Can a business’s “privacy notice” and “notice at collection” be the same document?

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

Yes. 

The CCPA, and the regulations implementing the CCPA, require that a business publish a “statement” which describes the business’s practices regarding “the collection, use, disclosure, and sale of personal information, and of the rights of consumers regarding their own personal information.”1 That statement – which is often referred to as a privacy notice – must include specific disclosure mandated by the Act and the regulations. Given the number of required disclosures, the average privacy notice is 3,875 words.2

The CCPA separately requires that a business that collects a consumer’s personal information provide the consumer a “notice at collection” that conveys “at or before the point of collection” a more limited set of information regarding what types of personal information will be collected, the purpose of the collection, the business’s sales practices, and where the consumer can find the business’s privacy notice.3

All of the information that is required to be provided as part of a “notice at collection” is typically included within a business’s larger privacy notice.  As a result, many businesses satisfy the obligation to provide a “notice at collection” by making the business’s privacy notice available to consumers.  The regulations implementing the CCPA explicitly recognize the practice of using a privacy notice to satisfy the notice at collection requirement in the context of online collections of information by stating that “the notice at collection may be given to the consumer by providing a link to the section of the business’s privacy policy that contains the information required” in the notice at collection.4

For more information and resources about the CCPA visit http://www.CCPA-info.com.

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. CCPA Reg. 301(p).

2. Based upon survey of the privacy notices of Fortune 500 companies conducted between February and April of 2020.

3. CCPA Section 1798.100(b); CCPA Reg. Section 999.305(b)(1)-(4).

4. CCPA Reg. Section  305(c).

[View source.]

Written by:

BCLP
BCLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide