Ask Reggi Your Question Now
Can I collect personal information from my customers in California in Pennsylvania? What are the requirements?
Collecting Personal Information from Customers in California in Pennsylvania
If you are collecting personal information from customers in California while being located in Pennsylvania, you must comply with the California Consumer Privacy Act (CCPA) [2.1]. The CCPA applies to businesses that collect personal information from California residents and meet certain criteria, such as having annual gross revenue of over $25 million, buying or selling personal information of 50,000 or more consumers, households, or devices, or deriving 50% or more of their annual revenue from selling consumers’ personal information.
Under the CCPA, you must provide California residents with notice at or before the point of collection of their personal information. The notice must include the categories of personal information collected, the purposes for which the information will be used, and the categories of third parties with whom the information will be shared [2.1]. Additionally, you must provide California residents with the right to opt-out of the sale of their personal information and the right to request deletion of their personal information [2.1].
If you are sharing personal information with a third party for the purpose of performing services on your behalf, you may be exempt from the opt-out requirements if you enter into a contractual agreement with the third party that prohibits them from disclosing or using the information for any purpose other than to carry out the services for which you disclosed the information [1.3].
It is important to note that Pennsylvania also has its own data privacy laws, such as the Pennsylvania Breach of Personal Information Notification Act, which requires businesses to notify affected individuals in the event of a data breach involving their personal information [2.1]. Therefore, it is recommended that you also comply with Pennsylvania’s data privacy laws in addition to the CCPA.
In summary, if you are collecting personal information from customers in California while being located in Pennsylvania, you must comply with the CCPA by providing notice and opt-out rights to California residents, and may be exempt from the opt-out requirements if you enter into a contractual agreement with third-party service providers. Additionally, you should also comply with Pennsylvania’s data privacy laws.
Source(s):
- [1.3] Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
- [2.1] Restrictions on the Collection and Use of Personal Information.
Jurisdiction
Pennsylvania, California