A “notice at collection” refers to notice that is provided when a business intends to collect personal information directly from a consumer. The notice, which must be provided “at or before the point at which” the collection of information occurs,1 should include the following information:
- A list of the categories of personal information that will be collected;
- The business or commercial purpose for which the information is being collected;
- Information on how to opt-out of the sale of personal information (if information is being sold; and
- Information on how to find the company’s complete privacy notice.2
While some businesses may choose to provide consumers with a written document titled “Notice at Collection,” in most situations a formal document is arguably not needed. Specifically the information required to be communicated at the point of data collection is often communicated implicitly to a consumer or would be understood as part of the context of the data that is being collected. For example, if a sales associate at a retail store asks a consumer for their credit card at the point of sale, a reasonable consumer would understand that their credit card information (e.g., name, payment card number, expiration date, etc.) is being collected, and that the collection is for the purpose of processing their transaction. In such a situation, a reference within the store to where the consumer may find the company’s complete privacy notice arguably satisfies the “notice at collection” requirement.
For more information and resources about the CCPA visit http://www.CCPA-info.com.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. CCPA Reg. Section 999.301(l). See also CCPA 1798.100(b).
2. CCPA Reg. Section 999.305(b)(1)-(4).
[View source.]
