Tools Emerge to Comply with California Data Law
As California prepares to roll out a consumer privacy law regulating how businesses handle customer information, vendors are introducing new compliance tools designed to locate and catalog sensitive data covered under global privacy regulations.
The California Consumer Privacy Act (CCPA) approved last year is scheduled to enter force across the Golden State on January 1, 2020. The privacy law follows the EU’s rollout of its General Date Privacy Regulation last year. Last month, California-based Google (NASDAQ: GOOGL) was fined €50 million for violating GDPR provisions. The huge fine ($56.8 million) sent shockwaves through the tech sector, prompting industry watchers to wonder who would be the next target of European regulators.
With that as a backdrop, vendors are attempting to get a jump on the new California privacy rules with AI-based and other regulatory compliance tools. One of them, data governance specialist Io-Tahoe, released data discovery tools this week that use machine learning algorithms to help track down and manage what the new law refers to as “personally identifiable information,” or PII. The tool also covers other sensitive data covered by the California law, GDPR and other privacy regulations.
Io-Tahoe notes that fines for violating terms of the CCPA also could run into the millions of dollars. Hence, it is pitching an AI-driven platform designed to find sensitive data covered under the new rules, including structured, semi-structured and “some” unstructured formats.
The goal is to “get a handle on what sensitive data [company’s] have, where it is located and why they have it,” said Io-Tahoe CEO Oksana Sokolovsky. “Without understanding this critical foundational component of the enterprise landscape, the required policies and controls to protect data cannot be put in place.”
The platform is built around an AI-based data catalog and what the company calls “enhanced PII” along with a data discovery tool. It also incorporates data governance policies to comply with the California and EU privacy regulations. Those policies are designed to automatically locate personal data stored in enterprise databases, data warehouses, data lakes and in the cloud.
Although the California law does not take affect until next January, the company notes that it includes a “look-back” provision requiring companies to provide records covering a 12-month period preceding the date of a customer’s request to access personal information stored by a company.
As with GDPR, the California regulations require companies to disclose the types of consumer data collected, the reason for collecting and with whom the information may have been shared. Consumers also have the right to demand deletion of any personal data stored by a company. Failure to comply with those demands carries a stiff penalty, according to New York-based Io-Tahoe.
The California data privacy rules are expected to be far-reaching. According to the consultant JD Supra, “The CCPA casts a wide net—it will impact many businesses across the nation, regardless of where the business is located.”