The right to access refers to a person’s ability to request that a controller confirms whether it has personal data about them and to receive information about the processing and a copy of that information. While the GDPR confers a right of access, this right predates the GDPR and can be found within other EU
access requests
What is the difference between a category-level access request and a specific-information access request?
The CCPA and its implementing regulations identify six types of information requests that a consumer can submit to a business. As the first five requests ask that a business respond with broad information about the type of information collected (as opposed to the actual information itself), they are often referred to as category-level access requests.
Do all the state privacy laws recognize authorized agents?
Some modern data privacy statutes mandate that organizations allow third parties – who are authorized by a data subject – to submit access, deletion, correction, or other requests on behalf of a consumer. Such third parties are sometimes referred to as “authorized agents” – a term created by the regulations implementing the CCPA. The following…
How long do retailers take to respond to access requests?
The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or…
What percentage of access requests do retailers deny each year?
The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access requests that the…
So, if I don’t respond to an access request, can I get sued?
No.
The CCPA permits consumers to “institute a civil action” only where consumer “nonencrypted or nonredacted personal information” is “subject to an unauthorized access and exfiltration, theft, or disclosure.” [1] The CCPA does not provide a private right of action, nor does it provide statutory damages, if a company violates its obligation to disclose to…
Do I have to dig through archives each time I get an access request?
The CCPA contains several references to the obligation of a business to, in response to an access request, provide the “specific pieces of personal information” that it has collected about a California resident.1 Each of those sections is modified by California Civil Code Section 1798.130(a)(2), which states that “the disclosure” required by a business…
Access Requests Are Just a CCPA Thing, Right? Right??
No.
While the CCPA confers a right to access, the right predates the CCPA and can be found within other laws within the United States. For example, the Health Insurance Portability and Accountability Act (HIPAA), which was adopted in 1996, allows consumers to request their medical records.[1] Similarly the Family and Educational Rights and…