The California Consumer Privacy Protection Act (CCPA) is a California law that establishes mandatory requirements for all organizations storing and processing personal data of California residents. Its gives consumers unprecedented rights in managing their data, including:
- Right to opt-out: A consumer has the right, at any time, to direct a business that sells personal information about the person to third parties not to include their personal information in the transaction.
- Right to notice: A consumer has the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, explicitly notifies the consumer. about any such transaction.
- Right to disclosure: A consumer has the right to request that a business that collects personal information about the consumer disclose to the consumer what information is collected, for what purpose, and what third parties it is shared with.
- Right to deletion: A consumer has the right to request that a business delete any personal information about the consumer which the business has collected.
- Right to equal services and prices: A business shall not discriminate against a consumer because the consumer exercised any of their rights under this title.
CCPA has a broad definition of Personal Information (PI), including real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security Number, driver’s license number, passport number, and any other similar identifiers. The broad umbrella also includes any other information that may directly or indirectly identify an individual, including records of personal property, products or services purchased, Biometric information, Geolocation data, Professional or employment information, and educational records.
Organizations are also required to implement and maintain reasonable security procedures and practices to protect personal information.