By Dean Sappey, DocsCorp President and Co-Founder
The CCPA is a welcome advancement to the rights of Californians in light of the trend of turning their personal data into a commodity that can be bought and sold. However, the California Department of Justice has estimated the CCPA will affect up to 40,000 businesses and that the compliance efforts could cost as much as US$55 billion. Therefore, it’s essential your organization takes steps to a) ensure it meets the requirements of the new law, and b) uses technology to keep compliance costs down.
As a result, businesses that collect, use, and sell data (and fall under the CCPA’s reach) must be able to comply with several new requirements. One of those is being able to meet the rights of Californians to know and request access to the personal information your business holds. And it’s not just the types of information you have, it’s their specific details, like name, email, IP address, employment history, biometric information, or geolocation.
The data that will be hard to find
Personal details are so often included in signed contracts, proofs of ID, and other scanned documents that so regularly end up saved in Worldox. These are image-based files (PNGs, JPEGs, image-based PDFs) that lack the text layer needed for search and indexing technology.
To respond to consumer requests to see, access, and delete personal information collected by your business, you need to be able to search 100% of the contents of saved files. Otherwise, you risk missing sensitive data that could put you at risk of non-compliance with data storage and retention requirements.
Readying your data for the CCPA
The best first step for any organization working towards CCPA compliance is to get a complete picture of how personal information is collected, shared, and sold. You will need to identify internal data flows, storage, and transfers so they can be tracked and monitored. Your internal systems and workflows should have data privacy measures built-in, an approach known as ‘Privacy by design.’ And, importantly, you must know and follow the correct retention and destruction timeframes for your data. (The Worldox Bulk Archiving Connector can assist with electronic retention by securely archiving large numbers of antiquated documents.)
A comprehensive data mapping exercise would involve detailing the following:
- What type of data is present?
- Who can access that data?
- Where the data is located?
- Why the data is being kept?
- How long is the data kept for?
Use the library services in Worldox to help you organize and improve the way you save, catalog, and retrieve files. The full text retrieval feature will be helpful here too, since it searches documents using concepts – not just categories – making them easier to find.
Convert your non-searchable image-based files to PDF
Automation can, fortunately, simplify and speed up the process of converting your image-based files to text-searchable PDFs.
An automated OCR processing tool can crawl files stored in Worldox, find those that aren’t searchable, OCR them, and apply a layer of text to ensure all the content can be found. It’s an end-to-end process that can run 24/7 without staff intervention. The benefits being:
- All documents are discoverable and indexed for searching
- Data retention policies can be applied to 100% of files, including image-based documents
- Every file can be searched in response to requests for access or deletion of data
contentCrawler for Worldox can OCR all newly-profiled and legacy files are fully text-searchable without creating any additional steps for staff. Processing happens silently behind-the-scenes, ensuring 100% of documents saved into Worldox are found and processed.
For many US businesses, the CCPA will be the first taste of stricter controls around the collection and use of personal data. European and UK companies experienced something similar when the GDPR was introduced in 2018, though there are substantial differences between the two laws and you can’t assume that if you’re compliant with one then you’re compliant with both. Take steps today to ensure your data is 100% discoverable and ready to support your CCPA goals.