Request a Demo
5 min read

What is personal information under the CCPA?

The California Consumer Privacy Act (CCPA) was enacted to provide California consumers more control over the personal information that businesses collect about them. But what exactly is included in the scope of “personal information?” Under the CCPA, personal information includes basic details like names, addresses, and government information such as driver’s licenses and social security numbers. It also extends to data that consumers aren’t even aware of that businesses collect such as browsing history, biometrics, and even data on a consumer’s interaction with websites and platforms that they’ve visited.

What Is The CCPA?

The CCPA is a data privacy law that secures the right for California consumers to protect their personal information, including:

  • The right to know what personal information a business collects, uses, and shares or sells
  • The right to delete personal information collected by businesses (with some exceptions)
  • The right to opt-out of the sale of personal information
  • The right to non-discrimination for exercising the rights established by the CCPA

For-profit businesses that conduct operations in California or fit the criteria set by the CCPA are required to comply with the law by being transparent about their data practices and providing consumers channels to opt out of data collection or request access to the data collected from them. If you’re wondering: how to block cookies before consent, follow the link for an answer.

What Is Considered Personal Information Under The CCPA?

According to the CCPA, personal information refers to “information that identifies, relates to, or could reasonably be linked with” a consumer or their household.

The term is broad in order to encompass all the data that is currently being collected through different tracking practices and other information that businesses may begin to collect in the future, given the ever-evolving digital landscape.

Personal information, then, includes:

  • names - full names, aliases
  • addresses - postal address, email address
  • financial information - credit card numbers, bank details
  • government information - social security numbers, passport information
  • commercial information - personal property, purchase or service history
  • professional data - job history, employment details
  • education-related information - educational history, student data
  • geo-location - I.P. address, device location
  • biometric data - fingerprints, medical data
  • browsing activity - search history, website interactions
  • inferred profile - inferences that could point to consumer behavior and preferences

What Is Not Considered Personal Information Under The CCPA?

The CCPA doesn’t include publicly available information such as that from federal, state, or local government records (e.g. professional licenses, real estate, etc.) in the category of personal information.

One option to manage the information your business collects from site or app visitors to ensure compliance with all applicable laws and regulations is to use a data privacy tool—essentially a piece of software that helps your company avoid all the repercussions of breaking the law, however unintentionally.

How Does The CCPA Protect Personal Information?

The CCPA protects the personal information of California consumers by requiring businesses to incorporate transparency measures so people can control how their data is collected, stored, used, and shared or sold.

Some requirements set by the CCPA include adding a “Do Not Sell My Personal Information” link on their website’s homepage that lets consumers opt-out of the sale of their personal data, obtaining consent from minors or their parents, and providing channels for consumers to request access to their data. Businesses must also update their privacy policies to include details of the CCPA, specifically the rights consumers are afforded by the law.

Most of the changes brought about by the CCPA affect how businesses operate, especially concerning data collection and the use of it, e.g. for marketing, ad targeting, etc. The best way for companies to play it safe—and prevent having to pay steep fines—is to be transparent about their data practices, pinpointing exactly how consumers’ personal information is used for profit. By the way, if you are required to get permission from site visitors to use cookies, it will be necessary to learn how to block cookies before consent is given.


Since the CCPA was enacted to help consumers protect their personal information, it’s important to know what kind of information is covered by this legislation.

The following data is covered by the CCPA: names, addresses, finances, government issued ID (social security number/passport information), purchase history (goods and services), profession, education and so on. Publicly available information such as real estate owned or professional licenses are not protected by the law.

The law requires enterprises doing business with California residents to be very transparent about what information they collect and how they use it. Individuals in this state have the right to prevent any business from selling their personal information collected online to another business.

October 1, 2021

Continue reading

10 data privacy trends to watch in 2023
Odia Kagan
10 min read
News, Regulations
What the POTUS privacy push means for your 2023 strategy
Jonathan Joseph
7 min read
Privacy Tech, Product
3 requirements for effective consent management
Peter Wang
6 min read

Get started with Ketch

Simplifying your privacy program has never been easier. Begin your journey to simplified privacy operations and granular data control across the enterprise.