General Duties of Businesses that Collect Personal Information
Audited by Privisy — The Privisy scanner actively tests for compliance with this requirement.
What it requires
Businesses that control personal information collection must notify consumers at or before the point of collection about: the categories collected, their purposes, and whether the information is sold or shared. Collection, use, and retention must be reasonably necessary and proportionate to disclosed purposes. Businesses must enter into compliant data-sharing agreements with service providers, contractors, and third parties, and implement reasonable security procedures.
Legal text (excerpt)
A business that controls the collection of a consumer's personal information shall, at or before the point of collection, inform consumers of the following: (1) The categories of personal information to be collected and the purposes for which the categories of personal information are collected or used and whether that information is sold or shared.
Primary source
📄California Privacy Protection Agency (CPPA) — § 1798.100: General Duties of Businesses that Collect Personal Information ↗Privisy checks
The following Privisy scanner checks are grounded in this citation:
- ⚡Right to Know
- ⚡12-Month Lookback
- ⚡Authorized Agent
Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change — verify against the authoritative source and consult a licensed attorney for compliance guidance.