COOKIES. CONSENT. COMPLIANCE
secure privacy badge logo
December 2, 2019

What is Personal Information under the CCPA

The California Consumer Privacy Act (CCPA) is set to introduce several changes concerning the privacy of consumer data after it goes into effect on January 1, 2020.

The California Consumer Privacy Act (CCPA) is set to introduce several changes concerning the privacy of consumer data after it goes into effect on January 1, 2020.

This perspective is based on the fact that its description of what entails Personal Information is unique compared to any other regulation including the European Union’s trendsetting General Data Protection Regulation (GDPR).

According to Article 1798.140 (o) (1-2) of the CCPA, personal information refers to “non-public information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

In this article, we outline the types of data described as personal information under the CCPA.

What are the Core Data Elements that constitute Personal Information under the CCPA?

  • Identifiers such as an official name, alias, postal address, unique personal identifier, digital identifiers, IP and email addresses, account name, social security number, driver’s license number, passport number among other related identifiers.
  • Attributes of safeguarded categories under California or federal law
  • Business data comprising records of individual property, commodities or amenities bought, obtained or considered, or alternative buying or consumption patterns
  • Biometric data
  • Geolocation data
  • Professional or occupation-linked data
  • Conclusions made from any of the data outlined under these data elements to come up with a profile regarding a user that reveals his/her preferences, attributes, cognitive patterns, biases, conduct, outlooks, intelligence, abilities, and competencies
  • Internet or other electronic network activity data comprising but not restricted to browsing records, search history, and information concerning a user’s engagement with a web platform, app, or ad.
  • Audio, electronic, visual, thermal, olfactory, or similar data
  • Educational data, which is specified as information that is not available publicly or personally identifiable as stated in the Family Educational Rights and Privacy Act.

What Data Elements do not Constitute Personal Information under CCPA?

Although the scope of what the CCPA considers personal information is typically broad, there are data specific data elements that do not constitute consumer data under this regulation. They include;

  • User Data that is de-identified or in the aggregate consumer data. Essentially, this information cannot be reasonably connected to any consumer or household.
  • Data that is publicly accessible from federal, state, or local authority databases.

Why do Businesses need to know what Constitutes Personal Information under the CCPA?

The knowledge of what constitutes personal information under the CCPA has four crucial benefits to a business’ compliance efforts. Essentially;

  • It enables a business to identify the categories of user data it gathers, distributes, or sells
  • It allows a business to establish whether it stores the user information it collects, shares, or sells
  • It makes it possible to identify at what point, and for how long a business holds such consumer information.
  • It facilitates the creation of a system to identify, monitor, and manage the collection, retention, and deletion of personal information

Learn more about the different clauses contained in this regulation that are crucial to your compliance efforts by checking out our comprehensive, yet simplified CCPA guide on how to become CCPA compliant. To have your additional queries or concerns addressed by a data protection expert, book a call with us today and get on the road to CCPA compliance.

Additional Resources:

Download your free CCPA e-book and get it delivered straight into your inbox.

image

GDPR Compliance Automation: Complete Guide & Tool Comparison

Your privacy team is drowning in manual GDPR workflows. Data subject access requests pile up for weeks. Data mapping takes months instead of minutes. Your spreadsheet-based consent records can't scale to millions of users. Meanwhile, European regulators issued €1.2 billion in GDPR fines last year alone, and your current compliance approach can't keep pace with enforcement intensity or business growth. GDPR compliance automation transforms this reality by applying intelligent technology to streamline, accelerate, and enhance the accuracy of data protection activities. Organizations implementing comprehensive automation report 85-97% reduction in compliance workloads while improving accuracy and reducing regulatory risk by up to 75%. This guide explains what GDPR compliance can be automated, which processes require human judgment, how to select automation platforms, and what ROI you can expect from intelligent privacy technology investments.

    image

    IAB TCF Compliance Tool: Choose and Implement the Right Solution

    Your Consent Management Platform just failed its IAB validation check. Three weeks before your planned launch, the CMP Validator flagged seventeen compliance issues across your consent banner implementation. Your legal team is escalating concerns about GDPR violations, your ad ops team worries about revenue impact, and nobody knows exactly what needs fixing or how long remediation will take.

    • Legal & News
    • Data Protection
    • GDPR
    • CCPA
    image

    What is ad_user_data in Google Consent Mode v2 — and Why It Matters for Your Ads

    Your Google Ads conversion tracking just stopped working in Europe. Campaign performance dropped 30% overnight. Google Tag Assistant shows consent signal errors. You're seeing warnings about missing Consent Mode v2 implementation, but you're not sure what ad_user_data means or why Google suddenly requires it.