Yes.
The sections of the CCPA that relate to data privacy (i.e., the collection, use, and sharing of information) use a definition of “personal information” that includes approximately 26 categories or types of data.1That said, an amendment to the CCPA deferred the full impact of the Act upon employee data until January 1, 2021.2 In contrast, the sections of the CCPA that relate to data security (i.e., the protection of information) adopt a far narrower definition of “personal information” that includes only 6 categories of types of data. The following chart indicates which categories of personal information apply to the data privacy and the data security sections of the CCPA:
|
Examples of Personal Information
|
Applies to Privacy Requirements of CCPA
|
Applies to Security Requirements of CCPA
|
|
1. Audio, electronic, visual, thermal, olfactory, or similar information
|
✓3
|
|
|
2. Bank account number
|
✓4
|
✓5
|
|
3. Biometric information
|
✓6
|
|
|
4. Commercial information (e.g., products or services purchased, or other purchasing or consuming histories or tendencies)
|
✓7
|
|
5. Credit card number
|
✓8
|
✓9
|
|
6. Debit card number
|
✓10
|
✓11
|
|
7. Driver’s License Number / State ID
|
✓12
|
✓13
|
|
8. Education
|
✓14
|
|
|
9. Electronic network activity (e.g., browsing history)
|
✓15
|
|
|
10. Email address
|
✓16
|
Partial ✓17
|
|
11. Employment
|
✓18
|
|
|
12. Employment history
|
✓19
|
|
|
13. Geolocation data
|
✓20
|
|
|
14. Health insurance information
|
✓21
|
✓22
|
|
15. Identifiers (e.g., name or alias)
|
✓23
|
Partial ✓24
|
|
16. Insurance Policy Number
|
✓25
|
✓26
|
|
17. Medical information
|
✓27
|
✓28
|
|
18. Online identifier (e.g. IP address)
|
✓29
|
|
|
19. Other financial information
|
✓30
|
|
|
20. Passport Number
|
✓31
|
|
|
21. Physical Characteristics
|
✓32
|
|
|
22. Postal address
|
✓33
|
|
|
23. Signature
|
✓34
|
|
|
24. Social Security Number
|
✓35
|
✓36
|
|
25. Telephone Number
|
✓37
|
|
|
26. Transaction information
|
✓38
|
|
For more information and resources about the CCPA visit http://www.CCPA-info.com.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. CCPA, Section 1798.140(0)(1).
2. See Assembly Bill 25 passed on November 13, 2019.
3. 1798.140(o)(1)(H).
4. 1798.80(e) (integrated via 1798.140(o)(B)).
5. 1798.80(e) (integrated via 1798.140(o)(B)).
6. 1798.140(o)(1)(E).
7. 1798.140(o)(1)(D).
8. 1798.80(e) (integrated via 1798.140(o)(B)).
9. 1798.81.5(d)(1)(A)(iii) (in combination with name).
10. 1798.80(e) (integrated via 1798.140(o)(B)).
11. 1798.81.5(d)(1)(A)(iii) (in combination with name).
12. 1798.80(e) (integrated via 1798.140(o)(B)).
13. 1798.81.5(d)(1)(A)(ii) (in combination with name).
14. 1798.140(o)(1)(J) (within the scope of FERPA).
15. 1798.140(o)(1)(F).
16. 1798.140(o)(1)(A).
17. 1798.81.5(d)(1)(A)(ii) (only if the email address is in combination with a password).
18. 1798.140(o)(1)(D).
19. 1798.140(o)(1)(I).
20. 1798.140(o)(1)(G).
21. 1798.80(e) (integrated via 1798.140(o)(B)).
22. 1798.81.5(d)(1)(A)(v) (in combination with name).
23. 1798.140(o)(1)(A).
24. 1798.81.5(d)(1)(A)(ii) (only if a name is in combination with another sensitive field, or if a username or email address is in combination with a password).
25. 1798.80(e) (integrated via 1798.140(o)(B)).
26. 1798.81.5(d)(1)(A)(iv) (in combination with name).
27. 1798.80(e) (integrated via 1798.140(o)(B)).
28. 1798.81.5(d)(1)(A)(iv) (in combination with name).
29. 1798.140(o)(1)(A).
30. 1798.80(e) (integrated via 1798.140(o)(B)).
31. 1798.140(o)(1)(A).
32. 1798.80(e) (integrated via 1798.140(o)(B)).
33. 1798.140(o)(1)(A).
34. 1798.80(e) (integrated via 1798.140(o)(B)).
35. 1798.140(o)(1)(A).
36. 1798.81.5(d)(1)(A)(i) (in combination with name).
37. 1798.80(e) (integrated via 1798.140(o)(B)).
38. 1798.140(o)(1)(D).
[View source.]
