The Forget-Me-Yes® (FMY) Software-as-a-Service API Platform specifically manages both organizational and individual Right-to-be-Forgotten (RtbF) and Right-of-Erase (RoE) compliance of structured data for Brazil’s LGPD, Europe’s GDPR, California Consumer Privacy Act (CCPA/CPRA), China Personal Information Protection Law (PIPL), Colorado Privacy Act (CPA) and Virginia CDPA. Features include easy integration, in-time compliance, automated persistent re-query delete for continuous compliance;
- Locates, organizes and manages Data Subject personal information for FMY subscribers in a secure, efficient, and persistent way;
- Automated/scheduled compliance enables organization to avoid regulatory distraction to focus on core business competencies;
- Secure 3rd. Party audit features ensuring regulatory compliance;
- Provides arguable good faith and best practices for companies to avoid litigation, penalties and brand damage associated with bad publicity.
- Provides universal protection for data subjects, data collectors and data stewards collectively
The open API-first design structure of FMY enables quick and seamless integration of future US and global privacy law compliance requirements for timely application release.
FMY is a uniquely secure and valuable Sofware-as-a-Service API platform that manages subscriber RtbF/RoE requests through these features:
- Initial query and deletion from all data record sources
- Audit log that can be queried with the data subject’s identifiers to demonstrate when and where the subject was deleted;
- Multi-factor authentication and end-to-end encryption provides 100% data security from initial FMY data ingest to archive;
- Zero-Knowledge datastore ensures only subscriber can access deleted-datastore;
- Positive impact on organizational IT budget and workloads, while assisting overall regulatory compliance;
- Meet and exceed all national and international Legal compliance requirements as outlined in each corresponding regulation’s data compliance guidelines.
FMY securely stores a single record of each data subject query request data to meet GDPR, LGPD and CCPA regulatory compliance. OVT believes that this encrypted record is in keeping with both the spirit and letter of these regulations for the following reasons:
- The personal information is encrypted using multi-layer (asymmetrical and symmetrical) end-to-end encryption, and done so in such a way that no human or AI/ML system can access it without the secure consent and private encryption key of the subscriber/Customer.
- No customer employee, OVT employee, AWS employee, government entity, or malicious third-party can download unencrypted information.
- Although highly unlikely, any entity that managed to circumvent all security and directly access the encrypted FMY database (Table-Level Encryption & data-at-rest encryption), would simply be accessing encrypted information that will not be able to be unencrypted for any purpose.
The system will only allow the encrypted data to serve the following two purposes:
- Audit log: An FMY customer will be able to query the system to ask if a given entity is stored within the system to prove they complied with a request. They will not be able to download a list of all stored identities not associated with their unique UserID and private security tokens.
- Only the identifying information is stored; no related data (e.g. user behavior or activities). The system stores only enough information to create a unique query.