Compliant Data Masking

 

 

Find and Protect PII Everywhere

What are some of the key provisions of the California Consumer Privacy Act (CCPA) of 2018?

1798.105

(a) A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.

(b) A business that collects personal information about consumers shall disclose, pursuant to subparagraph (A) of paragraph (5) of subdivision (a) of Section 1798.130, the consumer's rights to request the deletion of the consumer's personal information.

(c) A business that receives a verifiable request from a consumer to delete the consumer's personal information pursuant to subdivision (a) of this section shall delete the consumer's personal information from its records and direct any service providers to delete the consumer's personal information from their records.

1798.110

(a) A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the following:

  1. The categories of personal information it has collected about that consumer.
  2. The categories of sources from which the personal information is collected.
  3. The business or commercial purpose for collecting or selling personal information.
  4. The categories of third parties with whom the business shares personal information.
  5. The specific pieces of personal information it has collected about that consumer.

This suggests the need for software capable of finding and classifying, de-identifying or removing, and auditing changes to customer records. All of these features are in the affordable IRI FieldShield, CellShield EE and DarkShield data masking products, or the comprehensive IRI Voracity data management platform which includes them.

The penalties for non-compliance are severe, and failing to comply is an option no business should take. As enforced under 1798.150:

Affordable static data masking software from IRI will help you comply with the CCPA, as it includes:

  • state-of-the-art data searching, profiling and cataloging functions
  • multiple redaction, encryption, pseudonymization and other de-identification methods
  • the ability to extract, structure, reformat and deliver PII from various sources
  • peer-reviewed re-ID risk scoring algorithms to determine tghe risk of re-identification based on quasi-identifiers
  • automatic, query-ready audit logging of the above jobs to support compliance verification