Ch. 6 - California Consumer Privacy Act

¡Supera tus tareas y exámenes ahora con Quizwiz!

Consumer

A natural person who is a California resident.

Initial Notice

A notice at or before the point of collection that informs consumers regarding the categories of personal information collected and the purposes of their use.

"Right to Opt-out" Notice

A notice that provides a clear and conspicuous link to a homepage that says "Do Not Sell My Personal Information."

Website Notice

An online privacy notice that describes the rights consumers may exercise under the CCPA. It must disclose the categories of personal information collected, categories of the information sold, and categories of information disclosed. Must be updated once every 12 months.

Business

Any legal entity organized or operated for the profit or financial benefit of its shareholder or other owners which alone, or jointly with others, determines the purposes and means of processing consumers' personal information. Must do business in California and meet one of the following requirements: annual gross revenue > $25 million, 50,000 or more consumers, receives 50% or more annual revenue from sale of consumers' PI.

Inferences

Creating profiles from personal information which reflect preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes of the consumer.

California State Attorney General

Enforces CCPA. Civil penalties range from $2,500 to $7,500.

Sale of Personal Information

Includes any disclosure of personal information to another business or third party in exchange for value of any kind, monetary or otherwise.

Deidentified information

Information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer.

Personal Information

Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Breach

Must consist of 1) an unauthorized access and exfiltration, theft, or disclosure of the consumer's personal information resulting and 2) the business's failure to implement and maintain reasonable security procedures and practices. Must play damages between $100 and $750 per incident.

10 Types of Personal Information

Personal Identifiers, Protected classifications under California or federal law, Commercial information, Biometric information, Internet and network activity, Geolocation information, Sensory information, Professional or employment information, Non-Public education information, and Inferences.

Individual Rights Concerning Personal Information

Right to request disclosure of business' data collection and sales practices, right to request specific personal information collected, right to have certain information deleted, right to request that personal information not be sold to third parties, and the right not to be discriminated against because of exercising these rights.


Conjuntos de estudio relacionados

Chapter 10/12 Concepts of Emergency Preparedness

View Set