AceNotes · Study
HR & Compliance · Privacy Compliance34 flashcards

Privacy Compliance CCPA CPRA Sale and Sharing

34 flashcards covering Privacy Compliance CCPA CPRA Sale and Sharing for the HR-COMPLIANCE Privacy Compliance section.

The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) establish guidelines for how businesses must handle personal information, particularly concerning the sale and sharing of data. These regulations are designed to enhance consumer privacy rights and provide individuals with greater control over their personal information. Understanding these laws is essential for compliance in HR and workplace settings, as they dictate how organizations must inform employees and customers about data practices.

On practice exams or competency assessments, questions about CCPA and CPRA often focus on definitions, specific requirements for data handling, and scenarios that test your understanding of compliance obligations. A common trap is confusing the terms "sale" and "sharing" of personal data, as each has distinct implications under the law. Be prepared for questions that require you to differentiate between these concepts and identify the appropriate responses in various situations.

One key oversight is failing to provide clear opt-out options for employees regarding the sale or sharing of their personal information, which can lead to compliance issues.

Terms (34)

  1. 01

    What is the definition of 'sale' under the CCPA?

    Under the CCPA, 'sale' means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer's personal information to another business or third party for monetary or other valuable consideration (California Civil Code § 1798.140(t)).

  2. 02

    What is required for a business to comply with the CCPA regarding consumer requests?

    Businesses must provide a clear and accessible privacy policy that outlines consumers' rights, including the right to request disclosure of personal information collected, sold, or shared (California Civil Code § 1798.100 et seq.).

  3. 03

    How often must businesses update their privacy policy under the CCPA?

    Businesses are required to update their privacy policy at least once every 12 months or whenever there are changes to their data practices (California Civil Code § 1798.130(a)(5)).

  4. 04

    What rights do consumers have regarding their personal information under the CCPA?

    Consumers have the right to know what personal information is collected, the right to delete their personal information, and the right to opt-out of the sale of their personal information (California Civil Code § 1798.100 et seq.).

  5. 05

    What is the penalty for violating the CCPA?

    Businesses can face civil penalties of up to $2,500 for each unintentional violation and up to $7,500 for each intentional violation (California Civil Code § 1798.155).

  6. 06

    What does the CPRA add to the CCPA regarding data sharing?

    The CPRA expands the definition of 'sharing' to include disclosing personal information for cross-context behavioral advertising, which is not considered a sale (California Civil Code § 1798.140(ah)).

  7. 07

    What must businesses do if they sell personal information of minors under the CCPA?

    Businesses must obtain opt-in consent from a consumer who is less than 16 years of age before selling their personal information (California Civil Code § 1798.120).

  8. 08

    What is the requirement for businesses regarding training employees on CCPA compliance?

    Businesses must ensure that employees responsible for handling consumer inquiries about the business's privacy practices are trained to understand the requirements of the CCPA (California Civil Code § 1798.135).

  9. 09

    What is the purpose of the Consumer Privacy Fund established by the CPRA?

    The Consumer Privacy Fund is established to fund the enforcement of consumer privacy laws, including the CCPA and CPRA, and to support the activities of the California Privacy Protection Agency (California Civil Code § 1798.199.10).

  10. 10

    Under the CPRA, what is required for data minimization?

    The CPRA requires businesses to limit the collection of personal information to what is necessary for the purposes for which it is collected (California Civil Code § 1798.100(b)).

  11. 11

    What is the 'right to correct' under the CPRA?

    The 'right to correct' allows consumers to request that a business correct inaccurate personal information that the business maintains about them (California Civil Code § 1798.105).

  12. 12

    What must a business do if it experiences a data breach involving personal information?

    A business must notify affected consumers of a data breach involving their personal information in accordance with California's data breach notification laws (California Civil Code § 1798.82).

  13. 13

    How does the CPRA enhance consumer rights compared to the CCPA?

    The CPRA enhances consumer rights by adding new rights such as the right to limit the use of sensitive personal information and the right to opt-out of the sharing of personal information (California Civil Code § 1798.100 et seq.).

  14. 14

    What is considered 'sensitive personal information' under the CPRA?

    Sensitive personal information includes data such as social security numbers, driver's license numbers, financial account information, and precise geolocation (California Civil Code § 1798.140(aa)).

  15. 15

    What is the role of the California Privacy Protection Agency (CPPA)?

    The CPPA is responsible for enforcing the CCPA and CPRA, including issuing regulations and guidelines for compliance (California Civil Code § 79999).

  16. 16

    What must businesses do to comply with the 'right to opt-out' under the CCPA?

    Businesses must provide a clear and conspicuous link on their website titled 'Do Not Sell My Personal Information' to allow consumers to opt-out of the sale of their personal information (California Civil Code § 1798.120).

  17. 17

    What is the timeframe for a business to delete personal information upon request?

    A business must delete a consumer's personal information from its records within 45 days of receiving a verified request to delete (California Civil Code § 1798.105).

  18. 18

    What does the CPRA require regarding third-party contracts?

    The CPRA requires businesses to ensure that contracts with third parties include provisions that prohibit the sale or sharing of personal information without consumer consent (California Civil Code § 1798.100 et seq.).

  19. 19

    What is the significance of the 'right to know' under the CCPA?

    The 'right to know' allows consumers to request information about the categories and specific pieces of personal information a business has collected about them (California Civil Code § 1798.110).

  20. 20

    What is the requirement for businesses regarding data retention under the CPRA?

    Businesses must establish, implement, and maintain reasonable data retention policies that limit the retention of personal information to what is necessary for the purposes for which it was collected (California Civil Code § 1798.100(b)).

  21. 21

    What must a business do if it sells personal information of consumers under 16?

    A business must obtain opt-in consent from consumers who are at least 13 years old but less than 16 years old before selling their personal information (California Civil Code § 1798.120).

  22. 22

    What is the maximum fine for intentional violations of the CCPA?

    The maximum fine for intentional violations of the CCPA can reach up to $7,500 per violation (California Civil Code § 1798.155).

  23. 23

    What is the purpose of the 'Do Not Sell My Personal Information' link?

    The 'Do Not Sell My Personal Information' link allows consumers to easily opt-out of the sale of their personal information, as mandated by the CCPA (California Civil Code § 1798.120).

  24. 24

    What are the consequences for businesses that fail to comply with the CPRA?

    Businesses that fail to comply with the CPRA may face enforcement actions by the CPPA, including fines and penalties (California Civil Code § 1798.155).

  25. 25

    What is required for consumers to exercise their rights under the CCPA?

    Consumers must submit a verifiable request to the business to exercise their rights under the CCPA, such as the right to know, delete, or opt-out (California Civil Code § 1798.100 et seq.).

  26. 26

    What is the role of 'data brokers' under the CCPA?

    Data brokers are required to register with the state and provide consumers with information about their data collection practices, including the ability to opt-out of the sale of their personal information (California Civil Code § 1798.99.80).

  27. 27

    How does the CPRA define 'business' for compliance purposes?

    Under the CPRA, a 'business' is defined as a legal entity that collects consumers' personal information and determines the purposes and means of processing that information (California Civil Code § 1798.140(c)).

  28. 28

    What is the 'right to limit' under the CPRA?

    The 'right to limit' allows consumers to request that businesses limit the use of their sensitive personal information to only what is necessary for the specified purpose (California Civil Code § 1798.120).

  29. 29

    What does the CPRA require regarding the training of employees on privacy practices?

    The CPRA requires businesses to train employees responsible for handling consumer inquiries about privacy practices to ensure compliance with the law (California Civil Code § 1798.135).

  30. 30

    What is the timeframe for businesses to respond to consumer requests under the CPRA?

    Businesses must respond to consumer requests within 45 days of receipt, with a possible extension of an additional 45 days if necessary (California Civil Code § 1798.130(a)(2)).

  31. 31

    What must businesses disclose in their privacy policies under the CCPA?

    Businesses must disclose the categories of personal information collected, the purposes for collection, and the categories of third parties with whom they share personal information (California Civil Code § 1798.100 et seq.).

  32. 32

    What is the CCPA's requirement regarding the sale of personal information of minors?

    The CCPA requires businesses to obtain opt-in consent from consumers under 16 years of age before selling their personal information (California Civil Code § 1798.120).

  33. 33

    What is the significance of the 'right to delete' under the CCPA?

    The 'right to delete' allows consumers to request that businesses delete their personal information, providing consumers with greater control over their data (California Civil Code § 1798.105).

  34. 34

    What does the CPRA require for businesses regarding data sharing?

    The CPRA requires businesses to provide consumers with the ability to opt-out of the sharing of their personal information for cross-context behavioral advertising (California Civil Code § 1798.120).

More HR & Compliance privacy compliance sets

Privacy Compliance GDPR Lawful Bases
37 flashcards
Privacy Compliance GDPR Subject Access Requests
35 flashcards
Privacy Compliance GDPR Cross Border Data Transfers
31 flashcards
Privacy Compliance CCPA CPRA Consumer Rights
36 flashcards
Privacy Compliance HIPAA Privacy Rule Basics
36 flashcards
Privacy Compliance HIPAA Security Rule Basics
35 flashcards