Privacy Compliance CCPA CPRA Consumer Rights
36 flashcards covering Privacy Compliance CCPA CPRA Consumer Rights for the HR-COMPLIANCE Privacy Compliance section.
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) establish important consumer rights regarding personal data. These regulations, enforced by the California Attorney General and the California Privacy Protection Agency, define how businesses must collect, use, and protect consumer information. Understanding these laws is crucial for HR professionals and workplace compliance officers, as they not only govern data privacy practices but also outline consumer rights such as the right to access, delete, and opt-out of the sale of personal information.
On practice exams or competency assessments, questions related to CCPA and CPRA often focus on identifying consumer rights and the obligations of businesses. Common question formats include scenario-based inquiries where candidates must determine the correct course of action based on specific consumer requests. A frequent pitfall is overlooking the nuances between CCPA and CPRA, such as the expanded rights under CPRA that may not be present in CCPA. A key tip to remember is that timely response to consumer requests is essential, as failure to comply can lead to significant penalties.
Terms (36)
- 01
What rights do consumers have under the CCPA?
Consumers have the right to know what personal information is collected, to whom it is sold, to access their data, to delete their data, and to opt-out of the sale of their personal information (California Civil Code § 1798.100 et seq.).
- 02
How often must businesses update their privacy policy under the CCPA?
Businesses must update their privacy policy at least once every 12 months to reflect their data practices (California Civil Code § 1798.130(a)(5)).
- 03
What is the maximum fine for violating the CCPA?
The maximum fine for a violation of the CCPA can be up to $7,500 per intentional violation and $2,500 for unintentional violations (California Civil Code § 1798.155).
- 04
Under the CPRA, what is required for businesses regarding consumer data requests?
Businesses must provide a clear and accessible method for consumers to submit requests regarding their personal information (California Civil Code § 1798.130(a)(1)).
- 05
What must businesses do if they sell consumer data under the CCPA?
Businesses must provide a clear notice to consumers at or before the point of data collection that they may sell their personal information (California Civil Code § 1798.120).
- 06
When must a business respond to a consumer's request for information under the CCPA?
A business must respond to a consumer's request for information within 45 days of receiving the request (California Civil Code § 1798.130(a)(2)).
- 07
What is the 'right to delete' under the CCPA?
Consumers have the right to request the deletion of their personal information held by businesses, subject to certain exceptions (California Civil Code § 1798.105).
- 08
What information must be included in a business's privacy policy under the CCPA?
The privacy policy must include the categories of personal information collected, the purposes for collection, and the rights of consumers (California Civil Code § 1798.130(a)(5)).
- 09
What is the 'right to opt-out' under the CCPA?
Consumers have the right to direct a business not to sell their personal information to third parties (California Civil Code § 1798.120).
- 10
How can consumers exercise their rights under the CCPA?
Consumers can exercise their rights by submitting a verifiable consumer request to the business (California Civil Code § 1798.130(a)(1)).
- 11
What is required for a business to verify a consumer's identity when they request data?
Businesses must implement reasonable methods to verify the identity of the consumer making the request (California Civil Code § 1798.130(a)(2)).
- 12
What is the definition of 'personal information' under the CCPA?
Personal information is defined as information that identifies, relates to, describes, or is capable of being associated with a particular consumer or household (California Civil Code § 1798.140(o)).
- 13
What are the consequences for businesses that fail to comply with the CCPA?
Businesses may face civil penalties, lawsuits, and enforcement actions by the California Attorney General for non-compliance (California Civil Code § 1798.155).
- 14
What must a business do if it receives a request to delete personal information?
The business must delete the consumer's personal information from its records and direct any service providers to do the same, subject to certain exceptions (California Civil Code § 1798.105).
- 15
Under the CPRA, what additional rights do consumers have compared to the CCPA?
The CPRA expands consumer rights to include the right to correct inaccurate personal information and the right to limit the use of sensitive personal information (California Civil Code § 1798.100 et seq.).
- 16
What is the 'right to access' under the CCPA?
Consumers have the right to request and receive specific pieces of personal information that a business has collected about them (California Civil Code § 1798.110).
- 17
What are businesses required to do regarding training under the CCPA?
Businesses are required to train their employees responsible for handling consumer inquiries about the business's privacy practices and compliance with the CCPA (California Civil Code § 1798.135).
- 18
What does the CPRA require businesses to do regarding data minimization?
The CPRA requires businesses to limit the collection of personal information to what is necessary for the purposes for which it is collected (California Civil Code § 1798.100).
- 19
How should businesses handle consumer requests for data deletion?
Businesses must confirm receipt of the request and inform the consumer of the action taken within the required time frame (California Civil Code § 1798.105).
- 20
What is the role of the California Privacy Protection Agency under the CPRA?
The California Privacy Protection Agency is responsible for enforcing the CPRA and providing guidance on compliance (California Civil Code § 79999).
- 21
What should a business do if it sells consumer data to third parties?
The business must provide a clear notice to consumers and allow them to opt-out of the sale of their personal information (California Civil Code § 1798.120).
- 22
What is the 'right to non-discrimination' under the CCPA?
Consumers have the right not to be discriminated against for exercising their rights under the CCPA, such as being charged different prices (California Civil Code § 1798.125).
- 23
What is required for a business to maintain records of consumer requests?
Businesses must maintain records of consumer requests and responses for at least 24 months (California Civil Code § 1798.130(a)(4)).
- 24
What must businesses disclose about third parties under the CCPA?
Businesses must disclose the categories of third parties with whom they share personal information, as well as the purposes for sharing (California Civil Code § 1798.130(a)(5)).
- 25
What is the 'right to data portability' under the CCPA?
Consumers have the right to request their personal information in a format that allows them to transmit it to another entity (California Civil Code § 1798.110).
- 26
What must businesses do to comply with the CPRA's requirement for sensitive personal information?
Businesses must provide consumers with clear information about the collection and use of sensitive personal information and allow them to limit its use (California Civil Code § 1798.100).
- 27
How long do businesses have to respond to consumer requests under the CPRA?
Businesses must respond to consumer requests within 45 days, with a possible extension of an additional 45 days if necessary (California Civil Code § 1798.130(a)(2)).
- 28
What is the purpose of the CCPA's notice at collection?
The notice at collection informs consumers about the categories of personal information being collected and the purposes for which it will be used (California Civil Code § 1798.100).
- 29
What is the definition of 'sensitive personal information' under the CPRA?
Sensitive personal information includes data such as social security numbers, financial account information, precise geolocation, and racial or ethnic origin (California Civil Code § 1798.140(aa)).
- 30
What is the significance of the 'verifiable consumer request' under the CCPA?
A verifiable consumer request ensures that businesses can confirm the identity of the requester before disclosing personal information (California Civil Code § 1798.130(a)(2)).
- 31
What actions must a business take if it is unable to comply with a consumer request?
If a business cannot comply with a consumer request, it must inform the consumer of the reasons for denial and provide any applicable information (California Civil Code § 1798.130(a)(2)).
- 32
What obligations do businesses have regarding service providers under the CCPA?
Businesses must ensure that service providers comply with the CCPA and only use personal information for specified purposes (California Civil Code § 1798.140(v)).
- 33
How does the CPRA enhance consumer rights compared to the CCPA?
The CPRA enhances consumer rights by introducing new rights such as the right to correct inaccurate information and the right to limit the use of sensitive personal information (California Civil Code § 1798.100).
- 34
What is the role of the California Attorney General in enforcing the CCPA?
The California Attorney General has the authority to enforce the CCPA and impose penalties for violations (California Civil Code § 1798.155).
- 35
What must businesses do to ensure compliance with the CCPA's consumer rights?
Businesses must implement processes to handle consumer requests and ensure that their privacy policies are up-to-date and compliant with the CCPA (California Civil Code § 1798.130).
- 36
What is the importance of transparency in the CCPA?
Transparency is crucial as it empowers consumers to understand how their personal information is used, shared, and protected by businesses (California Civil Code § 1798.100).