Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I store personal information about my customers in California? What are the requirements?

Yes, you can store personal information about your customers in California, but you must comply with the requirements set forth in the California Civil Code.

Requirements for Storing Personal Information in California

Under Section 1798.14 of the California Civil Code, agencies (which includes businesses) must only maintain personal information that is relevant and necessary to accomplish a purpose required or authorized by law [1.1]. Additionally, under Section 1798.24 of the California Civil Code, agencies must not disclose personal information in a manner that would link the information disclosed to the individual to whom it pertains, unless certain conditions are met, such as obtaining the individual’s prior written voluntary consent or disclosing the information to those officers, employees, attorneys, agents, or volunteers of the agency that have custody of the information if the disclosure is relevant and necessary in the ordinary course of the performance of their official duties and is related to the purpose for which the information was acquired [1.3]. Therefore, if you store personal information about your customers in California, you must ensure that you only collect and maintain information that is necessary for your business purposes and that you do not disclose that information in a manner that would link it to the individual to whom it pertains, unless you meet one of the conditions set forth in Section 1798.24 of the California Civil Code.

Notice Requirements

Additionally, under Section 1798.17 of the California Civil Code, each agency (including businesses) must provide notice to individuals when collecting personal information from them. The notice must include the name of the agency and the division within the agency that is requesting the information, the title, business address, and telephone number of the agency official who is responsible for the system of records, the authority that authorizes the maintenance of the information, whether submission of such information is mandatory or voluntary, the consequences of not providing all or any part of the requested information, the principal purpose or purposes within the agency for which the information is to be used, and any known or foreseeable disclosures which may be made of the information pursuant to subdivision (e) or (f) of Section 1798.24 [1.4].

Other Relevant Laws

It is important to note that nothing in the California Civil Code shall be construed to authorize the disclosure of any record containing personal information, other than to the subject of such records, in violation of any other law [1.7]. Additionally, this chapter shall be construed to supersede any other provision of state law, including Article 2 (commencing with Section 7924.100) of Chapter 2 of Part 5 of Division 10 of Title 1 of the Government Code, or any exemption in Section 7922.000 of the Government Code or in any provision listed in Section 7920.505 of the Government Code, which authorizes any agency to withhold from an individual any record containing personal information that is otherwise accessible under the provisions of this chapter [1.8].

Internet Privacy Requirements

If you operate a commercial website or online service that collects personally identifiable information through the website or online service from individual consumers who use or visit the commercial website or online service and who reside in California, you must comply with the provisions of Section 22575 or with the provisions of its posted privacy policy [2.1].

Conclusion

In summary, you can store personal information about your customers in California, but you must comply with the requirements set forth in the California Civil Code, including only maintaining necessary information, not disclosing information in a manner that would link it to the individual to whom it pertains, and providing notice to individuals when collecting personal information from them. Additionally, you must comply with other relevant laws and internet privacy requirements.

Source(s):
Jurisdiction

California