Can I collect personal information from my customers in California in North Carolina? What are the requirements?

Based on the additional context documents, here is the updated response to your query:

Collecting Personal Information from Customers in California and North Carolina

If you are collecting personal information from customers in California, you must comply with the California Consumer Privacy Act (CCPA) ^[2.1]. The CCPA applies to businesses that collect personal information from California residents and meet certain criteria, such as having annual gross revenues of $25 million or more, buying, receiving, or selling the personal information of 50,000 or more consumers, households, or devices, or deriving 50% or more of their annual revenues from selling consumers’ personal information. Under the CCPA, businesses must provide consumers with notice of the categories of personal information they collect and the purposes for which the information will be used. Consumers have the right to request that businesses disclose the specific pieces of personal information they have collected about them, and to request that businesses delete their personal information.

If you are collecting personal information from customers in North Carolina, you must comply with NCGS 132-1.10, NCGS 75-66, and NCGS 75-64 ^[2.1]. NCGS 132-1.10 prohibits state and local government agencies from collecting social security numbers and other personal identifying information from individuals unless authorized by law to do so or unless the collection of the social security number is otherwise imperative for the performance of that agency’s duties and responsibilities as prescribed by law. Social security numbers collected by an agency must be relevant to the purpose for which collected and shall not be collected until and unless the need for social security numbers has been clearly documented. NCGS 75-66 prohibits the publication of personal information, including social security numbers, without the individual’s consent. It is a violation of this statute for any person to knowingly broadcast or publish to the public on radio, television, cable television, in a writing of any kind, or on the Internet, the personal information of another with actual knowledge that the person whose personal information is disclosed has previously objected to any such disclosure. NCGS 75-64 requires businesses that conduct business in North Carolina and maintain or otherwise possess personal information of a resident of North Carolina to take reasonable measures to protect against unauthorized access to or use of the information in connection with or after its disposal. The reasonable measures must include implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing personal information so that information cannot be practicably read or reconstructed, implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media and other nonpaper media containing personal information so that the information cannot practicably be read or reconstructed, and describing procedures relating to the adequate destruction or proper disposal of personal records as official policy in the writings of the business entity.

Conclusion

If you are collecting personal information from customers in California and North Carolina, you must comply with the CCPA and the relevant North Carolina statutes ^[2.1]. It is important to review the specific requirements of each statute to ensure compliance.

Source(s):

• [2.1] Destruction of personal information records.

Jurisdiction

North Carolina, California

• Privacy