IT Briefcase Exclusive Interview with Io-Tahoe CEO: Get ready for CCPA now, before it gets you

Oksana Sokolovsky, chief executive officer at Io-Tahoe, is an ex-Wall Street senior executive turned entrepreneur. She is an experienced CEO whose technology expertise, combined with business acumen, allows her to bring a unique perspective to developing innovative products, commercializing them and taking them to market.

Prior to starting her own company and co-developing a disruptive ML Smart Discovery product, Sokolovsky held a number of senior roles at JPMorgan Chase, Morgan Stanley, and Deutsche Bank as well as United Healthcare, Instinet, and Barnes and Noble.

• ITBriefcase: Oksana, we’ve heard a lot about Europe’s General Data Protection Regulation, or GDPR. Lots of companies needed to implement additional privacy regulations to comply with the new rules. But now, it appears that…more than ever…American companies will soon find themselves in the same boat.

Oksana Sokolovsky, CEO, Io-Tahoe: Absolutely. California has passed a privacy law called the CCPA…the California Consumer Privacy Act.   It takes effect next January, and it’s largely the American equivalent of the GDPR. Like GDPR, it gives Californians the right to know what categories of personal information a business has collected about them and their children, as well as whether and to whom this personal information has been sold or disclosed. And even if you’re not based in California, the chances are extremely good that your company will be affected by its provisions; your company probably has customers or employees based in the Golden State.

• ITBriefcase: Why should companies be moving to comply with it now?

Sokolovsky: The potential civil penalties from violating CCPA’s rules can easily run into millions of dollars. And if you look at the $75 million dollar fine that the European Union recently levied against Google for not complying with GDPR, it is likely that California’s regulators are going to be aggressive in finding companies that have not lived up to the new rules.

Compliance is not going to be easy. It’s not going to be something that you can just quickly execute right before the deadline. You need to begin your efforts now, if you haven’t already done so.

• IT Briefcase: What’s a good starting point?

Oksana Sokolovsky: Starting off, you need to know what Personally Identifiable Information (PII) and sensitive data is under your company’s control. An overall regulatory compliance solution enables firms to move away from a reactive position and get a handle on what sensitive data they have, where it is located and why they have it. Without understanding this critical foundational component of the enterprise landscape, you can’t put the required policies and controls to protect data in place. Your organization’s data regulation compliance strategy has to include an automated solution for the detection of and the subsequent search of your company’s PII and sensitive data.

• ITBriefcase: Why does it have to be automated?

Oksana Sokolovsky: Because your data load has become too big and too diverse. Organizations today simply have too much data already under their control, across multiple databases in multiple locations. It cannot be done manually. I mean, think about it: let’s say a company has a customer named “Joe Smith” with records about him existing in a marketing database, an accounting database, a customer service database and more. One or more branch offices may have a separate record about Joe, aside from those residing in a central location. If Joe decides to exercise his “right to be forgotten,” and demands that information about him be deleted, you’re required to find all of his records. If you don’t, you run the risk of the GDPR or the CCPA regulators showing up at your door.

To help comply with the CCPA, your business needs automated Smart Data Discovery with an AI-Driven Data Catalog like that available from Io-Tahoe, with full relationship mapping, data flow discovery, redundant data detection and, most importantly, sensitive data detection. Smart data discovery can help you find all versions of the data…even data you didn’t realize was under your control…across multiple locations. And once you know what you have, that’s the critical first step in the compliance journey.

• ITBriefcase: Compliance can also have positive effects on your company, can’t it?

Oksana Sokolovsky: I agree. Taking a proactive step towards compliance can simplify compliance reporting. It can help you become more aware of your total data landscape, even the “hidden” parts, giving you greater insight into your corporate operations and business opportunities. In addition, of course, compliance with the rules also reduces your risk, and improves your ability to apply data protection applications like encryption and masking. And above all else, it helps build trust with your customers, by showing them that you have auditable processes to protect the personal and private data they’ve shared with you.

• ITBriefcase: So, if you have one bottom line piece of advice for companies, what would it be?

Oksana Sokolovsky: It’s actually two-fold. The first is simple…get started now with smart data discovery if you haven’t already done so. January 2020 will be here before you know it.

And secondly, start planning for an increase in the number of privacy laws around the US. Nine states other than California have introduced draft legislation that would impose broad obligations on businesses to provide consumers with transparency and control of personal data. If these laws pass, they will impact nearly any type of entity that operates in those states, even if your business has no physical presence there.

• IT Briefcase: If people want to know more about CCPA and how Io-Tahoe can help them, where can they go?

Oksana Sokolovsky: They can visit our website at www.io-tahoe.com/ccpapreparedness. We have a lot of information there that they can freely access.

 Oksana Sokolovsky, CEO, Io-Tahoe