At Slalom, we’ve been helping companies integrate data systems and put data management processes in place to help them comply with the California Consumer Privacy Act (CCPA). This is worthwhile work not only for compliance with the CCPA and other data privacy regulations, but also because it gives organizations better control of vital customer data and lets them demonstrate they take customers’ data privacy seriously.
Customers, of course, care about their data being handled properly. When they ask to see their personal data, they expect that the request will be handled in a professional and systematic way. The data they get back should be complete and accurate. If customers request that their data be deleted, that request should be handled promptly and efficiently. Our integration and data privacy teams at Slalom are helping enterprises put these professional, systematic processes in place.
In these engagements, we follow a straightforward methodology. If your organization is working to address CCPA requirements or simply to put more efficient data management processes in place, you’ll find this methodology handy.
Step 1: Find Your Organization’s Personal Information
The first step for nearly all these companies is discovering where exactly their personal information (PI) about customers is stored. (The CCPA refers to PI rather than the more common IT security term, “personally identifiable information” or PII.) PI, as the name suggests, is information about an individual that is specific enough to be used to identify an individual or household. The information doesn’t have to be a name or phone number. It could be customer information such as geolocation data, an IP address, browsing history, or employment history.
Most large organizations have this type of information distributed across dozens or even hundreds of applications and data repositories. So the first step is tracking that information down and identifying all the applications and repositories involved with PI.
Step 2: Rationalize Personal Information
Next question: Does the business need all this data to be so widely distributed? Can data sources be combined or even eliminated? In other words, can the organizations streamline its collection and storage of PI? That’s going to help with compliance, and it’s likely to improve data quality and reduce operational expenses along the way.
You might decide you’re going to keep some data, but you’re going to anonymize it. Other data you’ll keep in its personal form, and still other data you might decide you no longer need.
Rationalize your data. Keep what you need. Delete the rest, and reduce your regulatory exposure.
On April 29 at 10 a.m. PDT, join Boomi and Slalom for a live webinar to learn how a policy of Privacy by Design can help your organization save money, reduce risk and better serve customers. Register here.
Step 3: Integrate Personal Information with a Privacy Portal
Once we’ve identified all the sources of customer data, we need to integrate those sources with a central system for managing queries triggered by a CCPA process.
At one large retailer we’ve been working with, we helped our client use the Boomi Platform to build integrations to almost forty data sources of customer information. We’re also using the platform to integrate with a front-end service designed to support CCPA requests from consumers.
When a customer submits a query through this service’s portal, the portal will pass the query through Boomi to the target data sources of customer information. Some of the target systems have API automated responses, but others require manual intervention.
For all those manual responses, Service Now is leveraged to create and manage a service request. Once all the sources respond, Boomi aggregates all the responses to provide a single answer for the customer. Boomi then passes that aggregated response back to the portal, enabling the customer to see what data, if any, the company has collected about them.
The whole process is designed to deliver a response well within the 45-day time limit established by the CCPA.
This client was already using Boomi to manage its EDI transactions with its trading network, so using Boomi as the integration platform between the customer-facing privacy portal and ServiceNow seemed like a natural choice.
The entire workflow – from the privacy service front-end to the Boomi Platform to ServiceNow and connections with data sources – is designed to scale easily. For example, if the client adds another application or data storage service for customer data, the client can make an entry in their Configuration Management Database (CMDB) platform, and that source can then be added to the list of sources requested by ServiceNow. We can add an app in a matter of minutes, ensuring that the company always has up-to-date, complete information about its customers and their data.
Step 4: Demonstrate to Consumers You Take Their Privacy Seriously
In our daily work, we’re busy building integrations and workflows. But it helpful to stand back and review the experience of consumers, whose privacy these new regulations are trying to protect.
With a privacy service front-end in place and Boomi integrating with ServiceNow behind the firewall, we’ve got a fast, effective, and user-friendly way for consumers to request a report on their information, receive that report in a timely fashion, and make any requests for deletions in a systematic way.
What this demonstrates to consumers is that the organization respects their right to privacy and is willing to invest IT muscle in honoring those rights as required by law. In a world where consumers value brands for respecting their privacy and avoiding data breaches, adopting a policy of Privacy by Design – building data privacy into all aspects of IT architectures by default – should pay off in terms of customer loyalty and customer trust.
Summing Up
Having worked with leading enterprises on their CCPA initiatives, here’s my advice for companies working to address new data privacy regulations:
- Figure out where your data lives and integrate early.
- Connect to all sources of customer data. If some of those sources are obsolete, shut them down. Keep just the data you need.
- Build an efficient process for collecting data and presenting it to whoever needs to see it, whether that’s compliance officers, marketing teams, or customers themselves.
- Adopt Privacy by Design as an IT strategy, and integrate, manage, and secure new data sources as they come online. Let customers see you take their privacy seriously.
Data privacy regulations create data governance challenges, but they also create opportunities for improving data management and impressing customers. Seize those opportunities and you’ll deliver benefits for IT, business units, and customers.
On April 29 at 10 a.m. PDT, join Boomi and Slalom for a live webinar to learn how a policy of Privacy by Design can help your organization save money, reduce risk and better serve customers. Register here.
For more information on how we can help your organization address its data privacy challenges, contact the integration experts at Boomi or Slalom today!