Secure CCPA compliance with Cassie
CCPA Compliance, Cassie
We can help your business attain true CCPA compliance under the CCPA regulations through our Personal Information Platform, Cassie. Cassie ensures there is one central, secure platform to manage personal data, legal basis, consent and marketing preferences.
Allowing you to meet regulations wherever your customers are, globally. Cassie is feature-rich and provides an essential bridging system between the multiple information pots held within modern organisations.
What is CCPA?
The California Consumer Privacy Act, (CCPA), is a set of legislations brought into law in June 2018 driven by the continued rise in consumer data breaches and growing privacy concerns of individuals.
CCPA concentrates upon entities processing personal information with annual gross revenue in excess of $25 million or who annually buy or sell for commercial purposes, information of 50,000 or more Californians, households or devices (or organisations that derive 50% or more annual revenue from selling such information).
CCPA gives individuals the right to bring a civil action against companies that violate the law and states that damages will be between $100 and $750 – or higher, if there is more proof of extensive damage. In addition, the state can bring charges against a company directly, levying a $7,500 fine for each alleged violation that isn’t addressed within 30 days.
There is also a separate bill in California, AB-2546, targeted at strengthening anti-spam laws and moving California – and in effect the rest of America, away from opt-out marketing permissions.
Individuals rights to CCPA
- Transparency – CCPA imposes a requirement that website operators offer a do not sell link to their website, among other contact methods and that website privacy policies are updated every 12 months.
- Access – CCPA grants individuals the right to access the information an organisation processes about them in the last 12 months.
- Object – CCPA is focused on preventing the sale of personal data and discriminatory repercussions for exercising rights (e.g. – cannot be denied goods or services, charged different prices or be subject to a different level of quality or service).
- Deletion – CCPA grants the right to request deletion free of charge; which must be honoured by downstream entities in a given timeframe.
- Portability – CCPA grants individuals the right to move their data free of charge via an electronic, readily usable format.
Cassie is a single platform that allows you to collect and consolidate user contact, consent and preference data so your organisation can be compliant and transparent under regulations such as GDPR and CCPA. The platform currently manages over 1.6 billion preferences, for over 100 million contacts globally.
CCPA requirements all met with Cassie
CCPA requires organisations to be transparent with individuals about the data they hold about them.
We understand that this can be difficult. Your business receives data from various sources, whether that be through web forms, transactional services, e-mail, SMS and so on. Cassie enables a single truth to be created by the production of a homogenized virtual record whist keeping a full audit trail of every detail (including source), from origin to present time, across all your systems.
Transparency is enabled using either the fully customisable Data Subject Portal or by linking the feature rich API to existing access routes. Any corrections can be automatically distributed across the entire eco-system of an organisation simply and securely, saving time and money.
CCPA requires strict consent for certain activities from anybody 16 or below. This consent must be able to be proven and shown to have been given freely as part of an informed decision. There is the possibility of this being extended to cover all individuals.
Integral to consent is the concept of ‘proof’ and ‘context’. Cassie has multiple tools to enable the collection of consent in a business positive way, from web widgets to phone apps. Not only does Cassie remove the hurdles from collecting consent and using information, but the management of the process is simple, and the ‘proof/context’ fulfils all global requirements. Offering complete flexibility and multi-tiered granulation, Cassie has been designed to be future-proof as communication methods change and is also multilingual, covering all languages (including non-Latin character languages).
Granular records and audit reporting
CCPA requires that certain administrative tasks can be requested by an individual at no cost to themselves. This can be both the provision or deletion of their details. These requests must be completed within a reasonable timeframe.
Cassie enables the easy export of all attributed data, pertaining to an individual, via its audit reporting features. These are simple to use and can create either a CSV or PDF report. In addition, the SAR management module allows for the tracking of requests where extra information needs to be collated from different areas within an organisation.
If a request for erasure is made, Cassie will flag the data it applies to. The request is then recorded for an administrative update. An administrator will then either provide an explanation as to why the request cannot be fulfilled or confirm the request has been completed. If the request has been completed, Cassie will pass the flagged data through a one-way encryption algorithm. This enables a record to be compared by passing it through the same algorithm if a query is raised in the future but fulfils the technical requirement of erasure.
After using the Cassie Cookie Module for over a year now, we are really pleased with the product and delighted with the level of customer support we have had from Syrenis.
Kevin Drysdale – Web Team manager, Durham County Council