CCPA Chapter 6

¡Supera tus tareas y exámenes ahora con Quizwiz!

Under CCPA what is the right to opt out

businesses must provide a clear and conspicuous link on the business's Internet homepage which states "Do Not Sell My Personal Information" with a description of the right to opt out business must stop selling PI of consumer once they have opted out.

If a business does not maintain online privacy policies or a California-specific description of rights, then the business must do what?

post a description of these rights on its website updated once each 12 months

What must an impacted consumer do prior to asking for statutory damages for CCPA data breach violations?

provide businesses' with 30 days advance written notice and an opportunity to cure the alleged violation

Why does a business need to return information specifically requested by a consumer in a useable format?

provision reflects a policy of data portability aimed to support consumers' ability to transfer their PI from the business to a different destination

What is personal information under CCPA

real name, postal address, email address, ssn, driver's license number, passport number IP address race, sex, religion, disability, sexual orientation and national origin records of personal property, products or services purchases, obtained, or considered, or other purchasing or consuming histories or tendencies biometric information internet or browsing history - searches too info regarding consumers interaction with internet website, application or advertisement geolocation audio, electronic, visual, thermal, olfactory or similar information professional or employment information certain education information

Under CCPA these rights include what 5 things?

request disclosure of business' data collection and sales practices request specific personal information collected have certain information deleted request that personal information NOT be sold to 3rd parties not to be discriminated against because of exercising these rights

Consumers have the right to request __________________________________ collected by businesses

specific pieces of personal information

Under CCPA a _____________ must ___________ certain _________privacy rights with respect to the collection, use and sharing or personal information.

Business Protect Consumer

Can a consumer request information about the consumer's PI which the business has sold or otherwise disclosed to third parties?

Business must identify the categories of third parties to whom the PI was disclosed for each category of PI disclosed

What is the GDPR

Europe's General Data Protection Regulation

Can a consumer request statutory damages under CCPA for redacted or encrypted PI that has been disclosed, stolen or has been accesses by unauthorized parties?

No.

Does CCPA grant consumers the private right to action in certain instances?

Yes

Does the CCPA allow consumers with a right of action to recover statutory damages as a result of a data security breach?

Yes, and it is the first statute to allow this. Statutory damages between $100-$750 PER incident or other damages court considers appropriate

Can CCPA elements be found in other US laws regulating particular sectors such as health care, finance or data breaches?

Yes, but CCPA regulates: collection use and sharing of personal information more broadly than any prior US law.

Can the California Attorney General being enforcement action against a business or person who violates CCPA?

Yes. Civil penalties $2,500-$7,500 (higher penalties for intentional violations)

If a consumer requests specific pieces of PI from business; how should it be returned to the consumer?

a readily useable format that supports consumer's ability to provide the information to another entity

Under what circumstances can a consumer request statutory damages for a data breach under CCPA?

an unauthorized access and exfiltration, theft or disclosure of the consumer's PI resulting from the business's failure to "implement and maintain reasonable security procedures and practices"

How does CCPA define a business

any legal entity organized or operated FOR the profit or financial benefit of its shareholders or other owners which alone or jointly with others "determines the purposes and means" of processing consumers' personal information, provided that the entity does business in California.

What is a consumer under CCPA?

any natural person who is a California resident

Under CCPA what is collection defined as

direct and indirect collection of PI through any means including buying, renting, gathering, obtaining, receiving or accessing

What does CCPA require of businesses at or before the point of collection

inform consumers regarding the catergories of personal information collected and the purposes for their use

Under CCPA defines Personal information?

information that identifies relates to describes capable of being associated with directly or indirectly; with a particular household or consumer

Under CCPA can a consumer request statutory damages for ALL categories of PI?

only if a subset of the most "sensitive" PI such as SSN

When would a business be exempt from deleting PI in response to a verifiable consumer request?

-To complete a transaction or provide a service requested by consumer, or complete or perform a contract between business or consumer -Detect, protect against, or prosecute security incidents or illegal activity -Debugging/repair purposes -Exercise legal rights; including free speech or comply with legal obligations -Engage in research in the public interest -Where Consumer has provided informed consent limited internal purposes "compatible with context" in which information was provided by the consumer, or reasonably aligned with consumer expectations

What does CCPA stand for

California Consumer Privacy Act June 28 2018

CCPA Provides what?

Comprehensive regime of consumer privacy rights, such as those found in data protection laws outside the United States

What are the other requirements under CCPA a business must meet to fall under the Act?

Gross revenue over $25,000,000 Alone or in combination; annually buys receives for the business's commercial purposes, sells, or shares for commercial purposes - alone or in combinations - personal information of 50,000 or more consumers, households or devices 50% or more of annual revenue results in teh sale of consumers' personal information

What is considered discrimination of a consumer under CCPA?

If a consumer exercises any. of the rights associated with protecting their PI a business may not- deny goods or services charge different prices degrade or provide different quality of goods/services suggest to the said consumer that exercising their rights would result in a different quality of goods or services

Does CCPA apply to deindentified data?

No. Deidentified data cannot relate directly or indirectly with a consumer

What businesses are excluded from CCPA?

Non-profit organizations entities which do not determine the "purpose and means" of processing consumer personal information Entities which do not conduct business in California


Conjuntos de estudio relacionados

Nursing Research/Evidence Based Practice Exam 1 (ch.1-3)

View Set

Plato Technical Communication Class

View Set

Chemistry Chapter 6 Homework Assignment

View Set

AC204 • Exam 2 • Chapters 5, 6, 13

View Set

EDUC 1300 chapters 1,2,3,7,8,& 9 hcc, Improvement of study, college skills, Chapter 1- Connect

View Set

medical sociology quiz questions

View Set