The Desk Reference Companion to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Zetoony, David A.
The Desk Reference Companion to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). - 1st ed. - 1 online resource (494 pages)
Intro -- Title Page -- Copyright Page -- Contents -- About the author -- Notes on Citations and References -- Acknowledgments -- Foreword -- Introduction -- Chapter 1: History and Structure -- Q1. What was the Consumer Right to Privacy Act or "CRPA"? -- Q2. What is the California Consumer Privacy Act or "CCPA"? -- Q3. When was the CCPA enacted? -- Q4. When did the CCPA become operative (i.e., go into effect)? -- Q5. When did the CCPA become enforceable? -- Q6. What is the California Privacy Rights Act or "CPRA"? -- Q7. Is the CPRA the same thing as Proposition 24? -- Q8. When will the CPRA become operative (i.e., go into effect)? -- Q9. When will the CPRA become enforceable? -- Q10. What additional rights does the CPRA grantto California consumers? -- Chapter 2: General Concepts -- Personal Information -- Q11. What is personal information? -- Q12. What types of information may qualify as personal information? -- Q13. Did the CCPA incorporate definitions of personal information found elsewhere in the California Code? -- Q14. Does the CPRA enlarge the list of data types that may qualify as personal information? -- Q15. Is the CCPA's definition of personal information the same as the European GDPR's definition of personal data? -- Q16. Does the CCPA use the term "personal data"? -- Q17. Does the term "personal information" mean the same thing as the term "personally identifiable information"? -- Q18. Does the term "personal information" mean the same thing as the term "personally-identified information"? -- Q19. Does the term "personal information" mean the same thing under the privacy laws of other states? -- Q20. Does the term "personal information" include information that a business obtains from government records? -- Q21. What constitutes publicly available information under the CCPA?. Q22. What constitutes publicly available information under the CPRA? -- Q23. Are work email addresses and business contact information governed by the CCPA? -- Q24. Does the CCPA apply to paper records? -- Q25. Is an IP address considered personal information? -- Q26. Is data that has undergone hashing considered personal information? -- Q27. Is data that has undergone salted-hashing considered "personal information"? -- Q28. Is a token considered "personal information"? -- Q29. Is encrypted data considered "personal information"? -- Q30. Does the CCPA apply to information about businesses? -- Q31. Is the CCPA's definition of "biometric information" broader than the definition used by other states? -- Aggregate and Deidentified Information -- Q32. Is aggregated or deidentified information considered personal information? -- Q33. What qualifies as aggregate consumer information? -- Q34. What qualifies as deidentified information? -- Q35. Is deidentified information the same as aggregated information? -- Q36. Does the CCPA adopt a specific standard for deidentifying information? -- Q37. What is the difference between the CCPA's deidentification standard and the GDPR's anonymization standard? -- Pseudonymization -- Q38. What is pseudonymized data? -- Sensitive Personal Information -- Q39. Does the CCPA treat some types of personal information as more "sensitive" than others? -- Q40. Did the CPRA create a new category of "sensitive personal information"? -- Q41. If information is publicly available, is it still considered sensitive personal information? -- Q42. What rights does the CPRA provide for sensitive category data? -- Businesses Covered by the Statute -- Q43. What is a "business"? -- Q44. Does the 25 million threshold to be considered a business refer to revenue generated in the state of California or revenue generated worldwide?. Q45. Does the CCPA apply to non-profits? -- Q46. Are some non-profit entities, such as credit unions, covered by the CCPA? -- Q47. Does the CCPA apply to government agencies? -- Q48. Does an organization need to be "established" in the United States for the CCPA to apply? -- Q49. If a company is based in California, does the CCPA apply to all data processed by the company? -- Q50. What does it mean to "do business" in California? -- Q51. If a company has California employees, is it subject to the CCPA? -- Q52. Can the CCPA apply to a company that has no employees or offices in California? -- Q53. What is the "unified business provision" and the "affiliate exception"? -- Q54. Can corporate affiliates that share common branding choose whether they want to be considered a unified "business" under the CCPA? -- Q55. Are corporate affiliates that use common branding inherently under common "control" for purposes of the CCPA? -- Q56. How do you compute the number of persons, devices, or households when determining whether an entity meets the de minimis threshold to be considered a business? -- Q57. If a company that is not subject to the CCPA acquires a business that is subject to the CCPA, can the acquisition "infect" the data of the first company? -- Q58. Does the CCPA have "controllers" and "processors"? -- Consumers -- Q59. What is a "consumer"? -- Q60. Does the CCPA apply only to consumers that are residents of California? -- Processing -- Q61. What activities count as "processing"? -- Selling -- Q62. What does it mean to "sell" personal information? -- Q63. What constitutes "valuable consideration" for the purposes of determining if personal information has been sold? -- Q64. Are all transfers for valuable consideration sales? -- Sharing -- Q65. What does it mean to "share" personal information? -- Q66. What is "cross-context behavioral advertising"?. Q67. Does a company share personal information when it provides information to a company that is not involved in AdTech? -- Service Providers -- Q68. What is a service provider? -- Q69. Is a service provider the same thing as a processor? -- Contractors -- Q70. What is the difference between a "contractor" and an "independent contractor"? -- Q71. What is the difference between a "contractor" and a "service provider"? -- Q72. Does the CPRA impose different rights or obligations upon contractors as opposed to service providers? -- Chapter 3: General Compliance Issues -- Compliance Programs -- Q73. What are the core requirements imposed by the CCPA on businesses? -- Q74. What additional requirements will be imposed upon businesses by the CPRA? -- Q75. What types of compliance documents should businesses consider? -- Q76. What are the core requirements imposed by the CCPA on service providers? -- Q77. Did the regulations implementing the CCPA impose additional requirements on service providers? -- Q78. Does the CPRA impose additional requirements on service providers? -- Q79. What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA? -- Permissible Uses of Personal Information -- Q80. Are businesses required to have a "lawful basis" or a "permissible purpose" to process personal information under the CCPA? -- Q81. Are companies generally required to get opt-in consent before using personal information? -- Q82. Are businesses required to get opt-in consent to conduct email marketing? -- Permissible Uses of Sensitive Personal Information -- Q83. Does a business have to get opt-in consent from consumers before collecting their sensitive personal information? -- Q84. Do consumers have a right to object to a business's continuing use of their sensitive personal information?. Q85. Is the CPRA's right to object to the continued use of sensitive personal information an absolute right? -- Q86. Under the CPRA, will a consumer be able to object to a company using sensitive personal information for behavioral or targeted advertising? -- Q87. Under the CPRA, will a consumer be able to object to a company sharing sensitive personal information with AdTech companies for their use in constructing a consumer profile? -- Q88. Will all companies be required to post a "Limit the Use of My Sensitive Personal Information" link on their homepages? -- Data Minimization -- Q89. Will the CPRA require data minimization with regard to the storage of information? -- Q90. Will the CPRA require data minimization with regard to the collection and use of information? -- Q91. Will the CPRA require publishing the data retention period that applies to personal information? -- Notice at Collection -- Q92. What is a notice at collection? -- Q93. Does a business have to provide a notice at collection to a consumer if the business does not collect information directly from them? -- Q94. Can a business's privacy notice and notice at collection be the same document? -- Q95. Can a service provider provide a notice at collection on behalf of a business? -- Q96. When a business collects personal information over the phone, can it satisfy the requirement to give a notice at collection by directing consumers to an online notice? -- Q97. When a business collects personal information offline, can it satisfy the requirement to give a notice at collection by including a sign that directs consumers to an online notice? -- Q98. Does a business have to translate a notice at collection into languages other than English?. Q99. If a business does not identify a specific use for information in a notice at collection, is it prohibited from using information in that manner?.
9781641059770
Data protection-Law and legislation-California.
Consumer protection-Law and legislation-California.
Privacy, Right of-California.
Electronic books.
KFC312 .Z486 2021
342.7940858
The Desk Reference Companion to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). - 1st ed. - 1 online resource (494 pages)
Intro -- Title Page -- Copyright Page -- Contents -- About the author -- Notes on Citations and References -- Acknowledgments -- Foreword -- Introduction -- Chapter 1: History and Structure -- Q1. What was the Consumer Right to Privacy Act or "CRPA"? -- Q2. What is the California Consumer Privacy Act or "CCPA"? -- Q3. When was the CCPA enacted? -- Q4. When did the CCPA become operative (i.e., go into effect)? -- Q5. When did the CCPA become enforceable? -- Q6. What is the California Privacy Rights Act or "CPRA"? -- Q7. Is the CPRA the same thing as Proposition 24? -- Q8. When will the CPRA become operative (i.e., go into effect)? -- Q9. When will the CPRA become enforceable? -- Q10. What additional rights does the CPRA grantto California consumers? -- Chapter 2: General Concepts -- Personal Information -- Q11. What is personal information? -- Q12. What types of information may qualify as personal information? -- Q13. Did the CCPA incorporate definitions of personal information found elsewhere in the California Code? -- Q14. Does the CPRA enlarge the list of data types that may qualify as personal information? -- Q15. Is the CCPA's definition of personal information the same as the European GDPR's definition of personal data? -- Q16. Does the CCPA use the term "personal data"? -- Q17. Does the term "personal information" mean the same thing as the term "personally identifiable information"? -- Q18. Does the term "personal information" mean the same thing as the term "personally-identified information"? -- Q19. Does the term "personal information" mean the same thing under the privacy laws of other states? -- Q20. Does the term "personal information" include information that a business obtains from government records? -- Q21. What constitutes publicly available information under the CCPA?. Q22. What constitutes publicly available information under the CPRA? -- Q23. Are work email addresses and business contact information governed by the CCPA? -- Q24. Does the CCPA apply to paper records? -- Q25. Is an IP address considered personal information? -- Q26. Is data that has undergone hashing considered personal information? -- Q27. Is data that has undergone salted-hashing considered "personal information"? -- Q28. Is a token considered "personal information"? -- Q29. Is encrypted data considered "personal information"? -- Q30. Does the CCPA apply to information about businesses? -- Q31. Is the CCPA's definition of "biometric information" broader than the definition used by other states? -- Aggregate and Deidentified Information -- Q32. Is aggregated or deidentified information considered personal information? -- Q33. What qualifies as aggregate consumer information? -- Q34. What qualifies as deidentified information? -- Q35. Is deidentified information the same as aggregated information? -- Q36. Does the CCPA adopt a specific standard for deidentifying information? -- Q37. What is the difference between the CCPA's deidentification standard and the GDPR's anonymization standard? -- Pseudonymization -- Q38. What is pseudonymized data? -- Sensitive Personal Information -- Q39. Does the CCPA treat some types of personal information as more "sensitive" than others? -- Q40. Did the CPRA create a new category of "sensitive personal information"? -- Q41. If information is publicly available, is it still considered sensitive personal information? -- Q42. What rights does the CPRA provide for sensitive category data? -- Businesses Covered by the Statute -- Q43. What is a "business"? -- Q44. Does the 25 million threshold to be considered a business refer to revenue generated in the state of California or revenue generated worldwide?. Q45. Does the CCPA apply to non-profits? -- Q46. Are some non-profit entities, such as credit unions, covered by the CCPA? -- Q47. Does the CCPA apply to government agencies? -- Q48. Does an organization need to be "established" in the United States for the CCPA to apply? -- Q49. If a company is based in California, does the CCPA apply to all data processed by the company? -- Q50. What does it mean to "do business" in California? -- Q51. If a company has California employees, is it subject to the CCPA? -- Q52. Can the CCPA apply to a company that has no employees or offices in California? -- Q53. What is the "unified business provision" and the "affiliate exception"? -- Q54. Can corporate affiliates that share common branding choose whether they want to be considered a unified "business" under the CCPA? -- Q55. Are corporate affiliates that use common branding inherently under common "control" for purposes of the CCPA? -- Q56. How do you compute the number of persons, devices, or households when determining whether an entity meets the de minimis threshold to be considered a business? -- Q57. If a company that is not subject to the CCPA acquires a business that is subject to the CCPA, can the acquisition "infect" the data of the first company? -- Q58. Does the CCPA have "controllers" and "processors"? -- Consumers -- Q59. What is a "consumer"? -- Q60. Does the CCPA apply only to consumers that are residents of California? -- Processing -- Q61. What activities count as "processing"? -- Selling -- Q62. What does it mean to "sell" personal information? -- Q63. What constitutes "valuable consideration" for the purposes of determining if personal information has been sold? -- Q64. Are all transfers for valuable consideration sales? -- Sharing -- Q65. What does it mean to "share" personal information? -- Q66. What is "cross-context behavioral advertising"?. Q67. Does a company share personal information when it provides information to a company that is not involved in AdTech? -- Service Providers -- Q68. What is a service provider? -- Q69. Is a service provider the same thing as a processor? -- Contractors -- Q70. What is the difference between a "contractor" and an "independent contractor"? -- Q71. What is the difference between a "contractor" and a "service provider"? -- Q72. Does the CPRA impose different rights or obligations upon contractors as opposed to service providers? -- Chapter 3: General Compliance Issues -- Compliance Programs -- Q73. What are the core requirements imposed by the CCPA on businesses? -- Q74. What additional requirements will be imposed upon businesses by the CPRA? -- Q75. What types of compliance documents should businesses consider? -- Q76. What are the core requirements imposed by the CCPA on service providers? -- Q77. Did the regulations implementing the CCPA impose additional requirements on service providers? -- Q78. Does the CPRA impose additional requirements on service providers? -- Q79. What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA? -- Permissible Uses of Personal Information -- Q80. Are businesses required to have a "lawful basis" or a "permissible purpose" to process personal information under the CCPA? -- Q81. Are companies generally required to get opt-in consent before using personal information? -- Q82. Are businesses required to get opt-in consent to conduct email marketing? -- Permissible Uses of Sensitive Personal Information -- Q83. Does a business have to get opt-in consent from consumers before collecting their sensitive personal information? -- Q84. Do consumers have a right to object to a business's continuing use of their sensitive personal information?. Q85. Is the CPRA's right to object to the continued use of sensitive personal information an absolute right? -- Q86. Under the CPRA, will a consumer be able to object to a company using sensitive personal information for behavioral or targeted advertising? -- Q87. Under the CPRA, will a consumer be able to object to a company sharing sensitive personal information with AdTech companies for their use in constructing a consumer profile? -- Q88. Will all companies be required to post a "Limit the Use of My Sensitive Personal Information" link on their homepages? -- Data Minimization -- Q89. Will the CPRA require data minimization with regard to the storage of information? -- Q90. Will the CPRA require data minimization with regard to the collection and use of information? -- Q91. Will the CPRA require publishing the data retention period that applies to personal information? -- Notice at Collection -- Q92. What is a notice at collection? -- Q93. Does a business have to provide a notice at collection to a consumer if the business does not collect information directly from them? -- Q94. Can a business's privacy notice and notice at collection be the same document? -- Q95. Can a service provider provide a notice at collection on behalf of a business? -- Q96. When a business collects personal information over the phone, can it satisfy the requirement to give a notice at collection by directing consumers to an online notice? -- Q97. When a business collects personal information offline, can it satisfy the requirement to give a notice at collection by including a sign that directs consumers to an online notice? -- Q98. Does a business have to translate a notice at collection into languages other than English?. Q99. If a business does not identify a specific use for information in a notice at collection, is it prohibited from using information in that manner?.
9781641059770
Data protection-Law and legislation-California.
Consumer protection-Law and legislation-California.
Privacy, Right of-California.
Electronic books.
KFC312 .Z486 2021
342.7940858