Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » CCPA » CCPA Privacy Notice

CCPA Privacy Notice

CCPA (California Consumer Privacy Act) Privacy Notice is a ‘notice at collection’ provided to customers about the types of Personal Information (PI) collected by the business along with the reason for collecting it.

The CCPA privacy notice serves as the primary mechanism through which businesses communicate their data collection practices. It empowers consumers to make informed decisions about their personal data and exercise their rights under the CCPA.

To make it more transparent, businesses should include information on the time period during which the PI was collected.

In the notice, businesses must have a section that informs customers belonging to the state of California of their rights.

An example of the personal information categories in a CCPA Privacy Notice:

Category	Collected	Disclosed	Sold/Shared	Sources of Personal Information
A. Unique Identifiers Examples: Full name, home address, phone number, device IDs, IP address, national ID number.	Yes	Yes	No	Data Brokers, Public Records
B. Financial and Account Information Examples: Account numbers, payment card details, transaction history, credit scores	Yes	Yes	No	Financial Institutions, Service Providers
C. Demographic Data Examples: Age range, gender, marital status, education level, household income.	Yes	No	No	Survey Responses, Service Providers
D. Transactional Data Examples: Purchase records, service subscriptions, product preferences, spending habits	Yes	Yes	No	E-commerce Platforms, Retailers
E. Health and Wellness Information Examples: Medical history, exercise routines, dietary preferences, health monitoring data	No	N/A	N/A	N/A
F. Digital Activity Information Examples: Online activity logs, cookies, interaction data with digital content, login history	Yes	Yes	No	Website Analytics, App Usage Data
G. Location Data Examples: Real-time location, historical location data, travel patterns	Yes	Yes	No	Mobile Apps, GPS Services

Additional reading

Seeing the Funny Side of Compliance: A Collection of Memes

Compliance, a complex subject, stirs varied emotions in businesses. First-timers find it overwhelming, juggling complex requirements and legal jargon. Ensuring everything gets done is easier said than done, but compliance memes add a touch of humor to the challenge. Some also see compliance as a mere checklist item—a necessary endeavour that is largely prompted by…

Blogs

SOC 1 Bridge Letters: Keeping Stakeholder Confidence Intact

If you’ve completed a SOC 1 (System and Organization Controls 1) audit, you know that tasks like testing and documenting controls don’t end with the final report. Often, there’s a gap between your audit period and your client’s year-end. This is where a bridge letter comes in. It’s a simple way of saying, “Nothing major…

Comparison

Top MetricStream Alternatives in 2026: A Comparison Guide

TL; DR In this guide, we compare six top MetricStream alternatives, looking at the factors that matter most when you’re moving away from enterprise-heavy GRC: implementation speed, usability for lean teams, risk/compliance depth, audit and third‑party risk workflows, integration strength, scalability, and pricing predictability. Top 6 MetricStream alternatives in 2026:1. Sprinto2. ServiceNow GRC3. RSA Archer4….

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales