![]() ![]() Identification of all entities that are given access to the information, including whether a contract is in place with that entity, the purpose for such access and whether the entity may use the information for its own commercial purposes.Identification of the length of time each category of information is legally required to be retained so that deletion requests can be honored properly.For each category of personal information identified, identification of all of the purposes for collecting the data and your uses of the data. ![]() These could be directly from the individual, indirectly through a third party or from your own observations. For each category of personal information identified, identification of the sources of the information.The CCPA defines personal information broadly to mean information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” It provides a non-exclusive list of examples of personal information including the usual contact information, IP, protected classification information (sex, ethnicity, race, etc.), biometrics, internet browsing information, products purchased or considered for purchase, geolocation data, academic and employment information and inferences drawn to create a profile about the individual to reflect preferences, attitudes, etc. Identification of all categories of personal information you receive.This includes any type of personal information that you receive in any format, for example, through your website, forms at retail locations, mail and email, employment applications and related documents, call center recordings, vendor or service providers, landlords, tenants, marketing, closed-circuit TV, etc. A review of all areas of your business where personal information is received.You may be surprised to learn all the places where personal information is hiding. To create a data inventory you will need to survey all aspects of your business, from Marketing to IT to HR to Vendor Management and all points where you receive information from any source and in any format. Unless the business knows where its information is located it will not be able to fulfill these requirements of the CCPA.īuilding a data inventory that includes the types of information that will be required for your disclosures under the CCPA is a rational first step towards compliance. The disclosures that the business will be required to make in its privacy policy and to on-demand requesting parties include the categories of personal information collected in the last 12 months, how it is used, the sources of the information, with whom it is shared, how long it must be retained (for erasure requests), to whom it is sold and the specific personal information about a requesting individual. The right not to be discriminated against because they exercised a new right.įrom the perspective of covered businesses, these new rights create obligations to expand and annually update their privacy policy disclosures, to provide the on-demand disclosures to verified consumers within 45 days of receiving a request, to delete personal information upon request, and to refrain from selling personal information upon request.The right to know your business’ data sale practices and to request that their personal information not be sold to third parties, and.The right to have such information deleted (with exceptions),.The right to receive a copy of the specific personal information collected about them during the 12 months before their request.The right to know your business’ data collection practices including the categories of personal information you have collected, the source of the information, your use of the information and to whom you disclosed the information you have collected about them,.The Act grants “consumers” (any California resident regardless of whether there is a customer or any other relationship with the covered business) five new rights respecting their personal information: The California Consumer Privacy Act of 2018 (CCPA) goes into effect on January 1, 2020, and affects for-profit companies selling goods or services in or into California with $25 Million in annual gross revenues or that meet thresholds for collection or sale of personal data on anyone residing in California.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |