BY Stephen Cavey | 18 November 2021
In 2020, the California Consumer Privacy Act (CCPA) came to fruition as one of the strictest state-wide data privacy laws in the United States. It regulates how businesses worldwide are allowed to handle the personal information (PI) of California residents. This law sets a new standard for privacy rights. It extends past typical personal data (e.g., phone numbers) to include information such as geolocation and browsing history, among other data types. The CCPA defines PI as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
Here we will explore the 11 data categories the CCPA takes into account.
While reviewing the 11 data categories that the CCPA uses to organize PI, certain information may fit within multiple categories. For example, a social security number is considered both an identifier and customer record information.
While the CCPA is comprehensive and inclusive in defining personal data, it does exclude any publicly available information. This includes any data that can be obtained by referencing federal, state, or local government records. It also does not include de-identified or pseudonymized information that cannot be reasonably linked to an individual. Very niche financial and medical information that may already be regulated by compliance laws such as HIPAA could also fall outside the scope of the CCPA.
Businesses are responsible for disclosing the categories of data they are collecting and the purposes they intend to use it for. Understanding the categories of PI and basic requirements of the CCPA will not only help organizations meet current compliance expectations, but it will also fast-track them to meet upcoming data security laws. Notably, the CCPA is continuing to evolve in regard to name and its principles – the CPRA (an amendment of CCPA) is set to be enforced January 2023 and has been referred to as “CCPA plus” or “CCPA 2.0.”
Businesses who are subject to the CCPA and do not safeguard data that falls into these 11 categories risk losing customer trust and facing hefty fines up to civil penalties of $7,500 per violation. This, along with reputational damages, are core reasons for your business to work with a trusted partner who can help you stay accountable in meeting CCPA compliance.
You can not protect what you do not know exists. With Ground Labs’ award-winning solution, Enterprise Recon, your organization can scan, find and remediate hundreds of data types that fall within the CCPA personal data categories.
Schedule a demo today if you are ready to embark on a compliance journey to protect your customer’s data.
Share this article!
Want to keep up with all our blog posts? Subscribe to our newsletter!
As companies all around the world continue have large portions of their workforce remote, the need to keep their data safe and protected is even more critical. To help companies navigate this new reality and mitigate security risks, we are providing a 90-day complimentary version of our flagship solution—Enterprise Recon. Learn more about it here.
Please submit the form below and we’ll contact you to schedule a discovery call. Want to skip the email? Go here to schedule a meeting directly on our calendar.