We have all heard about GDPR (General Data Protection Regulation), which came into force on May 25, 2018. Its many strict rules for personal data privacy required organizations to do complete audits of their internal systems and processes, which led many to implement new solutions to help them comply. Now, many organizations will also have to understand and prepare for the CCPA (California Consumer Privacy Act), which goes into effect on January 1, 2020.
Under this new law, companies that do business in California with annual gross revenues of $25M or more and that collect consumer personal data will be required to adhere to this new regulation. Organizations typically consider only their structured data, residing on information systems and in databases. But what about business solutions that provide access to consumer personal data that is locked in scanned documents or unsearchable PDFs? According to technology insights company IDG, the challenge of managing unstructured data is increasing – rising from 31% in 2015 to 45% in 2016. Further, Data Loss Prevention (DLP) initiatives are being researched (32%) or in various stages of implementation (57%) in organizations whose CISOs were surveyed.
When customers fill out a form or submit correspondence, in addition to the electronic data stored on the customer, it’s likely there is sensitive data stored in the electronic documents associated with that customer record. This is an example of the unstructured data that must be accounted for in a holistic customer data privacy strategy. Solutions that account for the information in the electronic database only address 90-95% of the problem. Therefore, these “solutions” aren’t actually solving the whole problem in that they don’t address the unstructured content that holds the sensitive personal information on your customers that you have vowed to protect.
Our recommendation is to make sure that you deploy a solution that includes a state-of-the-art OCR engine that can unlock the dark data stored in documents that your electronic solution cannot currently access. This reduces the risk that consumer personal information is being inadvertently stored within your servers, subjecting your company to unnecessary risk and potential fines.
If your current solution doesn’t include OCR technology, we provide a server solution that integrates with your systems, modernizing and shedding light on the dark data locked in TIFF or PDF files. This allows you to make electronic documents searchable and also super-compress the file size (reducing up to 75-90% of the original) which is an added benefit when you realize cost savings on storage.
At first glance, you may think that this doesn’t apply to your organization if your company isn’t doing business in California or Europe. While that may be true today, there are at least five other states (Hawaii, Maryland, Massachusetts, Mississippi and New Mexico) that have introduced privacy laws that mirror California’s CCPA. This number is expected to double in the next year.