Legislation
TDPSA compliance
Cassie is an advanced consent management platform that enables global organizations handling complex data to comply with The Texas Data Privacy and Security Act (TDPSA) without compromising the way you work.
After California, Texas is the second largest state to have adopted their own data privacy law, the Texas Data Privacy and Security Act (TDPSA) refers to the collection, use, and disclosure of a consumer’s personal data.
The act, with most provisions due to be taken into effect from July 1 2024, will take notes from previously adopted US privacy laws like the Virginia Consumer Data Protection Act (VCDPA).
Who does the TDPSA apply to?
The TDPSA applies to any organization (with exemptions) conducting business in Texas or an organization that is collecting personal information from a consumer residing in Texas.
Small businesses are exempt from almost all provisions covered by the TDPSA, apart from the requirement to obtain consent before selling any sensitive personal data.
A small business can be classified as an independent organization that has fewer than 500 employees.
Further exemptions apply to:
- State agencies
- Financial institutions regulated by the Gramm-Leach-Bliley Act
- Covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA)
- Non-profit organizations
- Higher education institutions.
Download our “Meet Cassie” brochure
Download our “Meet Cassie” brochure
Understand the fundamentals of Cassie’s consent management platform with this FREE downloadable guide where we cover:
- Cassie’s core features
- Who it’s for
- How it centralizes data
- What makes Cassie different from the competition.
What does the act mean for consumers?
The act provides consumers with a number of rights, including the right to:
- Correct inaccuracies within their personal data
- Delete personal data provided by, or obtained about the consumer
- Obtain a copy of personal data about the individual, in a portable and machine-readable format (if the data is available in digital form)
- Opt out of:
- The sale of the consumer’s personal data
- Targeted advertising
- Profiling “in furtherance of decisions that produce legal or similarly significant effects”
Data controllers must respond to DSARs (Data Subject Access Requests) without undue delay, within 45 days. A 45-day extension period can be available if deemed reasonably necessary.
Consumers can make a data request once every 12 months and the data controller/organization must not charge a fee – unless the request is manifestly unfounded.
Why choose Cassie?
Cassie’s consent and preference management platform allows your business to have confidence in knowing that you can achieve TDPSA compliance without needing to jeopardize your business aims and objectives.
Protect individual privacy
Allow end users to take control of their preferences with granular consent controls enforced across domains, devices and platforms
Avoid fines and brand damage
Cassie enables organizations to meet the complex requirements of TDPSA and mitigate risk with a robust framework for managing consent, avoiding severe penalties and reputational damage
Pass audit inspections
Be prepared for compliance audits with demonstrable tracking and complete history logs, alongside advanced RoPA and DSAR modules to improve efficiencies and assess risk
Ensure data security
Cassie is SOC 2 certified, assuring organization’s data is safeguarded from unauthorized access or breaches with industry-leading encryption protocols and practices
Centralized source of truth
Use Cassie to honor and enforce consent data via APIs and integrations at high volume, in real-time for TDPSA compliance across your tech stack (CRMs, CMS, marketing automation tools, BI tools)
Complex consent made simple
For every consent captured, Cassie can store unlimited key value pairs of additional information against those consents to unlock scalable, granular consent management