Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » CCPA » CCPA Data Subject Rights

CCPA Data Subject Rights

The California Consumer Privacy Act establishes a set of fundamental rights for the residents of California, known as data subjects concerning their personal information. These rights empower consumers with greater control over their data and increase transparency in how businesses handle their personal information. 

The key Data Subject Rights under the CCPA are:

Right to know: Consumers have the right to request that businesses disclose the categories and specific pieces of personal information collected about them, the sources of that information, the purpose for collecting or selling the information, and the categories of third parties with whom the information is shared. 

Right to delete: Consumers can request the deletion of their personal information collected by businesses, subject to certain exceptions such as completing transactions, detecting security incidents, or complying with legal obligations. 

Right to opt-out: Consumers have the right to direct businesses not to sell their personal information to third parties. Businesses must provide a clear and conspicuous “Do Not Sell My Personal Information” link on their website homepage to facilitate this right.

Right to non-discrimination: Businesses are prohibited from discriminating against consumers who exercise their CCPA rights. This includes denying goods or services, charging different prices, or providing a different quality of goods or services.

Right to access: Consumers can request access to their personal information free of charge, delivered by mail or electronically in a readily usable format that allows the consumer to transmit this information to another entity without hindrance.

Right to correct: Consumers have the right to correct inaccurate personal information that a business has about them.

Right to limit use:  Consumers have the right to limit the use and disclosure of sensitive personal information collected about them.

These Data Subject rights form the core of the CCPA’s consumer protection and aims to promote transparency, control, and accountability in the handling of personal information by businesses.

Additional reading

What is PHI in HIPAA
Blogs HIPAA

What Is PHI in HIPAA: 18 Identifiers With Examples (2024)

Protected Health Information (PHI) is any personal or medical information that can be used to identify a patient or their medical history. HIPAA’s Privacy Rules sets the standards on how PHI can be used and transmitted by while protecting patients’ privacy.  Health Insurance Portability and Accountability Act (HIPAA) also classifies those attributes as PHI that…
Top 8 Cloud Security Challenges: Addressing Modern Threats
Blogs Statistics

80+ Cloud Security Statistics

The adoption of cloud infrastructure for businesses was rather quick. Cloud offers more flexibility to businesses at lower costs and higher efficiency. But could it also lead to increased security issues for your business?  82% of breaches involved cloud-stored data. Cloud security breaches have been on the rise for quite a while now. Plus, with…
HIPAA vs HITRUST
Blogs HIPAA

HITRUST vs HIPAA : Compare Differences and Similarities

HIPAA and HITRUST are two standards often used interchangeably in the healthcare industry. Despite having overlapping requirements and the same goal – to secure protected health information (PHI), their applicability differs in many ways. This raises the question: which is right to secure data in the healthcare industry? Which makes more sense for my type…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales