Compliance Glossary

California customers have the ability to obtain particular information about the personal data gathered about them from businesses under the CCPA right of access, sometimes known as the right to know. This information includes:

Under the CCPA, the Right of Access grants the residents of California the following entitlements:

1. Disclosure of collection: Consumers can request that businesses disclose the categories of personal information collected about them over the past 12 months.
2. Specific pieces of information: Consumers have the right to obtain the actual pieces of personal information a business has collected about them.
3. Sources of information: Businesses must disclose the sources from which the personal information was collected.
4. Purpose of collecting information:  Consumers can request information about the business or commercial purpose for collecting or selling their personal information.

Companies are required to disclose the kind of third parties to whom they sell or share a customer’s personal data.

Customers usually file a verifiable consumer request to the firm in order to exercise this entitlement. According to the CCPA, companies must reply to these requests within 45 days, giving the customer advance notice of any potential 45-day extension if it is deemed necessary.

Companies must give this information away for free, no more than twice in a calendar year. The data must be provided in an easily readable manner that enables the user to send the data to another organization without difficulty.

There are limits to the right of access. In certain situations, businesses may refuse or restrict access requests. These situations include when allowing access would violate the rights of others, when the information is protected by legal privilege, or when the request is obviously excessive or unwarranted.