for Application Development, Infrastructure De
Critical Business Analysis (CBA): Creating and Delivering Resource-Optimized, Risk-Adjusted Enterpris
Paperless Environments: Eliminating ‘Roadblocks’ in Document Imaging, Content Management and Work
Jonas Construction: Software Driving Service and Project Management through Web Based Cloud Solutions
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Balancing Innovation and Standardization
Leveraging Quality Engineering and DevOps to thrive in the face of...
Pioneering the Future Through Technology Innovation
Reimagine Naval Power
The Shifting Enterprise Operating System Ecosystem Is Helping...
Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.
