SHARE

November 21, 2022

What is the difference between a category-level access request and a specific-information access request?

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all Law.com OnPractice content.
Register Now

The CCPA and its implementing regulations identify six types of information requests that a consumer can submit to a business. As the first five requests ask that a business respond with broad information about the type of information collected (as opposed to the actual information itself), they are often referred to as category-level access requests. As the sixth request asks that a business respond with the actual information the business collected about a consumer, it is often referred to as a specific-information request.

So, for example, if a consumer submitted a category-level request that asked a business what categories of personal information the business collected about the consumer, it might be sufficient for the business to respond by stating that it collected "identifiers" about the consumer, or it could respond more specifically by stating that it collected the consumer's name and email address. If the same consumer submitted a specific-information request to the same business, the business might respond by telling the consumer that it collected the name "John Smith" and the email address [email protected][1]

In practice, many companies don't separate category-level requests from specific-information requests when they discuss consumers' rights to request access to their information. Indeed, 52% of companies simply allow consumers to "access" their personal information or submit a "request to know" without specifically differentiating between the different types of access that might be requested.[2]


[1] See FSOR Appendix A at 121 (Response 392).

[2] Greenberg Traurig LLP reviewed the publicly available privacy notices and practices of 555 companies (the Survey Population). The Survey Population comprised companies that had been ranked within the Fortune 500 at some point in the past five years as well as additional companies selected from industries that are underrepresented in the Fortune 500. While the Survey Population does not fully match the current Fortune 500 as a result of industry consolidation and shifts in company capitalization, we believe that the aggregate statistics rendered from the Survey Population are representative of mature companies. Greenberg Traurig's latest survey was conducted between September and October 2022.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

CFPB Says 'Show Me The (Consumer Unfriendly) Fine Print'

By Timothy A. Butler Greenberg Traurig January 25 , 2023

On Jan. 11, the Consumer Financial Protection Bureau (CFPB) released a proposed rule that would require certain nonbank financial companies subject to its supervisory jurisdiction to submit annual reports about their use of terms and conditions that attempt to waive or limit consumer rights and protections.

FINRA Files Amendments to Proposed Rule Change That Will Allow Remote Inspections

By William B. Mack Greenberg Traurig January 25 , 2023

Last summer, the Financial Regulatory Authority (FINRA) proposed a rule change to its supervision rule (FINRA Rule 3110) to allow member firms to conduct remote inspections of some or all branch offices and locations.

5 Trends to Watch: 2023 Venture Capital

By Chinh H. Pham Greenberg Traurig January 20 , 2023

The current macroeconomic environment, coupled with record increases in valuations over the last several years, is creating an increase in down-rounds, re-pricings, and recapitalizations.

More From Cybersecurity

5 Trends to Watch: 2023 Hospitality

By Samantha Ahuja Greenberg Traurig January 18 , 2023

For many hotels, the pandemic exacerbated the challenges of finding enough qualified workers to fill jobs.

Cookies and Other Tracking Technologies May Violate HIPAA

By Karin E. Ross Greenberg Traurig January 18 , 2023

In the midst of significant privacy changes in many U.S. states affecting tracking technologies such as cookies, pixels, and adtech, new lawsuits are alleging entities violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) via impermissible disclosure of protected health information due to the use of these technologies.

10 Issues to Watch in the New Congress

By Robert Mangas Greenberg Traurig January 17 , 2023

The split party control in the U.S. Senate and House of Representatives will require bipartisanship to produce successful legislation over the next two years.

Featured Stories
Closeclose
Search
Menu

Working...