CCPA Compliance, Cassie
Syrenis can help your business become CCPA compliant under the CCPA regulations through our Personal Information Platform, Cassie. Cassie ensures there is one central, secure platform to manage personal data, legal basis, consent and marketing preferences.
Allowing you to meet regulations wherever your customers are, globally. Cassie is feature rich and provides an essential bridging system between the multiple information pots held within modern organisations.
The California Consumer Privacy Act, (CCPA), is a set of legislation brought into law in June 2018 driven by the continued rise in consumer data breaches and growing privacy concerns of individuals.
CCPA concentrates upon entities processing personal information with annual gross revenue in excess of $25 million or who annually buy or sell for commercial purposes, information of 50,000 or more Californians, households or devices (or organisations that derive 50% or more annual revenue from selling such information).
The CCPA gives individuals the right to bring a civil action against companies that violate the law and states that damages will be between $100 and $750—or higher, if there is more prove of extensive damage. In addition, the state can bring charges against a company directly, levying a $7,500 fine for each alleged violation that isn’t addressed within 30 days.
There is also a separate bill still under consideration in California, AB-2546, targeted at strengthening anti-spam laws and moving California—and in effect the rest of America—away from opt-out marketing permissions.
CCPA provides the following rights for individuals:
- Transparency – CCPA imposes a requirement that website operators offer a do not sell link to their website, among other contact methods and that website privacy policies are updated each 12 months.
- Access – CCPA grants individuals the right to access the information an organisation processes about them in the last 12 months.
- Object – CCPA is focused on preventing the sale of personal data and discriminatory repercussions for exercising rights (e.g. - cannot be denied goods or services, charged different prices or be subject to a different level of quality or service).
- Deletion – CCPA grants the right to request deletion free of charge; which must be honored by downstream entities in a given timeframe.
- Portability – CCPA grants individuals the right to move their data free of charge via an electronic, readily usable format.
CCPA Requirements & Cassie
The CCPA requires organisation’s to be transparent with individuals about the data they hold about them.
Syrenis understands that this can be difficult! Your business receives data from various sources, whether that be through web forms, transaction services, email, SMS and so on. Cassie enables a single truth to be created by the production of a homogenized virtual record whist keeping a full audit trail of every detail (including source), from origin to present time, across all your systems.
Transparency is enabled using either the fully customisable public portal or by linking the feature rich API to existing access routes. Any corrections can be automatically distributed across the entire eco system of an organisation simply and securely, saving time and money.
The CCPA requires strict consent for certain activities from anybody 16 or below. This consent must be able to be proven and shown to have been given freely as part of an informed decision. There is the possibility of this being extended to cover all individuals.
Integral to consent is the concept of ‘Proof’ and ‘Context’. Cassie has multiple tools to enable the collection of consent in a business positive way, from web widgets to phone apps. Not only does Cassie remove the hurdles from collecting consent and using information, but the management of the process is simple, and the ‘proof/context’ fulfills all global requirements. Offering complete flexibility and multi-tiered granulation, Cassie has been designed to be future proof as communication methods change and is also multilingual, covering all languages (including non-Latin character languages).
The CCPA requires that certain administrative tasks can be requested by an individual at no cost to themselves. This can be the provision of their or the deletion of their details. These requests must be completed within a reasonable timeframe.
Cassie enables the easy export of all attributed data, pertaining to an individual, via its audit reporting features. These are simple to use and can create either a CSV or PDF report. In addition, the SAR management module allows for the tracking of requests where extra information needs to be collated from different areas within an organisation.
If a request for erasure is made, Cassie will flag the data it applies to. The request is then recorded for an administrative update. An administrator will then either provide an explanation as to why the request cannot be fulfilled or confirm the request has been completed. If the request has been completed, Cassie will pass the flagged data through a one-way encryption algorithm. This enables a record to be compared by passing it through the same algorithm if a query is raised in the future but fulfils the technical requirement of erasure.
Cassie is a single platform that allows you to collect and consolidate customer contact, consent and preference data so your organisation can be compliant, under regulations such as GDPR and CCPA, and transparent. The platform currently manages over 1.6 billion preferences, for over 100 million contacts globally.