country: United States - California framework: CPRA region: North America language: en version: 2023-01 status: published last_updated: 2025-06-30 source_verified: true authority: California Privacy Protection Agency (CPPA) notes: - The CPRA expands CCPA by defining Sensitive Personal Information and granting consumers enhanced control over their data. - Applicable to businesses that meet revenue, data volume, or sharing thresholds under Cal. Civ. Code §1798.140. categories: - name: Full Name type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) subtype: personal_name - name: Alias type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Postal Address type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) subtype: address - name: Unique Personal Identifier (e.g., customer ID) type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Online Identifiers (IP address, cookies, device ID) type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) subtype: address - name: Email Address type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) subtype: digital_contact - name: Account Name type: direct_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(A) - name: Social Security Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) url: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140 subtype: government_id risk_level: critical breach_impact: - identity_theft - financial_fraud - account_takeover - regulatory_penalties masking_techniques: - method: hash algorithm: SHA-256 suitability: production reversible: false - method: encryption algorithm: AES-256 suitability: archival reversible: true notes: Use secure key management with periodic rotation - method: partial_mask algorithm: "***-**-1234" suitability: display reversible: false retention: legal_minimum: "As long as business purpose exists" recommended: "No longer than reasonably necessary" basis: "CPRA §1798.105 Right to Delete + business justification" deletion_trigger: - "consumer_deletion_request" - "account_closure + 12 months" - "end_of_business_purpose" exceptions: - "legal obligation to retain" - "security incident investigation" - "compliance with other laws" archival_allowed: false notes: "CPRA requires businesses to honor deletion requests unless exception applies" processing_purposes: allowed: - service_delivery - identity_verification - fraud_prevention - legal_compliance - tax_compliance - employment_verification - benefit_administration restricted: - credit_decisions - third_party_sharing - automated_decision_making - cross_context_tracking prohibited: - sale_without_consent - discrimination - unauthorized_disclosure - profiling_for_employment consent_required: false opt_out_available: true notes: "CPRA classifies SSN as sensitive personal information. Consumers have right to limit use. Businesses must disclose processing purposes and allow opt-out of sale/sharing." - name: Driver's License or State ID Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) subtype: government_id - name: Passport Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) subtype: government_id - name: Financial Account, Debit, or Credit Card Number type: direct_identifier required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(B) subtype: financial_identifier - name: Geolocation Data (precise) type: special_category required_masking: true tags: - pii - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(D) subtype: geolocation - name: Biometric Information (e.g., retina scan, voiceprint) type: special_category subtype: biometric required_masking: true tags: - sensitive - biometric citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(E) description: Consumers can limit use and disclosure of sensitive personal information url: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.140 risk_level: high breach_impact: - identity_theft - privacy_violation - discrimination - physical_harm - regulatory_penalties masking_techniques: - method: encryption algorithm: AES-256-GCM suitability: production reversible: true notes: Encrypt biometric templates; never store raw biometric data - method: pseudonymization algorithm: irreversible transformation suitability: analytics reversible: false - method: suppression suitability: sharing reversible: false retention: legal_minimum: "Only while collecting or processing for disclosed purpose" recommended: "Delete immediately after verification or authentication" maximum: "3 years from collection" basis: "CPRA §1798.121 Right to Limit + §1798.105 Right to Delete" deletion_trigger: - "consumer_requests_deletion" - "consent_withdrawal" - "purpose_fulfilled" - "no_longer_necessary" exceptions: - "legal compliance requirement" - "security purposes (limited)" archival_allowed: false notes: "Sensitive PI under CPRA requires opt-in consent; consumers can limit use at any time" processing_purposes: allowed: - authentication - identity_verification - security - fraud_prevention - access_control restricted: - automated_decision_making - profiling - third_party_sharing - ai_training - behavioral_advertising prohibited: - sale_without_consent - discrimination - surveillance - unauthorized_tracking - employment_discrimination consent_required: true opt_out_available: true notes: "CPRA §1798.121 requires opt-in consent for sensitive PI. Consumers have right to limit use and disclosure. Biometric data subject to strict purpose limitation and minimal retention." - name: Race or Ethnicity type: special_category required_masking: true tags: - phi - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(C) subtype: health - name: Genetic Data type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(C) subtype: genetic - name: Sexual Orientation or Sex Life type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(F) - name: Racial or Ethnic Origin type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(F) - name: Religious or Philosophical Beliefs type: special_category required_masking: true tags: - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)(1)(F) - name: Browsing History or Search History type: behavioral required_masking: true tags: - sensitive - tracking citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(F) - name: Employment Information type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(I) - name: Education Information (non-public) type: quasi_identifier required_masking: true tags: - pii citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(v)(1)(J) - name: Sensitive Personal Information Flag type: meta required_masking: false tags: - flag - sensitive citations: - regulation: CPRA section: Cal. Civ. Code §1798.140(ae)