The CCPA defines “deidentified” data as information that “cannot reasonable identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer.”1 A number of individuals and entities requested that the Office of the California Attorney General provide guidance as to what steps should be taken to properly deidentify information sufficient to remove it from the scope of the CCPA.2 The Attorney General declined to provide guidance stating only that “[p]rescribing steps that should be taken to properly deidentify information may not best address the CCPA definitions and all the different methods for complying with the CCPA definitions.”3 It further advised that business should “consult with an attorney who is aware of all pertinent facts and relevant compliance concerns” when attempting to determine whether information would likely be considered “deidentified.”4
1 Cal. Civ. Code 1798.140(h).
2 FSOR, Appendix A at 152 (Responses 477, 478).
3 FSOR, Appendix A at 152 (Response 477).
4 FSOR, Appendix A at 152 (Response 477).