The CCPA does provide for certain processing activities that are exempt from the CCPA requirements. Businesses should take a conservative approach to analyzing when these exemptions apply. It is recommended the organization formally document any processing activities around California personal data that meet one of the exemptions below to outline why the business is not subject to the requirements of CCPA.
Specifically, the CCPA shall not restrict a business’s ability to:
Further, the CCPA provides for various exemptions to personal data collected related to the following:
As mentioned previously, the CCPA is based on three principles: transparency, accountability, and control. In order to meet the “transparency” principle, businesses must comply with the notice requirements included in the CCPA. Transparency has become a frequent commonality among recent data protection laws since the main goal of data protection is to provide consumers with more power and control over when and how their personal data is used. Transparency is key to pro-vide consumers with this control.
Under the CCPA, businesses must provide the following notice disclosures within their privacy policies:
This blog is part of an educational series that will explain the fundamentals of California’s upcoming data protection act, CCPA – who it impacts, how to comply, and more. Follow along as our expert team breaks down the complexities of CCPA.