Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I collect personal information from my customers in California in Arizona? What are the requirements?

Based on the provided documents, here are the requirements for collecting personal information from customers in Arizona and California:

Requirements for collecting personal information in Arizona

Arizona Revised Statutes (AZRS) 44-1373 restricts the use of personal identifying information, including social security numbers. A person or entity shall not intentionally communicate or otherwise make an individual’s social security number available to the general public, print an individual’s social security number on any card required for the individual to receive products or services provided by the person or entity, require the transmission of an individual’s social security number over the internet unless the connection is secure or the social security number is encrypted, require the use of an individual’s social security number to access an internet web site, unless a password or unique personal identification number or other authentication device is also required to access the site, or print a number that the person or entity knows to be an individual’s social security number on any materials that are mailed to the individual, unless state or federal law requires the social security number to be on the document to be mailed [1.1].

Entities that maintain communication service records, telephone records, or public utility records of a resident of Arizona shall establish reasonable procedures to protect against unauthorized or fraudulent disclosure of such records that could result in substantial harm or inconvenience to any customer [5.1].

A seller who offers or sells a business opportunity and who is required to file a registration statement pursuant to section 44-1272 shall not solicit a consumer from a location in Arizona or a consumer located in Arizona unless the seller provides a written disclosure document to the consumer. The seller shall deliver the written disclosure document to the consumer at least five business days before the earlier of the consumer’s execution of a contract imposing a binding legal obligation on the consumer or the payment of any monies, receipt of anything of value, or authorization to charge a credit or debit card [6.1].

An entity shall not knowingly discard or dispose of records or documents without redacting the information or destroying the records or documents if the records or documents contain an individual’s first and last name or first initial and last name in combination with a corresponding complete social security number, credit card, charge card or debit card number, retirement account number, savings, checking or securities entitlement account number, or driver license number or nonoperating identification license number [2.1].

A retailer may retain and use information from a customer’s driver license or other state issued identification only for the purpose of verifying the customer’s age, for the purpose of establishing a customer’s identity, for the purpose of confirming that the customer is properly licensed to operate a motor vehicle, recreational vehicle, truck or motorcycle on public roads or for the purpose of disclosing the information to certain entities. Except as provided, the retailer shall not transmit the information to a third party for any purpose, except that a retailer may disclose the information to a law enforcement agency for the purposes of a law enforcement investigation [4.1].

A licensee shall implement a comprehensive written customer information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities. The customer information security program shall be designed to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information [7.1][7.2].

Requirements for collecting personal information in California

California has strict laws regarding the collection of personal information. The California Consumer Privacy Act (CCPA) requires businesses to provide notice to consumers at or before the point of collection of their personal information. The notice must include the categories of personal information to be collected and the purposes for which the categories of personal information shall be used [3.2].

Additionally, businesses must provide consumers with the right to opt-out of the sale of their personal information. Businesses must also provide consumers with the right to request that their personal information be deleted [3.2].

Conclusion

Based on the provided documents, there are specific requirements for collecting personal information from customers in Arizona and California. In Arizona, entities must establish reasonable procedures to protect against unauthorized or fraudulent disclosure of communication service records, telephone records, or public utility records, and must not knowingly discard or dispose of records or documents containing personal identifying information. In California, businesses must provide notice to consumers at or before the point of collection of their personal information, and must provide consumers with the right to opt-out of the sale of their personal information and the right to request that their personal information be deleted.

Source(s):
Jurisdiction

California, Arizona