BlogIf you think data privacy compliance is expensive, try non-compliance

Data & Storage - Delivering Digital Transformation

All IT organizations must come to terms with data privacy compliance. Unfortunately, most companies are not ready for these user privacy regulations and are holding vast stores of unstructured data with no means to identify and specifically delete any of it.

That is why ASG is helping our customers with classifying their business data, so they can classify, search, manage, and remove any non-compliance. With the California Consumer Privacy Act (CCPA) statute, companies must locate and secure “private” data. This legislation takes a broader view than what GDPR constitutes as “private.” With CCPA, companies need to answer:

  • What personal data do you collect?
  • What are your methods for data collection?
  • Where and how do you store this data?
  • Do you share the data you collect? If so, with whom?
  • Do you sell the data, provide in exchange for a service, or used for a different purpose?

ASG believes that organizations should simplify and streamline the compliance processASG believes that organizations should simplify and streamline the compliance process. For starters, to simplify data privacy compliance enforcement, we recommend using policy-based automation that protects, minimizes, locates, and monitors all the data. After analysis, duplicate or unused files can be deleted and move sensitive data can be migrated to a different storage location.

We also point out to our customers that mass data fragmentation really hurts the ability to comply with PII, GDPR, and CCPA restrictions. To ease the compliance process, ASG highly recommends converging data onto a single software-defined platform. IT operations like backup, file sharing/storage, provisioning for test/dev, and analytics are usually in separate infrastructure stacks with no central visibility or control. Data is fragmented across and within these silos. And the last thing an organization needs when dealing with compliance is the spread of PII sensitive data all across the data center.

Fingerprint data files.Classifying data ¾ which is necessary for both compliance and any data reuse ¾ is much more complicated when the data is spread across multiple silos. No surprise, compliance is an area where the public cloud is even more of a hindrance. As a result, ASG is working with data catalog technology that uses machine learning (ML) to automate metadata discovery. The technology can “fingerprint” data files and then use rule-based policies to accurately and efficiently tag large volumes of data based on common characteristics. This new approach recognizes and labels any similar non-compliant data regardless of file formats, field names, or data sources.

Here at ASG, we can help your organization identify and manage compliance data. We have been assisting organizations with eDiscovery solutions to meet governance requirements in a more simplified fashion for the IT organization. It is important to know what data you have, who uses it, and how frequently to optimize it according to the archiving strategy. ASG predicts there will be a push to make data classification more pervasive, as it addresses compliance, risk management, and data governance.

About the Author

Mark Teter, Corporate Technologist

Mark Teter, Corporate Technologist

In his role, Mark is responsible for the strategic direction of ASG’s emerging technology offerings and advancing the deployment of present-day hybrid cloud solutions for our customers. Mark has served as Faculty Staff Member at Colorado State University and has written over 50 white papers on subjects including Data Center Ethernet, Linux and Open Source, Storage Area Networks and Computer Virtualization. He published Paradigm Shift in 2006, a book on emerging technologies. He is a Google Certified Professional Cloud Architect.