When less identifiable data means more competitive advantage
Compliance with the Act requires certain foundational efforts, including, among other things, identification of impacted individuals and their personal data, where the data resides, as well as third parties with whom it is shared. Further, the holder of the data must identify and document the provenance of the data and its use.
Companies may use the same work streams that create the foundation for compliance to both optimize their internal processes and maximize the value of identifiable personal data to their business. These measures lead to competitive advantage by creating a data-lean organization that maintains only the personal data needed to add value. The costs in time of maintaining extraneous and identifiable data means that data must be parsed in order to respond to a data subject’s request, or worse, the data could be unnecessarily exposed in a breach situation.
In contrast, the data-lean organization may uncover that personal data slated to be deleted could be retained as an asset. Through the process of de-identifying (anonymizing) data but retaining it, a data-lean organization may continue to gain value in enhancing the customer experience, creating new products and services and informing new markets without the burden of data subject to rights or breach exposure. Leveraging anonymized data and understanding the correlation of activities, both current and prospective, may offer new opportunities for incremental revenue or cost savings.
Insights gained from anonymized data that may be retained indefinitely can provide a competitive advantage that may come in the form of enhancing the speed to market for a new solution or through back-testing plans against anonymized data to validate assumptions. It may also come in the form of data insights enabled by correlations between current personal data and anonymized retained data to support a given use case. This is a value proposition that is broader then compliance with the CCPA, but supported, in great part, by an organization’s foundational efforts to identify, understand and position the company to act on the personal data it collects.