CCPA and “Personal Information”

Personal information. It’s a hot topic right now, and understandably so. CCPA Amendment 874 defines personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household.

Okay, so what does that mean? 

The amended definition means that if a person or a household purchases goods and services, their personal information is what can potentially identify and/or relate to them. In turn, it also means that businesses are stepping up to the strict notification procedures of informing consumers about the collection and use of their personal information in order to meet CCPA compliance.

Many consumers and businesses already knew that organizations must provide notices to consumers, but the California Attorney General’s proposed regulations detail the specific notification requirements needed to ensure CCPA compliance. In particular, the Proposed Regulations focus on the notice at the point of collection of personal information, of the consumer’s right to opt-out of the sale of personal information, and of financial incentive, as well as, of course, the privacy policy.

What else is required with these notices, according to the CCPA?

Clarification. The notices must be in an easy-to-read format no matter what device you have on you (yes, this includes your cellphone’s tiny screen). They also need to be in an understandable format (no fancy terminology to throw the reader off). The goal here is to make sure that the materials are using plain, straightforward language, and to avoid any technical or legal jargon which can potentially be confusing to readers.

Coming back to personal information: in addition to being perfectly clear, visible, and accessible, notices at the time of collection need to provide a list of what personal information the business is collecting, the purpose(s) for which it will use that personal information, and a link to its privacy policy.  What’s more, if you’re a business that sells personal information, you must include a link titled “Do Not Sell My Personal Information” or “Do Not Sell My Info.”

Consumers need not worry that businesses will use their personal information for other purposes. Businesses may not use a consumer’s personal information for any reason other than what was clearly disclosed in the notice at the time of collection.

For additional information on what your business can do to meet CCPA compliance, or to request a live OneTrust for CCPA privacy management software demo, visit or email [email protected].


Check out our CCPA blog series: