Posted in on May 13, 2025
Data security is an important component of the OCPA. If an entity maintains personal data, they must secure it. Common features of “reasonable safeguards” include risk assessment (evaluating potential data security problems), access controls (having more complex requirements for passwords,... View Article
Posted in on October 16, 2024
Your method(s) of authentication should consider a number of factors: which data right a consumer is exercising; the type, sensitivity, value, and volume of personal data involved; the level of possible harm that improper access or use could cause to... View Article
Posted in on April 11, 2024
Sensitive data includes: Any data revealing an individual’s racial or ethnic background, national origin, religious beliefs, mental or physical health conditions or diagnoses, sexual orientation, citizenship or immigration status, status as transgender or nonbinary, or status as a crime victim;... View Article
Posted in on
Personal data is any information that can be linked to an individual. Personal data also includes any information that can be linked to an individual’s device or a household device (like a cell phone or a smart appliance). Some controller... View Article
Posted in on
A “sale” is the exchange of personal data for monetary or other valuable consideration between a controller and a third party. ”Valuable consideration” is not limited to money. This could include a controller exchanging customer lists with a third party.... View Article
Posted in on
Processing refers to any action a controller may take with respect to personal data, including collecting, using, storing, selling, sharing, analyzing, or modifying the data.
Posted in on
The key distinction between a controller and a processor is their decision-making authority over personal data. Under the law, a processor may only process data at the request and under the direction of a controller. The processor is contractually bound... View Article
