The CCPA includes a non-exhaustive list of data types that may fall under the definition of personal information. One of those data types is “biometric information.”1
While the CCPA provides a definition of “biometric information,” it is worth noting that the CCPA’s definition differs from the definition of the term in other statutes and
Marginally.
Section 1798.150 of the CCPA permits consumers to “institute a civil action” if consumer “personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, is subject to unauthorized access and exfiltration, theft, or disclosure,” and where that unauthorized access was “a result of the business’s violation” of a