CCPA Primer

Lesson 3 | Data covered under CCPA

Download Lesson PDF

What data is covered under CCPA?

While CCPA is far-reaching in terms of companies that are impacted, the legislation only applies to specific types of data, namely personal data from CA residents.

The data covered under CCPA is identified as “personal information”. The CCPA definition of personal information is data that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”. Or, simply, data that identifies an individual or household or that can be used to identify an individual or household.

Given the free flow of data and the sheer amount of data collected passively and automatically by our computers and phones, this is an incredible amount of information and it is not crystal clear what data might be capable of “reasonably” being linked to an individual.

Take exercise tracking apps. The routes themselves, without any personal information on the user, if they start and end at a residence, can reasonably infer that the residence is the address of the individual. This type of data has been shown to expose the sites of secret overseas military facilities.

Geolocation data, something that mobile apps have notoriously hoovered up from users, is a broad category of data that can easily be linked to individuals.

Or data that identifies your online activities - search history or browser fingerprinting.

It is easy to imagine almost any user-associated data being considered personal information under CCPA.

There are a few personal information exceptions that were added to CCPA so as not to overlap with other privacy regulations where the data is already being regulated. Those exceptions include healthcare data and financial data. 

A list of personal information explicitly listed in CCPA is below.

  1. Real name
  2. Postal address
  3. Email address
  4. Social Security Number
  5. Driver’s license number
  6. Passport number
  7. Signature
  8. Physical characteristics or description
  9. Telephone number
  10. State identification card number
  11. Insurance policy number
  12. Education
  13. Educational information (as defined by 34 C.F.R. Part 99)
  14. Employment
  15. Employment history
  16. Bank account number
  17. Credit card number
  18. Characteristics of protected classification under California law
  19. Characteristics of protected classification under federal law
  20. Biometric information
  21. Internet or other electronic network activity
  22. Browsing history
  23. Search history
  24. Audio information
  25. Electronic information
  26. Visual information

It’s safe to assume any information you store on individuals, or individual users, falls under CCPA.