Compliance

CPRA

CPRA (California Privacy Rights Act) will considerably improve the lives of California citizens, it’ll give them stronger data rights and even more protection.

Cassie will be able to help you achieve compliance without you having to compromise your business goals.

High Volume Icon

Protect individual privacy

Allow end users to take control of their preferences with granular consent controls enforced across domains, devices and platforms

Icon Customer Insight

Avoid fines and brand damage

Cassie enables organizations to meet the complex requirements of CPRA and mitigate risk with a robust framework for managing consent, avoiding severe penalties and reputational damage

Icon Dedicated Experts

Pass audit inspections

Be prepared for compliance audits with demonstrable tracking and complete history logs, alongside advanced RoPA and DSAR modules to improve efficiencies and assess risk

Icon Unlimited Storage

Ensure data security

Cassie is SOC 2 certified, assuring organization’s data is safeguarded from unauthorized access or breaches with industry-leading encryption protocols and practices

 

Icon Audibility

Centralized source of truth

Use Cassie to honor and enforce consent data via APIs and integrations at high volume, in real-time for CPRA compliance across your tech stack (CRMs, CMS, marketing automation tools, BI tools)

Icon Connector Red

Complex consent made simple

For every consent captured, Cassie can store unlimited key value pairs of additional information against those consents to unlock scalable, granular consent management

  • What is the relationship between the CPRA and the CCPA?
    • The CPRA builds on the California Consumer Privacy Act (CCPA) passed in 2018. Both laws were sponsored by Californians for Consumer Privacy, led by Alastair Mactaggart.
  • What are the key components of the CPRA?
      • Access & Deletion Rights: Consumers can obtain and delete their personal information.
      • Prevent Sale of Data: Consumers can prevent the sale of their information.
      • Protect Children: Guardian or teen permission is required before selling children’s information.
      • Purpose Limitation: Use consumer information only for stated purposes.
      • Storage Limitation: Keep consumer information only as long as publicly stated.
      • Data Minimization: Collect only necessary consumer information.
      • Chain of Custody: Onward transferees must offer the same level of protection.
      • Security Requirements: Implement reasonable and appropriate security measures.
      • Deletion Expansion: Businesses must inform other businesses to delete information upon request.
      • Right of Correction: Allow consumers to correct their personal information.
      • Increased Fines: Triple fines for violations involving children’s information.
      • Sensitive Personal Info: Right to stop the use of sensitive information.
      • Access to All Personal Info: Right to see all personal information, not just the last 12 months.
      • Precise Geolocation: No tracking within approximately 250 acres.
      • Profiling: Right to object to automated decision-making and understand the logic involved.
      • No Right to Cure: Removes the 30-day right to cure violations.
      • Opt-Out of Behavioral Advertising: Right to opt out of cross-context behavioral advertising.
      • Data Protection Agency: Establishes a new agency with guaranteed funding.
        • Enforcement: 2x+ bigger than current enforcement, allows local DA’s to enforce the law.
      • Annual Audits: Requires annual cybersecurity audits and risk assessments for high-risk data processors.
      • Chief Privacy Auditor: Appoints a Chief Privacy Auditor to ensure compliance.
      • Legislative Protection: Prevents the law from being weakened, allowing amendments only in furtherance of consumer privacy.