How to write an information request letter to a business regarding your personal information that is saved in their database as a consumer?
The CCPA comes with a set of Rules and Regulations for the protection of personal data inside and outside the state of California and affects all businesses that save personal data from California residents. According to Article 1798.100 - 1798.199 of the California Consumer Privacy Act (CCPA) of 2018, as well as the EU General Data Protection Regulation (GDPR), which are both very important changes in data privacy regulation, it is required for organizations to adhere to, and to provide services to, those who are requesting details regarding personal information saved that is stored on their systems, to the requesting individuals.
If you have given consent to the organization in the past for processing your personal information, you are still able to withdraw your consent.
If you are dealing with companies that are skirting their CCPA responsibilities, make sure to inform the institutions that are mentioned in this letter. For example, contact the California attorney general’s office. Keep in mind that companies are required to provide you with personal information only twice every 12 months.
The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, which does business in California, and satisfies at least one of these thresholds:
- annual gross revenues in excess of $25 million;
- possesses the personal information of 50K or more consumers, households, or devices; or
- earns more than half of its annual revenue from selling consumers' personal data;
- organizations are required to "implement and maintain reasonable security procedures and practices" in protecting consumer info.
Definition Personal Information according to the CCPA:
Any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Unique Examples: the real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver's license number, passport number, search history, biometric data, geolocation or other similar identifiers.
The intentions of the Act are to provide California residents with the right to:
- access their personal info;
- prevent the sale of personal info;
- know what personal info is being collected about them;
- know whether their personal info is sold or disclosed and to whom;
- request an organization to delete any personal data about a consumer collected from that consumer;
- not be discriminated against for exercising their privacy rights.
Enforcement date: January 1, 2020, at which time those businesses in non-compliance may face civil fines between $2,500 and $7,500. Californian residents have the private right of action for data breaches, in case of failure is proven, there can be statutory damages between $100 and $750.
Additionally, you need to inquire if your personal information that was disclosed to third parties, needs to be informed about your deletion request, and you need to be informed me about those recipients.
Download this Sample Customer Information Request Letter now.
If you are a company dealing with customer requests regarding personal information, make sure to have a look here:
CCPA Compliance Toolkit here or
free CCPA Compliance Roadmap! They can help you to become compliant.