Compliance Glossary

Under the California Consumer Privacy Act, or CCPA, ‘personal information’ is broadly defined to include a wide range of data that can be linked or reasonably associated with a particular consumer or household. This definition is crucial to understanding the scope and impact of the CCPA on data protection and privacy rights. 

This expansive definition of CCPA includes, but is not limited to:

1. Traditional identifiers: Names, aliases, email addresses, unique personal identifiers, online identifiers, IP addresses, postal addresses, account names, SSNs, driver’s license numbers, or passport numbers. 
2. Characteristics of protected classifications: Race, color, sex, age, religion, national origin, disability, citizen status, genetic information, or marital status. 
3. Commercial information: Records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming history or tendencies. 
4. Biometric information: Physiological, biological, or behavioral characteristics that can establish individual identity, including DNA, fingerprints, iris or retina scans, keystroke patterns, gait patterns, sleep data, exercise data, and health data. 
5. Internet or other electronic network activity: Browsing history, search history, and information regarding a consumer’s interaction with websites, applications, or advertisements.
6. Geological data: Physical location or movements of consumers.
7. Sensory data: Audio, electronic, visual, thermal, olfactory, or similar information. 
8. Professional information: Current or past job history or performance evaluations. 
9. Education information: This is not publicly available Personal Identifiable Information (PII) as defined in the Family Education Rights and Privacy Act. 
10. Inferences drawn from any of the information above: Used to create a profile reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. 

Importantly, CCPA’s definition of personal information explicitly excludes publicly available information from government records and de-identified or aggregate consumer information.