Citation:

Narasimha Chaitanya Samineni , 2022. "End-to-End Automation of CCPA Request Lifecycle across Banking Systems", ESP Journal of Engineering & Technology Advancements 2(3): 178-190.

Abstract:

The California Consumer Privacy Act (CCPA) imposes strict obligations on financial institutions to support consumer rights such as data access, deletion, portability, and restriction of data sharing. Large banks operate across legacy mainframes, modern cloud systems, CRM platforms, fraud engines, customer data warehouses, mobile applications, and third-party processors, making manual fulfillment of CCPA requests slow, error-prone, and inconsistent [3], [6]. To address these challenges, this study proposes an end-to-end automation framework that orchestrates the full CCPA request lifecycle across complex banking ecosystems. The framework integrates automated identity verification, request classification, system-of-record discovery, data retrieval, redaction, rule-based deletion workflows, audit logging, and automated fulfillment notifications. It leverages workflow engines, API gateways, metadata catalogs, and governance controls to ensure accuracy, repeatability, and compliance with privacy regulations. Evaluation results demonstrate significant reductions in processing time, improved auditability, increased data-action accuracy, and enhanced customer-experience reliability. The proposed model provides a scalable foundation for modernizing privacy-right operations across regulated banking systems.

References:

[1] California State Legislature, “California Consumer Privacy Act of 2018 (CCPA),” Civil Code §1798.100 et seq., 2018.

[2] California Privacy Rights Act (CPRA), “California Privacy Rights Act of 2020,” 2020.

[3] European Union, “General Data Protection Regulation (GDPR),” Regulation (EU) 2016/679, 2018.

[4] NIST, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), NIST SP 800-122, 2010.

[5] NIST, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53 Rev. 5, 2020.

[6] ISO/IEC 27018, Code of Practice for Protection of PII in Public Clouds Acting as PII Processors, ISO, 2019.

[7] A. Cavoukian, Privacy by Design: The 7 Foundational Principles, Information and Privacy Commissioner of Ontario, 2011.

[8] PCI Security Standards Council, PCI DSS: Requirements and Testing Procedures, v3.2.1, 2018.

[9] DAMA International, DAMA-DMBOK: Data Management Body of Knowledge, 2nd ed., Technics Publications, 2017.

[10] Gartner, Best Practices for Data Privacy Operations and Consumer Rights Management, Gartner Research, 2020.

[11] IBM, Data Governance and Privacy Management for Hybrid Cloud, IBM Redbooks, 2020.

[12] Oracle, Data Governance and Compliance for Enterprise Data Platforms, Oracle Documentation, 2021.

[13] Microsoft, Privacy Management and Data Protection in the Cloud, Microsoft Documentation, 2021.

[14] Amazon Web Services, Data Protection and Privacy Best Practices, AWS Whitepaper, 2021.

[15] R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd ed., Wiley, 2008.

Keywords:

CCPA Compliance, Privacy Automation, Data Deletion Workflows, Financial Systems Integration, Consumer Rights Management, Metadata-Driven Discovery, Data Governance, Banking Compliance, Workflow Orchestration, Regulatory Technology (RegTech), Data Access Requests, System-of-Record Identification, Audit Automation.