Can I collect personal information from my customers in California in Kansas? What are the requirements?

Based on the information provided in the context documents, here is the response to your query:

Requirements for Collecting Personal Information in California and Kansas

If you collect personal information from customers in California and Kansas, you must comply with the requirements set forth in the California Consumer Privacy Act (CCPA) and the Kansas Consumer Protection Act (KCPA).

Under the CCPA, businesses that collect personal information from California residents must provide them with certain disclosures, including the categories of personal information collected, the purposes for which the information is used, and the categories of third parties with whom the information is shared ^[2.2]. Additionally, businesses must provide California residents with the right to request that their personal information be deleted and the right to opt-out of the sale of their personal information ^[2.2].

Under the KCPA, holders of personal information must implement and maintain reasonable procedures and practices appropriate to the nature of the information, and exercise reasonable care to protect the personal information from unauthorized access, use, modification or disclosure ^[1.1]. Holders of personal information must also take reasonable steps to destroy or arrange for the destruction of any records within their custody or control containing any person’s personal information when they no longer intend to maintain or possess such records ^[1.1].

Therefore, if you collect personal information from customers in California and Kansas, you must comply with the requirements of both the CCPA and the KCPA. This includes providing customers with appropriate disclosures, implementing reasonable procedures and practices to protect personal information, and taking reasonable steps to destroy personal information when it is no longer needed.

However, it is important to note that Kansas has specific regulations regarding the collection of personal information when using a credit card. Under KSST 50-669a, businesses that accept credit cards for the transaction of business cannot require the cardholder to write any personal identification information upon the credit card transaction form or otherwise, or provide personal identification information, which the business writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise, unless it is required by the card issuer to complete the credit card transaction or for a special purpose incidental but related to the individual credit card transaction ^[1.2].

Additionally, under KSST 50-6,145, a person shall not use, cause to be used, obtain, sell, transfer or disclose to another person without written authorization protected health information for the purpose of soliciting an individual for legal services ^[1.3].

Note that this is a general overview and you should consult with legal counsel to ensure that you are fully compliant with all applicable laws and regulations.

^[1.1]: KSST 50-6,139b ^[1.2]: KSST 50-669a ^[1.3]: KSST 50-6,145 ^[2.2]: 10 CACR Section 2689.7

Source(s):

• [1.1] Requirements for holders of personal information.
• [1.2] Prohibiting the taking of personal information when using a credit card.
• [1.3] Soliciting for legal services, restrictions related to protected health information; violation, unlawful and deceptive trade practice; criminal penalty; supreme court authority to regulate the practice of law not affected.
• [2.2] Information to be Included in Privacy Notices.

Jurisdiction

Kansas, California

• Privacy