A Perfect Storm: The “New Normal” in Business and CCPA Compliance Enforcement

Today we’re operating in what many are calling the “new normal,” with businesses adjusting to a reality of remote workforces, business continuity concerns, and increased attacks from those wishing to exploit vulnerabilities as we transform operating models to stay safe and healthy while remaining productive during a global pandemic. 

But even before today, pressures to maintain data privacy were already top of mind, thanks to a greater volume of data, a growing number of users needing to handle business-critical data generating more risk, and increasing opportunities for data abuse. New data types which weren’t considered personal or sensitive data risks when kept locked up, now create greater risk exposure when shared online. With more digitization of personal data—such as health records accessed in mobile apps, online bank accounts, IoT data streaming off cell towers into data lakes, connected cars reporting health—there is a greater potential for loss or misuse. 

Global partner and supply chain ecosystems and customers still need to stay connected, but face new threats with remote workers operating outside the usual network boundaries and often relying on personal devices and shadow IT. And while opportunity for abuse had already been growing, the pandemic has put unprepared organizations on notice: faced with the need to shift an entire workforce to this new work-from-home model, because personal health and bias for action from decentralized decision making now takes priority over group decisions and measured due diligence. 

In the midst of increased change, data-hungry applications, applying AI and machine learning, were already a critical part of digital transformation to deliver faster, more efficient, computing. This automation will continue to drive businesses to innovate, enabling new products and services, and business optimization—but can it all still be done safely? 

Moving forward in the new normal requires increased trust 

Today we have a perfect storm. Everyone is talking about uncertain and vulnerable conditions: handling sensitive data, business relationships that seem new, and low confidence from consumers who, more than ever, need assurances that their data can be trusted even when business models are changing so rapidly. 

Consider a few key questions being asked today: how would you respond? 

  • With increased mobile and remote workforces, organizations that previously were hesitant about work from home programs are now thrust into them—how ready are you for this new challenge to protect sensitive data on untrusted networks? 
  • Hackers and other bad actors who were already targeting enterprises now have additional attack surfaces to exploit—is your workforce using company networks and devices properly to maintain protected data handling?
  • Employees are now dealing with greater anxiety, particularly where decision making around sensitive data may not always include the necessary controls for privacy assurances—how is your data being used? By whom? Where? 

Now is the time to take a pause and address data risks that were there all along but may now be increasing due to heightened business risk conditions, coupled with new privacy enforcement mandates. 

Even as organizations are at a crossroads, the General Data Protection regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar mandates remain a forcing function to control proper data exposure. Consumer trust and loyalty were already under pressure with privacy compliance becoming a differentiator for some and a major liability for others. The new normal, along with increased privacy legislation, have combined to raise the bar on trust assurance challenges. 

With the retail, travel, and hospitality sectors—amongst others—being under increased pressure, now’s the time to ask whether trust is your differentiator to maintain customer experience and loyalty, and continue your digital transformation? Or whether a lack of data trust and transparency is a blocker to maintaining customer stickiness and gaining greater transparency to deliver the products, services, and solutions your customers and partners need? 

The perfect storm drives the need for automation to accelerate privacy and trust 

Privacy compliance, while something we have to do as the CCPA starts active enforcement July 1, is not just a “one and done” task—you need to scale out your privacy program to stay ahead of each new mandate and adapt to today’s evolving landscape, whether COVID or the next major unpredictable event. Simply burying one’s head in the sand in apathy has very costly consequences. Let’s have a look at data subject reporting

While data protection is a critical aspect of avoiding a data breach or misuse, there is also a real cost in handling data subject rights requests from your loyal customers as the CCPA begins enforcement and the GDPR continues on. And this requires transparency into data access and use across your organization. A major industry analyst firm points out in a survey last year on the GDPR that this activity can represent a potential outlay of $1,406 per request to handle inquiries manually, on a case-by-case basis. Without an automated approach to privacy compliance, the costs to manage data subject requests at scale can quickly overwhelm unprepared organizations. And to do that, you’ll need to take advantage of automation and AI to find customer data across your organization and report on its use, or risk privacy regulatory violations with fines and brand reputation at stake. 

With increased privacy regulation, consumers are becoming more aware of rights to take control of their data, and as a result, the GDPR is already demonstrating the day-to-day ongoing business costs that can start to pile up. This will only increase for the CCPA and other mandates, as they compound policy obligations for data privacy controls globally. 

However, operationalizing your data privacy governance approach with automation and AI enables the ability to respond more quickly to information access and use requests, minimize costs over time, and avoid compliance violations that result in fines and scrutiny from both customers and auditors, along with lost customer loyalty over the long term. 

The perfect stormhas clouds with a silver lining 

While the challenges of operating in a pandemic and meeting new compliance goals sound grim, believe it or not, there is a silver lining (no, really!). The effort you make today towards improving compliance readiness by responding to privacy mandates, and lowering risks of data abuse, also lays a foundation for improved data governance that enables safe value creation. As a data steward, you want a more mature approach to data privacy, because the work you’re doing helps improve value creation opportunities, maintaining trust with customers, partners, vendors, and the like. 

Trust assurance is critical to your overall success. While you could simply look at privacy controls as a cost of doing business, your efforts help improve data use transparency, allows you to better understand customer data, and improves product and service offerings even as you also put privacy risk exposure in the rearview mirror. 

It’s in every organization’s best interests to be proactive about installing or updating privacy controls while improving existing policies, because citizens are no longer blaming the hacker or the insider who abuses data—it’s now simply the brand reputation of the business that suffers. Best-case scenario is a short-term boycott that impacts shareholder value; however, long-term, customers may simply stop buying products and services, and shift their loyalty to a trusted brand, undoing years of brand equity built at great cost and effort. 

More good news: surveys show that organizations that demonstrate trust in handling and protecting customer data responsibly can expect 5x increased access to the personal information that helps drive long-term customer loyalty through improved engagement. Additional stats show that for every privacy dollar spent, there’s a 2.7x return on average. Privacy is good for business! Here are just a few examples of how trust drives business value: 

  • Safely democratize data use with your data marketplace, enabling it to drive business optimization, new products and services, for wider responsible enterprise use that generates revenue. 
  • Move workloads to the cloud, taking advantage of opex reductions and elasticity, when trusted data with privacy controls can run on economical publicly hosted platforms. 
  • Unleash data analytics, taking it out of the hands of data scientists by enabling value-creation opportunities from new insights or drive business optimization when used responsibly across a global organization. 

Informatica’s summer launch extends the power of the platform to keep data safe and unleash its value 

As a trusted vendor with more than 25 years of integrated data management leadership, the Informatica platform enables consistency for enabling data privacy and protection across your business transformation programs. So even as you continue to build out a data privacy governance approach amidst uncertainty, you have a technology partner that offers an end-to-end solution that can stay in lockstep with your shifting priorities and future goals. Whether you need to build trust in your workforce, preserve customer loyalty in times of change, or ensure trust in data that accelerates rather than blocks your digital transformation, you have the ability to navigate today’s new normal. 

The goal is to achieve sustainability. And while you could try to cobble together various point solutions, Informatica offers a framework that enables you to continuously improve your approach by bringing together a complete offering for managing policies, discovering data, mapping data to identities, analyzing risks, and automatically remediating them. 

By offering an integrated platform, we can help enable a complete journey for understanding and defining data in order to prioritize risks, and then automatically orchestrate data protection and enable transparency for reporting. Informatica’s end-to-end solution scales with you, leveraging the power of metadata-driven intelligence and automation at each step for an integrated approach. 

With our summer launch to support your privacy journey, we’re introducing critical updates to Data Privacy Management with the 10.4 and 10.4.1 releases, which include: 

  • Privacy Dashboard  expanded insights into privacy metrics, including a one-stop view of privacy operations and call-to-action alerts for critical time-bound tasks, easily switching between the Security Dashboard  
  • New unstructured data scanning agent –for domain discovery, provides 4x performance improvements with natural language processing, keywords and file tags for accuracy, and capture of additional file metadata for greater visibility into data context, supporting data minimization and security operations 
  • More data subject insights – when responding to data subject requests (DSRs), increased visibility into data use including Data Categories, Purpose, Legal Hold status, 3rd-party Sharing, Residency, History, and more to enable transparency and answer questions about context of data use  
  • Subject rights reporting templates – customizable reporting templates, along with subject request history and report purging enables you to efficiently manage DSR/DSAR inquiries and reduce time-to-value (TTV)  
  • Privacy task delegation – reduce the cost of manual efforts, and triage reporting activities, to help ensure rights processes and stakeholders can accelerate your response to data subject requests  
  • Expanded PAM support for the Subject Registry – along with repository and connectivity updates, more insights and support for data integration, enabling faster time-to-value 
  • Enhanced subject onboarding – powered via multiple golden datasets 
  • Breach reporting – for quicker transparency and response. 

Learn More 

We invite you to view our summer launch presentation to learn more how data transparency and protection to automate privacy governance during the new normal can help accelerate trust, increase customer loyalty and achieve your digital transformation goals.