Mark Chow is a regular customer at Martorama, a large retail chain. Martorama operates several stores across California where people can find almost everything they need under one roof.
Mark receives several promotional emails from Martorama every week. He's curious about what data the company has stored about him. He exercises his new "right to access" under the CCPA and puts in a request through an online form.
Martorama acknowledges Mark's request by responding to him through an email. The company informs Mark that he will receive this information within 45 days.
Martorama uses its state-of-the-art data discovery solution to find and track Mark's personally identifiable information (PII) in file servers, failover clusters, and OneDrive environments; the solution also provides granular details such as the location of the files and folders containing Mark's PII, the size of the files, who has access to the files, and the dates the files were created or modified.
Data discovery allows Martorama to locate Mark's PII across the organization. Martorama can discover data by searching for specific keywords, regular expressions, or combinations of the two. Martorama scans sensitive content from more than 50 file types including email, text, compressed files, and more.
After 35 days, Martorama responds to Mark with the requested information, exceeding his expectations. Mark is provided the following information on his PII:
- A list of the different categories and types of PII
- All the sources from which Mark's personal information is collected
- Purposes for collection
- Third parties with which Mark's data is shared
- Martorama's personal information collection practice