California Expands Definition of Sensitive Information to Include "Citizenship or Immigration Status" - Richt Law Firm

CCPA Privacy Law richtfirm October 16, 2023

California Expands Definition of Sensitive Information to Include “Citizenship or Immigration Status”

In a further sign of the increased focus on personal information that is “sensitive,” the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), has expanded the categories of information deemed sensitive to now include “citizenship or immigration status.” Specifically, in October 2023, Governor Newsom signed Assembly Bill 947.

As we have covered previously, information determined to be sensitive due to the privacy implications if processed in certain manners and, even worse, disclosed in a breach is seeing an increased regulatory focus both stateside as well as on the international stage, such as under privacy frameworks such as the European Union’s General Data Protection Regulations (GDPR).

Businesses subject to the CCPA as amended by the CPRA will have to ensure compliance with various rights, including those relating to rights to limit the use of “sensitive personal information,” which is now defined as:

(1) Personal information that reveals:

(A) A consumer’s social security, driver’s license, state identification card, or passport number.

(B) A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

(C) A consumer’s precise geolocation;

(D) A consumer’s racial or ethnic origin, citizenship or immigration status [emphasis added as per October 2023 expanded definition of “Sensitive Information”], religious or philosophical beliefs, or union membership.

(E)The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.

(F) A consumer’s genetic data.

(2)(A) The processing of biometric information for the purpose of uniquely identifying a consumer.

(B) Personal information collected and analyzed concerning a consumer’s health.

(C) Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

(3) Sensitive personal information that is “publicly available” pursuant to paragraph (2) of subdivision (v) shall not be considered sensitive personal information or personal information.

Going Forward

Beyond considerations concerning rights to limit, businesses should also review privacy policies and related notices to ensure that they account for any required additions, such as personal information that reveals citizenship or immigration status.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Insights

California Expands Definition of Sensitive Information to Include “Citizenship or Immigration Status”

Going Forward

Categories

Categories

The Firm

Services

Contact