Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » CCPA » CCPA Privacy Notice

CCPA Privacy Notice

CCPA (California Consumer Privacy Act) Privacy Notice is a ‘notice at collection’ provided to customers about the types of Personal Information (PI) collected by the business along with the reason for collecting it.

The CCPA privacy notice serves as the primary mechanism through which businesses communicate their data collection practices. It empowers consumers to make informed decisions about their personal data and exercise their rights under the CCPA.

To make it more transparent, businesses should include information on the time period during which the PI was collected.

In the notice, businesses must have a section that informs customers belonging to the state of California of their rights.

An example of the personal information categories in a CCPA Privacy Notice:

Category	Collected	Disclosed	Sold/Shared	Sources of Personal Information
A. Unique Identifiers Examples: Full name, home address, phone number, device IDs, IP address, national ID number.	Yes	Yes	No	Data Brokers, Public Records
B. Financial and Account Information Examples: Account numbers, payment card details, transaction history, credit scores	Yes	Yes	No	Financial Institutions, Service Providers
C. Demographic Data Examples: Age range, gender, marital status, education level, household income.	Yes	No	No	Survey Responses, Service Providers
D. Transactional Data Examples: Purchase records, service subscriptions, product preferences, spending habits	Yes	Yes	No	E-commerce Platforms, Retailers
E. Health and Wellness Information Examples: Medical history, exercise routines, dietary preferences, health monitoring data	No	N/A	N/A	N/A
F. Digital Activity Information Examples: Online activity logs, cookies, interaction data with digital content, login history	Yes	Yes	No	Website Analytics, App Usage Data
G. Location Data Examples: Real-time location, historical location data, travel patterns	Yes	Yes	No	Mobile Apps, GPS Services

Additional reading

Blogs Cloud compliance

Penetration Testing: Strengthening Your Cybersecurity Defenses

About 60% of businesses are likely to increase the cost of their product or services to make up for the loss incurred due to a data breach. Moreover, the time and effort to contain and mitigate breaches takes a toll on engineering bandwidth and impacts product launch deadlines. Thankfully, you can use various pen testing…

Blogs

Your Guide To Infosec Compliance In 2025

It’s 2023, and the world of information security (infosec) is a very different place than what it used to be. As a company owner, you have to become much more aware of the regulatory requirements. But achieving infosec compliance with these regulations isn’t easy; you need a plan that takes into account the latest trends…

Blogs

Drata Pricing With Product Features

Drata is a leading GRC (Governance, Risk, and Compliance) automation platform for startups, scaling businesses, and enterprises. It automates complying with regulatory frameworks such as SOC 2, ISO 27001, HIPAA, and GDPR. Drata’s pricing starts at around $15,000/year for startups and can scale up to $100,000+ annually for larger enterprises, depending on company size, frameworks,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales