In 2018, when GDPR (General Data Protection Regulation) was introduced, we were given a specific definition of what Personal Information meant. You can find our article on that here. While CCPA uses much of the same information in its definition, it also adds more to the list.
Personal Information under CCPA can be summarized in the following 11 categories:
- Identifiers
- examples: real name, alias, postal address, email address, etc.
- Select Information in Customer Records
- examples: bank account number, credit card number, debit card number, etc.
- Legally Protected Characteristics
- Commercial Purchasing Information
- Biometric Information
- Internet or Network Activity
- examples: browsing history, search history, etc.
- Geolocation
- Information Typically Detected by the Senses
- examples: audio, electronic, visual, etc.
- Employment Information
- Education Information
- Inferences from Above Used to Profile
Under CCPA, Personal information basically is anything that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
Information that is lawfully made publicly available from federal, state, or local government records is excluded from this definition.