Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » CCPA » CCPA Privacy Notice

CCPA Privacy Notice

CCPA (California Consumer Privacy Act) Privacy Notice is a ‘notice at collection’ provided to customers about the types of Personal Information (PI) collected by the business along with the reason for collecting it.

The CCPA privacy notice serves as the primary mechanism through which businesses communicate their data collection practices. It empowers consumers to make informed decisions about their personal data and exercise their rights under the CCPA.

To make it more transparent, businesses should include information on the time period during which the PI was collected.

In the notice, businesses must have a section that informs customers belonging to the state of California of their rights.

An example of the personal information categories in a CCPA Privacy Notice:

Category	Collected	Disclosed	Sold/Shared	Sources of Personal Information
A. Unique Identifiers Examples: Full name, home address, phone number, device IDs, IP address, national ID number.	Yes	Yes	No	Data Brokers, Public Records
B. Financial and Account Information Examples: Account numbers, payment card details, transaction history, credit scores	Yes	Yes	No	Financial Institutions, Service Providers
C. Demographic Data Examples: Age range, gender, marital status, education level, household income.	Yes	No	No	Survey Responses, Service Providers
D. Transactional Data Examples: Purchase records, service subscriptions, product preferences, spending habits	Yes	Yes	No	E-commerce Platforms, Retailers
E. Health and Wellness Information Examples: Medical history, exercise routines, dietary preferences, health monitoring data	No	N/A	N/A	N/A
F. Digital Activity Information Examples: Online activity logs, cookies, interaction data with digital content, login history	Yes	Yes	No	Website Analytics, App Usage Data
G. Location Data Examples: Real-time location, historical location data, travel patterns	Yes	Yes	No	Mobile Apps, GPS Services

Additional reading

Blogs

The Hidden Costs of Poor Compliance Visibility

When you grow to mid-market status, compliance is no longer about just passing audits. In fact, for many of you reading this, passing an audit barely represents a baseline for security. Instead, your goals revolve around keeping up with a risk-first world and maintaining market trust that you’ve worked hard to build. With growing vendor…

Blogs SOC 2

Proving Compliance: Why SOC 2 Evidence Collection Matters

Years ago, collecting evidence was a walk in the park. But we can’t say the same now as most of the data is stored on the cloud. Not to mention the tedious effort involved; almost all application is constantly exposed to risk consistently. A need to secure sensitive information and demonstrate it to present a…

Blogs

GDPR Cookie Consent: Protecting User Privacy and Data

TL,DR: GDPR classifies cookies as personal data requiring explicit user consent before activation. Consent must be freely given, specific, informed, and unambiguous, with pre-ticked boxes invalid Cookie compliance involves three components: a GDPR cookie policy (what cookies are used and why), a consent banner (clear accept/reject options), and a consent management plan (tracking and storing…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales