Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Glossary of TermsRabbitMQ LogsHow to Remove All RabbitMQ and Erlang Artifacts from Previous Installations (v13-v13.5)Service Task Type 10Can a Spirion Agent be set to run as "low priority"?Tips: How can I monitor pagefile usage during a scan?Tips: What are the Best Practices to Optimize Memory Usage During Scans?Tips: How does Despeckle interact with other OCR settings like Deskew?Tips: How to find the Outlook Folder GUIDs to use?Tips: How do I handle permission issues with Folder GUID scanning?Tips: What are common errors when Folder GUID permissions are insufficient?Tips: How to automate retrieving Folder GUIDs for multiple usersWhat permissions are needed for service accounts scanning GUIDs?What are the risks of scanning Email (Exchange) Public Folders in large organizations?Can I scan both Cached and Online Exchange Stores simultaneously?Tips: What are best practices for scanning large (Exchange) mailboxes?Tips: What are the Best Ways to Handle Duplicate Results from Scans of (Email) Public Folders?What are common mistakes when configuring Global Ignore Lists?Tips: How does scanning Online Archives affect scan duration?How can I optimize scan policies for Online Archives?What does a report for health information look like?How do I customize data types in the health information report?How do I test my custom RegEx before deployment?How to Install and Set Up the PostgreSQL ClientWhat Common File Types are Supported?Test Data for Local Spirion ClientWhat Version is My Spirion Sensitive Data Platform?What is Residual Data and Why is it Important?
FERPA
CCPA
What settings in Spirion Sensitive Data Platform impact CCPA compliance?
CMMC
HIPAA
Release Notes
Reporting API
Customer Support Articles

What settings in Spirion Sensitive Data Platform impact CCPA compliance?

To support CCPA (California Consumer Privacy Act) compliance, Spirion Sensitive Data Platform provides specific settings that align with the law's requirements for data discovery, classification, and consumer rights fulfillment (such as the "Right to Know" and "Right to Delete").

The following settings and configurations are the most impactful for a CCPA-focused program:

1. Data Type & SDD Definitions (The "What")

CCPA defines "Personal Information" (PI) broadly, including identifiers, commercial information, and even "inferences."

  • CCPA-Specific Data Types: Ensure you have enabled Data Types for California-specific identifiers, such as CA Driver’s Licenses, and broader PI like names, mailing addresses, and IP addresses.
  • Sensitive Data Definitions (SDDs): Use SDDs to create "Contextual Matches." For example, a 9-digit number is just a number, but a 9-digit number near the word "Social Security" or within a "Payroll" folder is high-confidence PI. This reduces false positives during CCPA audits.

2. Target Segmentation (The "Where")

CCPA requires organizations to know where California residents' data is stored.

  • Target Tagging: Use Target Tags to label repositories that contain California resident data (for example, Region: California or UserBase: CA).
  • Reporting by Segment: This allows you to generate a "CCPA Inventory Report" that excludes data from other regions, which is critical for proving "Reasonable Security" under the law.

3. Playbooks for "Right to Delete" & "Right to Know"

CCPA grants consumers the right to request the deletion of their data or a report on what data is held.

  • Manual Remediation (Right to Delete): Configure playbooks that allow an operator to Shred or Redact specific files or database records identified during a Subject Access Request (SAR).
  • Workflow Assignment: Use Workflows to assign a finding to a data owner with a "Due Date" to ensure the 45-day CCPA response window is met.

4. Agent-Side Redaction (Privacy by Design)

CCPA emphasizes protecting data even during the discovery process.

  • Match Evidence Redaction: In the Agent Policy settings, enable partial redaction of match evidence (for example, showing only the last 4 digits of an ID).
  • Why it matters: This ensures that your Spirion Console (and the people viewing it) does not become a new repository of unencrypted PI, which would increase your CCPA liability.

5. Search History (Incremental Compliance)

CCPA compliance is an ongoing obligation, not a one-time event.

  • Search History Setting: Ensure Search History is enabled in your scan configurations.
  • Impact: This enables you to run frequent "Drift Scans" to find new PI as it enters the environment without the performance hit of a full re-scan. This keeps your CCPA inventory current in near real-time.

6. Reporting & Audit Logs (The "Proof")

If audited, you must prove you have "Reasonable Security" and a repeatable process.

  • Classification Logs: Use the Classification settings to apply persistent tags (like NTFS ADS or MIP labels) to files containing PI. This proves the data was identified and handled according to policy.
  • Audit Reports: Regularly export reports from the Scan Results page showing "Found vs. Actioned" status to demonstrate active risk reduction.

Summary Checklist for CCPA

CCPA Requirement

Spirion Setting / Feature

Data Inventory

Data Assets and Targets (with Target Tags)

Broad PI Detection

CCPA Data Types and Contextual SDDs

Right to Delete

Shred/Redact Playbooks

Reasonable Security

Agent-Side Redaction and MIP/NTFS Classification

Ongoing Monitoring

Scheduled Scans with Search History enabled

By aligning these settings, you transform Spirion from a simple search tool into a CCPA Compliance Engine that provides the visibility and control required by California law.

Was this article helpful?

Powered by Product Fruits