What this means for customers
While one purpose of the CCPA is to single out data vendors, the overall purpose is to enable customers to access and control any personal information that companies have collected about them.
Companies could have received this data from customers’ email subscriptions, contact form submissions, transactions, or by purchasing the data. Personal information is defined by the CCPA as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular customer or household.”
The includes identifiers such as real name, address, unique personal identifier, email address, and SSN; commercial information; biometric information; Internet activity; geolocation data; professional or employment-related information; and any inferences drawn from this information to create a profile on a customer’s preferences and characteristics.
The following includes the various rights that the CCPA is giving California residents:
- Right to Be Informed: A business must disclose to customers what personal information it collects and the purposes for which it is used
- Right to Access: Customers have the right to request to access what specific pieces of personal information a company has collected about them, the sources from where it came, the purposes for it, and the categories of third parties with which it’s shared. This must be provided free of charge within 45 days of the request.
- Right to Delete: Customers can request that a company delete any of their personal information, and the company is required to do so for all verified requests.
- Right to Opt-Out of Sale: Companies must offer ways for customers to opt out of the sale or sharing of their personal information. There must be a link to the opt-out page on the home page of a company’s website.
- Non-Discrimination: Companies cannot discriminate by charging extra or refusing service to those who exercise their rights to their personal information.