tiero - Fotolia
The California Consumer Privacy Act, or CCPA, is generally focused on ensuring consumers are informed about the data collected on them and how that data is used. It also enables consumers to opt out. In addition, CCPA has specific verbiage around organizations taking measures to ensure data isn't breached or stolen.
In general, CCPA compliance doesn't sound like it's important to backups. But there are some specific ramifications it has on backups and backup storage.
- Service availability: CCPA empowers consumers to be able to inquire about the consumer data an organization holds. Organizations are given a reasonable amount of time to respond to requests for CCPA compliance. All this implies the applications and systems storing said data are up and running. Now, consider that these applications may not be critical to the business, such as a marketing automation platform. Sure, it's important to marketing, but it's not necessarily mission-critical. The impact on backups is a reduction of both the recovery time objective and recovery point objective for these applications. This will result in greater backup storage requirements.
- Security availability: One of the implications of CCPA putting penalties in place should a data breach happen is an organization must continually maintain security. So, the entirety of your security configuration that affects the systems and applications hosting consumer data must be backed up. This includes directory service accounts and security at the OS, application and file system levels. Like service availability, this work for CCPA compliance may result in more backups necessary to ensure an organization can bring security back to a known-good state.
- Forgotten data: Should consumers request removal from an organization's databases, which they can under CCPA, once they are removed, backups of that new state of the data are necessary, as they will be the earliest the organization can go back to. Think about it: If you were to recover to a point earlier than the deletion, you'd be working with a version of the database that now reincludes the forgotten consumer. You can't do that under CCPA, so removals of data may require additional backups.
The question remains: How much will CCPA compliance impact backup storage? It really depends on what your backups look like today. I can see some organizations realigning business processes and backups to ensure adherence to CCPA without needing to materially increase backup storage. However, I also believe that, to be compliant, some new backup data sets and frequencies will need to be established.
Dig Deeper on Data backup security
Related Q&A from Nick Cavalancia
Disaster recovery planning is an ever-evolving process, and organizations should be aware of new threats and tools. Ensure that your strategy isn't ... Continue Reading
Cloud disaster recovery is accessible, affordable and reliable and has become a strong alternative to on-premises DR. In some situations, it may even... Continue Reading
Backup for Salesforce is available from several third-party vendors. Why aren't a lot of organizations doing it? Explore some of the many reasons why... Continue Reading