CCPA and “Personal Information”
Personal information. It’s a hot topic right now, and understandably so. CCPA Amendment 874 defines personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household.
Okay, so what does that mean?
The amended definition means that if a person or a household purchases goods and services, their personal information is what can potentially identify and/or relate to them. In turn, it also means that businesses are stepping up to the strict notification procedures of informing consumers about the collection and use of their personal information in order to meet CCPA compliance.
Many consumers and businesses already knew that organizations must provide notices to consumers, but the California Attorney General’s proposed regulations detail the specific notification requirements needed to ensure CCPA compliance. In particular, the Proposed Regulations focus on the notice at the point of collection of personal information, of the consumer’s right to opt-out of the sale of personal information, and of financial incentive, as well as, of course, the privacy policy.
What else is required with these notices, according to the CCPA?
Clarification. The notices must be in an easy-to-read format no matter what device you have on you (yes, this includes your cellphone’s tiny screen). They also need to be in an understandable format (no fancy terminology to throw the reader off). The goal here is to make sure that the materials are using plain, straightforward language, and to avoid any technical or legal jargon which can potentially be confusing to readers.
Coming back to personal information: in addition to being perfectly clear, visible, and accessible, notices at the time of collection need to provide a list of what personal information the business is collecting, the purpose(s) for which it will use that personal information, and a link to its privacy policy. What’s more, if you’re a business that sells personal information, you must include a link titled “Do Not Sell My Personal Information” or “Do Not Sell My Info.”
Consumers need not worry that businesses will use their personal information for other purposes. Businesses may not use a consumer’s personal information for any reason other than what was clearly disclosed in the notice at the time of collection.
For additional information on what your business can do to meet CCPA compliance, or to request a live OneTrust for CCPA privacy management software demo, visit www.OneTrust.com/ccpa-compliance or email [email protected].
Resources:
- Learn more about OneTrust for CCPA
- Download the whitepaper: How OneTrust Helps: California Consumer Privacy Act (CCPA)
- Download the free OneTrust CCPA Mobile App from the App Store and Google Plays
Check out our CCPA blog series:
- CCPA Applicability: Who will the CCPA Impact?
- CCPA Requirements for Businesses
- California Governor Signs CCPA Amendments Into Law
- Proposed Regulations Under the CCPA: What You Need to Know
- CCPA Proposed Regulations
- Comply With the CCPA’s “Toll-Free Requirement” with OneTrust
- California Privacy Rights and Enforcement Act Ballot Initiative
- CCPA Amendment Crunch Time
- CA Attorney General Holds Public Forums on the CCPA: What You Need to Know
- The Importance of the CCPA Look Back Requirement and What it Means for Your Organization
- 5 Simple Steps to CCPA Readiness
- CCPA: New Amendment Bills One Step Closer to Becoming Law
- How OneTrust Helps: CCPA Consumer Rights Management
- How OneTrust Helps: CCPA “Do Not Sell” Requirements
- Less Than One Month to Finalize CCPA Amendments
- The Dos and Don’ts of CCPA Consumer Right Requests
- California Privacy Rights and Enforcement Act Ballot Initiative