Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » CCPA » CCPA Personal Information

CCPA Personal Information

Under the California Consumer Privacy Act, or CCPA, ‘personal information’ is broadly defined to include a wide range of data that can be linked or reasonably associated with a particular consumer or household. This definition is crucial to understanding the scope and impact of the CCPA on data protection and privacy rights. 

This expansive definition of CCPA includes, but is not limited to:

  1. Traditional identifiers: Names, aliases, email addresses, unique personal identifiers, online identifiers, IP addresses, postal addresses, account names, SSNs, driver’s license numbers, or passport numbers. 
  2. Characteristics of protected classifications: Race, color, sex, age, religion, national origin, disability, citizen status, genetic information, or marital status. 
  3. Commercial information: Records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming history or tendencies. 
  4. Biometric information: Physiological, biological, or behavioral characteristics that can establish individual identity, including DNA, fingerprints, iris or retina scans, keystroke patterns, gait patterns, sleep data, exercise data, and health data. 
  5. Internet or other electronic network activity: Browsing history, search history, and information regarding a consumer’s interaction with websites, applications, or advertisements.
  6. Geological data: Physical location or movements of consumers.
  7. Sensory data: Audio, electronic, visual, thermal, olfactory, or similar information. 
  8. Professional information: Current or past job history or performance evaluations. 
  9. Education information: This is not publicly available Personal Identifiable Information (PII) as defined in the Family Education Rights and Privacy Act. 
  10. Inferences drawn from any of the information above: Used to create a profile reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. 

Importantly, CCPA’s definition of personal information explicitly excludes publicly available information from government records and de-identified or aggregate consumer information.

Additional reading

enterprise cybersecurity

Enterprise Cybersecurity Architecture With Solutions & Best Practices

As your business scales, the risks you face and the threat landscape you get exposed to expand. Conventional cybersecurity practices may not make the cut anymore, given your organization’s maturity.  An enterprise cybersecurity program calls for a more sophisticated and integrated architecture with top-notch solutions. This blog talks about how your program needs to evolve,…
GDPR Compliance

Achieving GDPR Compliance: A Guide for Businesses

GDPR compliance is vital for organizations operating within the EU. Non-compliance can lead to severe legal and financial consequences, as seen in Austria’s recent ban on Google Analytics. Specifically, Article 44 of the GDPR states that data is not allowed to be transferred beyond the EU or the EEA unless the recipient nation is able…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.