- Home
- / Insights
- / Case Studies
- / Regulatory Response: Uncovering The Truth for a Grocery Retailer
Regulatory Response: Uncovering The Truth for a Grocery Retailer
-
February 28, 2024
-
Situation
A national grocery chain engaged FTI Consulting to assist with implementing data classification automation in response to the California Consumer Privacy Act (“CCPA”). The company did not have a reliable source of truth for what sensitive customer data existed across the organization or where it was located.
Technology and scripting needed to be configured to identify and action upon the sensitive data that was found. Additionally, the client used multiple technologies and they needed data to seamlessly flow between each to enable proper access and actionability.
Our Role
- FTI performed an assessment of internal needs across stakeholders and facilitated a proof of concept to identify the best solution for the client that would use a technology-driven process to automatically collect, validate, and categorize data.
- Worked with the client to build a business case which highlighted how identifying and classifying sensitive data would yield significant business benefits across the organization.
- Assisted with the implementation of the solution to evaluate and identify high-risk systems containing personal data.
- Created custom search methodologies to identify sensitive data specific to the client’s business.
- Developed automation to integrate results from the data scanning process with the client’s existing privacy application, creating a seamless process with the necessary approvals.
Our Impact
- Successfully stewarded and deployed a multi-million dollar enterprise data classification and analysis tool by aligning stakeholders and demonstrating business value.
- Scanned 50+ applications for sensitive data across 14 different data source types and 110+ scanning profiles to identify the various types of sensitive data specific to the client’s business.
- Developed custom search logic for 39 different data types to identify client-specific types of data.
- Created a robust data map of where all sensitive data resided across the organization, allowing the client to respond to CCPA-related requests quicker and more accurately.
- Automated the integration of disparate tools to create efficiencies between privacy and business needs by developing an audit trail and data sync between systems.
Published
February 28, 2024