This is the Data Protection Report’s fourth blog in a series of blogs that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA.
Disclosures required after receipt of a verifiable consumer request
Businesses that sell or disclose personal information for business purposes must disclose certain information to consumers upon receipt of a “verifiable consumer request.” Specifically, upon receiving a “verifiable consumer request,” a business must disclose the following related to the preceding 12 months:
- the categories of personal information the business has collected about the consumer;
- the categories of sources from which that information about the consumer was collected;
- the business/ commercial purpose for collecting or selling the consumer’s personal information;
- the categories of third parties with whom the business shares personal information; and
- the specific pieces of personal information the business has collected about that consumer.
Look out for our next blog article which will address the CCPA’s consumer access and portability rights.
*** In case you missed it, the California State Legislature passed SB-1121 which amends the CCPA. The amendments are now awaiting signature from the California governor. We will provide more detailed coverage on these amendments in a future blog article.
Links to other CCPA articles:
Article #1: Summary of CCPA’s major provisions
Article #2: CCPA covered entities
Article #3: CCPA definition of personal information
Article #5: CCPA “Right to Deletion”