TLDR: What Is Personal Data Under CCPA?

With all the new data privacy regulations pioneering user privacy and safety, it’s often difficult to figure out what all of their definitions mean. There are many long and technical explanations out there, but here we’ll concisely define what personal data means under the California Consumer Privacy Act (CCPA) so you can focus on doing what you do best.

» How do you address data privacy issues? Explore these solutions to common e-commerce data privacy issues

Defining Personal Information Under CCPA

Under CCPA, personal data is any information that identifies, relates to, or could reasonably be linked with a specific individual or their household. This includes inferences from other personal information that can be used to create a profile of an individual’s preferences and characteristics.

Here are some examples of personal information:

• • Name (in part or full)

• • Social security number

• • Location information

• • Biometric data

• • Internet browsing activity

• • Email addresses

• • Records of past purchases

Bulleted List

What Constitutes a Personal Data Breach Under CCPA?

With personal data defined, we can recognize when a data breach becomes a personal data breach and is subject to special regulations. In a personal data breach, data is stolen in a non-encrypted and non-redacted form containing the first name or first initial and name of individuals in combination with a variety of alternative data.

Information found in a personal data breach includes:

• • Social security number: This number uniquely identifies an individual and can be used to commit fraud.

• • Medical/health insurance information: This information is very sensitive and usually specific to a person.

• • Government-issued identification numbers: This includes driver’s licenses, tax IDs, military IDs, and passport numbers.

• • Financial account/card numbers: This is especially sensitive if breached in combination with security codes or passwords.

• • Biometric data: A person’s fingerprint, retina signature, and face are unique, although images are not considered a breach of personal data unless used for facial recognition purposes.

Bulleted List

» Is a data breach different under GDPR? Discover how to stay GDPR compliant as a beginner e-commerce seller

Conclusion

In a nutshell, a personal data breach under CCPA is when information defined as personal data is accessed without authorization. To avoid penalties, ensure CCPA compliance and cookie consent for your Shopify store yourself or partner with experts like PieEye.

» Worried about remaining compliant with all the privacy laws? Explore PieEye’s products for your perfect solution