• Products
    • Products

      • Governance Suite Use Spirion’s suite to enhance data security posture management
      • Sensitive Data Platform Scan, classify, remediate using SaaS solution
      • Sensitive Data Finder Automate Subject Rights Request processing
      • Sensitive Data Watcher Actively monitor and understand your data
      • Sensitive Data Manager Scan, classify, remediate using on-premise solution
    • Learn more

      • Data Risk Assessment Audit how your organization protects its sensitive data before a data breach occurs
      • Incident Response Data Risk Assessment Incident response assessment for swift and accurate data breach mitigation
      • Interrogated Platforms More data sources than anyone including both unstructured and structured data
      • Integrated Solutions Explore connections with IRM/DRM, SIEM, DLP, NGFW, CASB, and other security apps
      • Spirion Marketplace Integrate with security tools and explore resources to boost data protection
    • Sensitive Data Governance Framework

      Our framework outlines key stages of readiness to safeguard sensitive data and maintain compliance.
      Review Framework
  • Solutions
    • Industry Solutions

      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security & Privacy Use Cases

      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • UNDERSTAND: Prioritize your data protection efforts with a DRA
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
      • COMPLY: Safeguard PII data to pass GLBA audits
    • Compliance

      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPAA
      • The New York SHIELD Act
      • PCI DSS
      • Other
    • Cloud, servers, endpoints - wherever sensitive data lives, Spirion protects it.

      Everywhere is our territory.
  • Resources
    • Insights

      • Blog
      • Case Studies, White Papers, & Research
      • Podcast
    • Core Expertise

      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management?
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities

      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
    • Cloud, servers, endpoints - wherever sensitive data lives, Spirion protects it.

      Everywhere is our territory.
  • Partners
  • Support
    • Support

    • Customer Success
    • Professional Services
    • Technical Support
    • Service Level Addendum (SLA)
    • Customer Support Policy
  • Company
    • Company

    • About Us
    • Careers
    • Leadership
    • News
    • Our History
  • Search
  • Customer Portal
  • Contact
 Watch demo now
Watch demo now
  • Products
    • Governance Suite
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Manager
    • Sensitive Data Watcher
    • Learn more
      • Sensitive Data Governance Framework
      • Spirion Data Risk Assessment
      • Platforms Interrogated
      • Integrated Solutions
      • Spirion Marketplace
  • Solutions
    • Industry Solutions
      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security Use Cases
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • UNDERSTAND: Prioritize your data protection efforts with a DRA
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
      • COMPLY: Safeguard PII data to pass GLBA audits
    • Compliance
      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPPA
      • The New York SHIELD Act
      • PCI DSS
      • Other
  • Resources
    • Insights
      • Blog
      • Case Studies, White Papers, & Research
      • Podcast
      • Upcoming Events
    • Core Expertise
      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities
      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
  • Partners
  • Support
    • Customer Success
    • Professional Services
    • Technical Support
    • Service Level Addendum (SLA)
    • Customer Support Policy
  • Company
    • About Us
    • Become a Partner
    • Careers
    • Newsroom
    • Our approach
    • Privacy at Spirion
    • Our History
  • Customer Portal
  • Contact
Watch demo now
  • CCPA Summary and Key Issues

  • Consent
  • Enforcement
  • Financial Incentives
  • Jurisdictional Thresholds
  • Information Security
  • Marketing and Advertising
  • Notices to Consumers
  • Personal Information
  • Privacy Policy
  • Requests for Disclosure of Personal Information
  • Requests for Deletion
  • Service Providers
  • Sales of Minors’ Information
  • Sales to Third Parties
  • Verification of Requestors
Download View CCPA Act

Consent

The Statute

Consent of a data subject to the proposed processing of his/her personal data is one of six possible legal bases for processing under Article 6 of the EU GDPR. Under the CCPA, however, consent plays a comparatively lessor role. There are three contexts under which consent applies under the CCPA statute:

  • Under §1798.120(d), “[a] business that has received direction from a consumer not to sell the consumer’s personal information or, in the case of a minor consumer’s personal information has not received consent to sell the minor consumer’s personal information shall be prohibited…from selling the consumer’s personal information after its receipt of the consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the consumer’s personal information.”
  • Under §1798.125(b)(3), “[a] business may enter a consumer into a financial incentive program only if the consumer gives the business prior opt-in consent pursuant to Section 1798.130 that clearly describes the material terms of the financial incentive program, and which may be revoked by the consumer at any time.”
  • Under § 1798.105(d)(6), a business does not have to delete consumer personal information upon request if it is “[e]ngag[ing] in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.”

[all emphasis added]

The Regulations

Consent features more prominently in the CCPA Regulations. Relevant citations include:

  • §999.305(5). A business shall not use a consumer’s personal information for purpose materially different than those disclosed in the notice at collection. If the business seeks to use a consumer’s previously collected personal information for a purpose materially different than what was previously disclosed to the consumer in the notice at collection, the business shall directly notify the consumer of this new use and obtain explicit consent from the consumer to use it for this new purpose.
  • §999.318. If a member of a household is a minor under the age of 13, a business must obtain verifiable parental consent before complying with a request to access specific pieces of information for the household or the deletion of household personal information pursuant to the parental consent provisions in section 999.330.
  • §999.330(a)(1). A business that has actual knowledge that it sells the personal information of children under the age of 13 shall establish, document, and comply with a reasonable method for determining that the person affirmatively authorizing the sale of the personal information about the child is the parent or guardian of that child. This affirmative authorization is in addition to any verifiable parental consent required under COPPA [i.e., the Children’s Online Privacy Protection Act,
    15 U.S.C. sections 6501, et seq.].

[all emphasis added]

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →

  • Products
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
  • Solutions
    • What is sensitive data discovery?
    • What is data loss prevention?
    • What is data classification?
    • Security Use Cases
  • Compliance
    • News
    • Services
  • Need Help?
    • Customer Portal
    • 646-863-8301​​​​​​​​​​​​​​​​​​​​​
    • 3030 North Rocky Point Drive West,
      Suite 470
      Tampa, FL 33607
LATEST BLOG POSTS
  • Why accurate data discovery is essential to comprehensive data protection
  • Mastering Data Breach Evaluation with Spirion’s Incident Response
  • Securing member data: Implementing a 5-Step roadmap for Credit Unions

© 2023 Spirion, LLC. All Rights Reserved

  • Legal
  • Privacy
  • Sitemap