- 1798.100 – Consumers right to receive information on privacy practices and access information
- 1798.105 – Consumers right to deletion
- 1798.110 – Information required to be provided as part of an access request
- 1798.115 – Consumers right to receive information about onward disclosures
- 1798.120 – Consumer right to prohibit the sale of their information
- 1798.125 – Price discrimination based upon the exercise of the opt-out right
Consumer Rights and Information
Exercise of Consumer Rights/Opt-Outs
Definitions
Other statutes and enforcement
Statutory Construction and Regulation
Miscellaneous Provisions
CPRA Only
Full Text
State Privacy Law Tracker
CCPA Security FAQs: Does the CCPA Open Health Care Providers to Increased Litigation?
Probably not.
The CCPA exempts any health care provider or “covered entity” that is governed by the Health Insurance Portability and Accountability Act (“HIPAA”),1 and it exempts “protected health information that is collected by a covered entity or business associate” subject to the HIPAA Security Rule.2 Unlike the exemption provided to other industries (e.g., financial institutions), the exemption provided to health care providers, other covered entities, and business associates appears to cover all aspects of the CCPA including the ability of a Californian to bring a private right of action following a data breach, or seek statutory damages.