If your business sells to California residents — and if you operate online, you almost certainly do — the California Consumer Privacy Act (CCPA) gives those customers rights over their personal data that you must be able to fulfill. Fulfilling those rights requires knowing exactly what data you hold about each person. That's a data quality problem before it's a compliance problem.
What CCPA Requires
CCPA gives California consumers the right to:
- Know what personal information a business has collected about them
- Delete their personal information (with some exceptions)
- Opt out of the sale of their personal information
- Non-discrimination — businesses can't penalize consumers for exercising these rights
For businesses, this means: you must be able to find all data you hold about a specific person on request, delete it on request, and document how you collected it and why you hold it.
Where Data Quality Becomes Critical
Finding data on request: If your contact data is spread across multiple systems with inconsistent identifiers, finding all records for "Sarah Johnson at sarahj@email.com" is a complex exercise — especially if she appears as "Sarah J" in your CRM, "S. Johnson" in your billing system, and "sarah.johnson@gmail.com" (older address) in your email list. Deduplication and consistent identifiers are data quality requirements that become compliance requirements under CCPA.
Sohovi automatically finds every duplicate in your dataset — including near-matches — and shows you exactly which rows are affected.
Deleting data on request: Deletion requests must be fulfilled within 45 days. If you can't find all records for a person because of data fragmentation, you risk incomplete deletion — a compliance failure.
Documenting data collection: Knowing what data you have and where it came from requires data lineage — understanding which records came from which collection source. This is part of a mature data quality practice.
Practical Steps
- Map your data: Know which systems hold personal data about your customers. Conduct a PII scan of your key datasets.
- Standardize identifiers: Use email address as a consistent key across systems to make cross-system lookups possible.
- Document collection sources: Note how and when you collected each type of personal data.
- Build a deletion workflow: Know the steps required to fully delete a person's data across all your systems.
Sohovi automatically detects PII in your datasets — emails, phone numbers, SSNs — all processed client-side so your data never leaves the browser.
Sohovi's PII detection feature scans your CSV files for personal data entirely in your browser — helping you understand what you hold without sending that data to any external server.
CCPA compliance isn't a legal project separate from your data operations. It's a requirement that your data operations be well-organized enough to support customer rights on demand.
