Compliance Glossary

The right of data portability is a privacy right that allows individuals to request their personal data from a service provider in a structured, easily understood, and machine-readable format. With this right, customers can transfer their data to another service provider without hindrance.

Under CCPA (California Consumer Privacy Act), the right of data portability falls under the broader scope of Right of Access to one’s personal information collected by a business. 

The right of data portability applies to the personal information that a business has collected from the consumer over the 12 months preceding the request.

The right can be exercised on the part of the customer by raising a request by submitting an online form, calling a toll-free number, or sending an e-mail to the business. Within 10 days of receiving the request, the business needs to confirm its receipt and provide the information within 45 days.

If the same has not been received within that said period, then the business will extend this period by another 45 days; however, for this, they must notify the customer and state the reason for such a delay.

Failure to comply with a valid data portability request may yield severe penalties under the CCPA, including fines of up to $7,500 per violation if found intentional. Beyond that, it would also severely dent a business’s reputation and chances of consumers trusting their business and subsequently facing lawsuits.