Continued from part III & IV
The CCPA requires all businesses with customers in California to disclose personal information they store, the purpose of storing that information, and with whom that information is shared or to whom sold. The five new rights that have been awarded to Californians by CCPA:
- A right to know what personal information is being collected about them;
- A right to know whether their personal information is sold or disclosed and to whom;
- A right to say no to the sale of personal information;
- A right to access their personal information; and
- A right to equal service and price, even if they exercise their privacy rights.
Data Privacy Officers, Privacy Staff, Consultants, HR, Legal, etc. find it very useful to have a handy comparison between GDPR and CCPA to identify additional efforts required to implement CCPA.
The last blog detailed the CCPA – Personal Information Categories and included the Comparison Between the GDPR and CCPA for a Few Selective Categories such as Law Applies To, Protects, Protected Information, and Security. Below is the continuation:
| Details | GDPR | CCPA |
| Law applies to | Refer to blog Part III – https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6561593578160738304-VCkz/ | |
| Protects | ||
| Protected Information | ||
| Security |
| Anonymous, Deidentified, Pseudonymous, or Aggregated Data | Refer to last blog Part IV: https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6564159152740974592-EKL9/ |
| Privacy Notice / Information Right | |
| Opt-Out Right for Personal Information Sales | |
| Security | |
| Children |
| Details | GDPR | CCPA |
| Right of Disclosure or Access | Individuals have the right to access their personal data, which includes receiving a copy or to obtain certain information about the data controller’s processing. This is commonly referred to as subject access. Individuals can make a subject access request verbally or in writing.Corporations cannot charge a fee to deal with a request in most circumstances. | Consumers have a right to request disclosure or access to their personal information. To receive additional details regarding the personal information a business collects and its use purposes, including any third parties with which it shares information. |
| Right of Data Portability | The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Receive a copy of the personal data in a commonly used and machine-readable format.It allows them to move, copy or transfer personal data easily from one IT environment to another.Transmit the personal data to another data controllerThe right only applies to information an individual has provided to a controller. | In response to a request for disclosure, a business must provide personal information in a readily useable format Consumer can transmit the information from one entity to another entity without hindrance. |
| Right to Deletion / Erasure (The Right to be Forgotten) | The GDPR introduces a right for individuals to request erasure of personal data under six circumstances (the right to be forgotten).Individuals can make a request for erasure verbally or in writing.The right is not absolute and only applies in certain circumstances.Data controllers must also take reasonable steps to inform any other data controllers also processing the data. | A consumer has the right to deletion of personal information a business has collected, subject to certain exceptions. The business must also instruct its service providers to delete the data. |
| Right of Rectification | The GDPR includes a right for individuals to:Correct inaccurate personal data.Complete incomplete personal data.An individual can make a request for rectification verbally or in writing.In certain circumstances you can refuse a request for rectification.This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)). | None |
Source: Thomson Reuters & ICO
Continued from part III – https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6561593578160738304-VCkz/
Continued from part IV – https://www.linkedin.com/posts/charupel_how-do-i-leverage-my-gdpr-preparation-for-activity-6564159152740974592-EKL9/