country: United States - California framework: CPRA region: North America language: en version: 2023-01 status: published last_updated: 2025-06-30 source_verified: true authority: California Privacy Protection Agency (CPPA) notes: - The CPRA expands CCPA by defining Sensitive Personal Information and granting consumers enhanced control over their data. - Applicable to businesses that meet revenue, data volume, or sharing thresholds under Cal. Civ. Code §1798.140. categories: - name: Full Name type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Alias type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Postal Address type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Unique Personal Identifier (e.g., customer ID) type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Online Identifiers (IP address, cookies, device ID) type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Email Address type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Account Name type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Social Security Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) - name: Driver’s License or State ID Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) - name: Passport Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) - name: Financial Account, Debit, or Credit Card Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) - name: Geolocation Data (precise) type: special_category required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(D) - name: Biometric Information (e.g., retina scan, voiceprint) type: special_category subtype: biometric required_masking: true tags: - sensitive - biometric citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(E) - name: Health Information (non-HIPAA) type: special_category required_masking: true tags: - phi - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(C) - name: Genetic Data type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(C) - name: Sexual Orientation or Sex Life type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(F) - name: Racial or Ethnic Origin type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(F) - name: Religious or Philosophical Beliefs type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(F) - name: Browsing History or Search History type: behavioral required_masking: true tags: - sensitive - tracking citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(F) - name: Employment Information type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(I) - name: Education Information (non-public) type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(J) - name: Sensitive Personal Information Flag type: meta required_masking: false tags: - flag - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)