Skip to content

Are you ready for HIPAA 2.0? Find out…

Close
  • Products
    • Products

      • Governance Suite Use Spirion’s suite to enhance data security posture management
      • Sensitive Data Platform Scan, classify, remediate using SaaS solution
      • Sensitive Data Finder Automate Subject Rights Request processing
      • Sensitive Data Watcher Actively monitor and understand your data
      • Sensitive Data Manager Scan, classify, remediate using on-premise solution
    • Learn more

      • Data Security Posture Management Identify security and privacy risks wherever data lives and secure where it travels.
      • Data Risk Assessment Proactive audit – discover how your org protects its sensitive data before a data breach occurs
      • Data Impact Assessment Reactive audit – respond to an incident for swift and accurate data breach mitigation
      • Privacy-Grade™ Compliance and privacy standards that set the bar for sensitive data protection.
    • Technology

      • CADIA Advanced ML/AI to accurately discover and classify sensitive data
      • AnyFinds™ Minimize false positives and deliver accurate matches
      • Interrogated Platforms More data sources than anyone including both unstructured and structured data
      • Marketplace Integrate with security tools and explore resources to boost data protection
      • Governance Framework Outlines key stages of readiness to safeguard sensitive data and maintain compliance.
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Solutions
    • Industry Solutions

      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security & Privacy Use Cases

      • Data Security Posture Management (DSPM)
      • Microsoft Purview Integration
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
    • Compliance

      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPAA
      • The New York SHIELD Act
      • PCI DSS
      • Other
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Resources
    • Resources

      • Blog
      • Case Studies
      • Data Sheet
      • Events
      • MS Purview Calculator
      • Podcast
      • Whitepapers & Research
    • Core Expertise

      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management?
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities

      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
    • WHITE PAPER

      Complete Your Microsoft 365 Data Protection Stack
  • Partners
  • Customers
    • Customers

    • Customer Services
    • Customer Portal
    • Premium Support
  • Company
    • Company

    • About Us
    • Careers
    • Leadership
    • News
    • Our History
  • Search
  • Contact
 Build your own demo
Build your own demo
  • Products
    • Governance Suite
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
    • Sensitive Data Manager
    • Learn more
      • Data Security Posture Management
      • Data Risk Assessment
      • Data Impact Assessment
      • Privacy-Grade™
    • Technology
      • CADIA
      • AnyFInds™
      • Interrogated Platforms
      • Marketplace
      • Governance Framework
  • Solutions
    • Industry Solutions
      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Telecommunications
    • Security & Privacy Use Cases
      • Data Security Posture Management (DSPM)
      • Microsoft Purview Integration
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
    • Compliance
      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPPA
      • The New York SHIELD Act
      • PCI DSS
      • Other
  • Resources
    • Resources
      • Blog
      • Case Studies
      • Data Sheet
      • Events
      • MS Purview Calculator
      • Podcast
      • Whitepapers & Research
    • Core Expertise
      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities
      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
  • Partners
  • Customers
    • Customer Services
    • Customer Portal
    • Premium Support
  • Company
    • About Us
    • Careers
    • Leadership
    • News
    • Our History
  • Contact
Build your own demo
Hero Starlight Image
  • CCPA Summary and Key Issues

  • Consent
  • Enforcement
  • Financial Incentives
  • Jurisdictional Thresholds
  • Information Security
  • Marketing and Advertising
  • Notices to Consumers
  • Personal Information
  • Privacy Policy
  • Requests for Disclosure of Personal Information
  • Requests for Deletion
  • Service Providers
  • Sales of Minors’ Information
  • Sales to Third Parties
  • Verification of Requestors
View CCPA Act

Sales of Minors’ Information

The Statute

In contrast to the opportunity given to California consumers to opt-out of the sale of their personal information, consumers who are minors must opt-in for such sale. Section 1798.120(c) of the CCPA statute establishes a 2-tier structure for determining who must give consent:

  • Minors under 13 years of age. A parent or guardian must affirmatively authorize the sale.
  • Minors 13-16 years of age. The minor can authorize the sale.

Note that this authorization structure applies to a business only if it “has actual knowledge that the consumer is less than 16 years of age” but that “[a] business that willfully disregards the consumer’s age shall be deemed to have had actual knowledge of the consumer’s age. 1” This “actual knowledge” requirement is also cited in the CCPA Regulations.

The Regulations

Section § 999.330 of the CCPA Regulations addresses particulars of the opt-in process:

  • Verifying the authorizing parent or guardian. A business must have a process in place to verify that the parent or guardian authorizing the sale of a minor’s personal information is who they say they are: “A business that has actual knowledge that it sells the personal information of children under the age of 13 shall establish, document, and comply with a reasonable method for determining that the person affirmatively authorizing the sale of the personal information about the child is the parent or
    guardian of that child. This affirmative authorization is in addition to any verifiable parental consent required under COPPA [i.e. the Children’s Online Privacy Protection Act, 15 U.S.C. sections 6501, et seq].” [emphasis added]
  • Options for verification. The Regulation offers multiple options for verifying the putative parent or guardian:
    • Providing a consent form to be signed physically or electronically…under penalty of perjury[];
    • Requiring a parent or guardian, in connection with a monetary transaction, to use a credit card, debit card, or other online payment system that provides notification of each discrete transaction to the primary account holder;
    • Having a parent or guardian call a toll-free telephone number staffed by trained personnel;
    • Having a parent or guardian connect to trained personnel via video-conference;
    • Having a parent or guardian communicate in person with trained personnel; and
    • Verifying a parent or guardian’s identity by checking a form of government-issued identification against databases of such information[ ].
  • Verification in the context of a request to know or to delete. The options cited above for verification also apply when a parent or guardian executes a request to know or to delete on behalf of the minor: “A business shall establish, document, and comply with a reasonable method, in accordance with the methods set forth…[above]…for determining whether that a person submitting a request to know or a request to delete the personal information of a child under the age of 13 is the parent or guardian of that child.”
  • Notice requirements to the parent or guardian. A business must provide notice to a parent or guardian opting-in how to later opt-out: “When a business receives an affirmative authorization pursuant to…[this regulation]…the business shall inform the parent or guardian of the right to optout and of the process for doing so on behalf of their child pursuant to section 999.315(a)-(f) [i.e., the specifics regarding the opt-out process applicable to all consumers].”

1. Cal. Civ. Code §1798.120(c).

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

social icon
Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →

  • Products
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
  • Solutions
    • What is sensitive data discovery?
    • What is data loss prevention?
    • What is data classification?
    • Security Use Cases
  • Compliance
    • News
    • Services
  • Need Help?
    • Customer Portal
    • 646-863-8301​​​​​​​​​​​​​​​​​​​​​
    • 3030 North Rocky Point Drive West,
      Suite 470
      Tampa, FL 33607
LATEST BLOG POSTS
  • From Reactive to Proactive: Achieving Data Privacy Through Automation
  • Industry-Specific Data Classification: Why One-Size-Fits-All Doesn’t Work
  • Why Sensitive Data Identification Is the Key to Proactive Data Privacy

© 2024 Spirion, LLC. All Rights Reserved

  • Legal
  • Privacy
  • Sitemap