Personal Information (CCPA Definition)

Under the CCPA, personal information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This definition is broader than traditional conceptions of personal information, extending beyond individual-level data to include household-level data. The CCPA provides eleven categories of personal information including identifiers (name, email, IP address), commercial information (purchase records), biometric information, internet activity, geolocation data, sensory data (audio/visual), professional information, education information, and inferences drawn from any of this data to create consumer profiles. Notably, the definition explicitly includes online identifiers, device information, and inferred data like preferences or characteristics. The CCPA excludes certain information from this definition: publicly available information, lawfully obtained truthful information that's public record, deidentified or aggregated consumer information, and information covered by sector-specific laws like HIPAA, FCRA, GLBA, or DPPA. The breadth of this definition means most data collected about California consumers triggers CCPA obligations, including disclosure requirements, consumer rights, and business responsibilities.