CCPA Compliance Software
The Simple CCPA Solution You've Been Looking For
Osano’s Privacy Platform can help you comply with the California Consumer Privacy Act (CCPA). Osano gets you up and running quickly with capabilities for managing opt-out requests, processing universal preference signals like the Global Privacy Control, automation for consumer and employee subject rights requests, and more.
JOIN 1000+ Companies using Osano
What Is the CCPA?
Not enough time to slog through pages of legalese? Check out our primer to the CCPA below.
CCPA vs. CPRA
The California Consumer Protection Act (CCPA) was essentially the first iteration of the CPRA. The CCPA was enacted into law in 2018 and became effective in 2020, but privacy advocates immediately felt it wasn't strong enough.
This led to the creation of the CPRA, which went into effect January 1, 2023, and strengthened the CCPA. Nowadays, people often use the terms CCPA and CPRA interchangeably. Here are some of the new changes introduced by the CPRA.
-
Creation of the California Privacy Protection Agency (CPPA).
- Expanded consumers’ right to opt out of the sale of data to opt out of its sharing for targeted advertising.
- Created a second category of sensitive data (e.g., social security numbers, sexual identity, health data, and the like).
- Required businesses to minimize data collection.
- Required privacy assessments.
-
And more.
Am I Subject to the CCPA?
If you do business in California, the odds are you’re subject to the CCPA. Specifically, the CCPA applies if you do business in California, collect the personal data of Californians or have it collected for you, and fit one or more of these criteria:
- Buy, sell, or share the personal information of 100k people or households.
- Create 50% or more of your revenue through the sale or sharing of personal information.
-
Had $25 million in gross revenue in the preceding calendar year.
CCPA Requirements
The CCPA may very well be one of the strictest laws in the U.S. when it comes to data privacy. Here are just a few of its requirements.
- Honor do-not-sell/-share requests and other subject rights requests and provide a mechanism for those requests.
- Limit the use of sensitive personal information to only what is necessary for the primary function of the customer’s transaction.
- Collect and retain only data that is reasonably necessary and proportionate to the intended purpose.
- Conduct risk assessments before beginning high-risk collection or use of personal data.
- Establish contractual obligations with third parties, contractors, and service providers before sharing, selling, or disclosing personal data.
- And many more.
CCPA Enforcement
Unlike other U.S. privacy laws, two different authorities can enforce the CCPA: the California Attorney General and the California Privacy Protection Agency (CPPA). When the CPRA was enacted into law, it also created the CPPA, whose sole job is to enforce the CCPA. If you’re found to violate the law, either authority could penalize you. Additionally, individual citizens can sue under the CCPA if their personal account access information is exposed in a data breach.
-
$2.5k per each violation.
-
$7.5k per each intentional violation.
-
$7.5k per violations involving a minor.
CCPA COOKIE CONSENT
Honor Opt-out Requests
When California citizens visit your website, you need to provide the appropriate disclosures and data collection consent options. Osano detects the geolocation of California visitors and automatically displays the relevant banner to them. If visitors opt out, Osano blocks the relevant data trackers on your website, keeping you in compliance.
-
Choose between opt-in and opt-out compliance mode (both compliant under the CCPA).
- Permit visitors to opt out via your banner, universal preference signals, or a do-not-sell/-share link.
-
Control users’ personal data flows to third parties and targeted advertising based on their consent.
- Rapidly implement Osano Cookie Consent with one line of JavaScript and a few hours of your time.
CCPA DATA SUBJECT RIGHTS
Manage Consumer and Employee DSARs Alike
When a data subject makes a request under the CCPA, you have to meet that request within 45 days. Responding to DSARs takes time away from more strategic initiatives, and 45 days can go by pretty quickly if you experience a high volume of requests. Osano streamlines the subject rights request process, automates common request types, and enables a faster, more accurate workflow.
-
Process access, correction, deletion, opt-out requests, and more.
-
Automatically fulfill summary and deletion requests with human verification for accuracy.
- Discover personal information across disparate data stores
-
Receive subject rights request from embeddable form and/or designated email address.
-
Communicate with data subjects in one centralized, secure location
CCPA DATA MAPPING
Data Mapping Purpose-built for Privacy Compliance
If you’ve ever had to depend on manual spreadsheets or the limited capacity of your organization’s data analysts, you know that mapping your organization’s personal data stores is a time-consuming, reactive task.
Osano Data Mapping provides a privacy-focused data mapping solution that dramatically accelerates the mapping process and reduces errors through automation.
CCPA VENDOR MANAGEMENT
Ensure Your Customers’ Data Is in Good Hands
If you do business in California, then the CCPA requires you to establish the right contractual provisions with your third parties, service providers, and contractors. Osano Vendor Risk Management can help you identify vendors who can live up to those contractual standards and give your customers’ data the protection it deserves. Osano helps you conduct required vendor assessments, tracks vendor privacy changes and new lawsuits, and generates a proprietary Vendor Score to help you assess privacy practices at a glance.
- Assess vendors at a glance with Osano’s Vendor Score, calculated via a 163-item proprietary ontology based on NIST and ISO standards.
-
Receive alerts for vendor lawsuits and privacy policy changes.
-
Discover sub-processors and fourth parties that may handle your customers’ data.
- Use template vendor assessments to take a deep dive into your vendors’ existing processes and document your compliance efforts.
Key Resources on All Things Privacy
Discover actionable compliance tips straight from our team of legal and privacy experts through our blogs, webinars, eBooks, guides, and more.
The CCPA Is Complex. Compliance Doesn’t Have to Be.
Simplify CCPA compliance with Osano. Let us show you exactly how easy meeting your CCPA obligations can be.