Who doesn’t have a drawer full of items they might need at some point but haven’t used in months or even years? We’re all familiar with unintentional hoarding of things that may have been useful at one point but end up collecting dust and taking up unnecessary space. The same is true of data, but holding on to it for too long can have serious consequences.

With the California Consumer Privacy Act (CCPA) in full effect, organizations and consumers need to start thinking about it. The repercussions of failing to meet compliance requirements are severe, with fines of more than $7,500 for each violation. But the ramifications of disorganized data can impact a business far beyond paying consumers financial settlements for noncompliance.

Think of that drawer of miscellaneous items. Now think of a data center and the vast amount of information it holds. While it may seem like a good idea to hold onto that data for deeper consumer insight to guide marketing and advertising, under CCPA, this may do more harm than good.


Under the new regulation, there are several conditions organizations must meet to ensure they do not mistakenly sell data that was flagged for deletion. The regulation also looks at data that may be difficult to access — another compliance risk, as businesses face penalties for not producing consumer data upon request. Businesses may also have data they don’t even realize they have.

This unseen information is often referred to as dark data, and virtually every organization is guilty of having it. Under CCPA, this data must be brought into the light, or organizations face harsh punishments that can ruin customer trust and impact their bottom lines. A fundamental way to avoid this is by knowing what data exists and understanding its use.

What Data and Where Is It Stored?

Asking these two questions can help a business understand where they might be falling short in ensuring data privacy for their customers. While regulations such as CCPA and the General Data Protection Regulation (GDPR) have pushed companies in the direction of answering these questions, most organizations have focused more on technicalities that would make them more compliant to the regulations without taking a holistic view of the data they have and whether they are using it efficiently. This is critical, not only for ensuring business performance, but also for building trust with customers.

Although compliance may be frustrating to deal with, and the punishments for noncompliance may be severe, being forced to reckon with available data can uncover new use cases and allow an organization to hone in on the data that is actually delivering value. For example, outdated information may focus on old consumer interests, thereby guiding misdirected targeted advertising campaigns. When you have the most relevant data available and accessible, it is easier to understand your customers and to build stronger relationships with them.

But What Can Companies Do?

Companies must get it right the first time. Customers don’t appreciate irrelevant marketing messages and may be more inclined to request their data be erased. Businesses must focus on what’s important to their customers.

With CCPA in effect since January 1, most organizations should be in compliance and assessing the value of their dark data. And it’s critical they start because, in the near future, more state-led regulations will appear, demanding more transparency on consumer data outside of California.

This shouldn’t be too drastic a change for international companies dealing with compliance challenges like GDPR. The true challenge is forcing businesses to change their thinking about organizing and using data. Hoarding unclassified data has a negative impact on businesses if they can’t produce results for consumers under the regulation.

We all know digital transformation is accelerating the speed of business. But it also opens up vulnerabilities that reinforce the need to respond to regulations and ransomware. Understand what you have and view and act on it.