In-House Attorneys: Defensible CCPA Compliance Begins With a Data Inventory (Adv.)

Do you really know your data? It’s an important question that in-house counsel must ask to help determine their readiness for complying with the CCPA and other pending privacy regulations. Effective and defensible compliance begins with a data inventory—developing it if you don’t have one, and organizing it if you do.

The foundation for compliance with any data privacy or cybersecurity regulation is an understanding of:

  • What sensitive data you have
  • How that data is collected
  • Where the data resides
  • Who has access to the data
  • Which third parties have access to the data

Without a comprehensive data inventory, it’s practically impossible to answer those questions—which makes privacy compliance very difficult.

Why a Data Inventory Matters for In-House Counsel

Data lives across all areas of all different departments: legal, IT, marketing, services, sales—everywhere. It also often lives in places many of us aren’t even aware of; IBM research suggests that as much as 80% of data is “locked” into a format that makes it difficult to readily analyze. This emphasizes the importance of engaging leaders across the organization to help understand what is being and has been collected, with whom that data was shared, and where it currently resides.

Who to Involve in Developing or Maintaining Your Data Inventory

Creating or maintaining a data inventory requires a special project manager, or team (a committee of managers, for example) to help enforce data hygiene rules among departments. This team or individual would engage with key stakeholders across the business to better understand their practices around data and create a streamlined process for handling that data. The most effective and efficient way to handle your data inventory would be to use a software platform that can handle end-to-end collection and analysis of that data.

Technology’s Role

Since all of the questions surrounding compliance to data privacy regulations start with the organization’s data map, it needs to be built the right way. This means organizations should use their tools and technology to stay flexible as these laws evolve, thus keeping the data inventory modern and actionable.

With the right mix of people, processes, and technology, implementing and automating routine maintenance of your organization’s data can become an efficient way to comply with new privacy laws. 

Download this guide to learn more about how to maintain an actionable and compliant data inventory at your organization.

* Like this? Click here to get our weekly email featuring in-house news, jobs and announcements *

Do NOT follow this link or you will be banned from the site!