The California Consumer Privacy Act (the "CCPA"), as amended by the California Privacy Rights Act (the “CPRA”) (collectively the “CCPA”), provides certain privacy rights to California consumers regarding their personal information. These frequently asked questions (“FAQs”) provide general consumer information about the CCPA. For more information about our overall privacy practices, including those relevant to you as a California consumer, please visit our Your Privacy Rights and California Consumer Privacy Rights pages.
What are the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (CPRA)?
The California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), is a California consumer privacy law that provides certain privacy rights to California consumers (residents) regarding their personal information (“PI”), including:
- The right to know and access what PI a business has collected about them and how it is used and shared;
- The right to delete PI collected from them, subject to certain exceptions;
- The right to correct inaccurate PI that a business has about them
- The right to opt-out of the sale or sharing of their PI, including for cross-context behavioral advertising;
- The right to limit the use and disclosure of sensitive personal information (“SPI”) collected about them;
- The right to request transfer of their PI in a portable format, to the extent technically feasible; and
- The right to non-discrimination and equal service for exercising their CCPA/CPRA rights.
Who is a “consumer” under CCPA/CPRA
- A “consumer” for purposes of the CCPA/CPRA is any natural person who is a California resident. This includes job applicants, employees, or the employees of other businesses, as well as individuals whose personal information is collected when acting in a business to business capacity.
What types of information are covered under CCPA/CPRA?
The CCPA/CPRA applies to “personal information” (“PI”) about California consumers that is collected, used, shared or sold. The CCPA/CPRA defines PI as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, including, but not limited to:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
- Any categories of personal information described in the California
- Customer Records statute (e.g., his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information).
- Characteristics of protected classifications under California or federal law.
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric information.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet website, application, or advertisement.
- Geolocation data.
- Audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information.
- Education information as defined in the Family Educational Rights and Privacy Act.
- Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Sensitive Personal Information (“SPI”), which is defined as information that reveals or includes:
- A consumer’s social security, driver’s license, state identification card, or passport number.
- A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
A consumer’s precise geolocation.
- A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
- The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
- A consumer’s genetic data.
- The processing of biometric information for the purpose of uniquely identifying a consumer.
- Personal information collected and analyzed concerning a consumer’s health.
- Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
- Publicly available information, de-identified information and/or aggregate information are excluded from the definition of PI and SPI.
- SPI that is not used to infer characteristics about an individual is considered PI.
How can I request Spectrum to limit the use and disclosure of sensitive personal information?
- The CCPA/CPRA grants California consumers the right, at any time, to limit the use of their sensitive personal information (“SPI”) to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, or as otherwise permitted under the CPRA. Please visit Spectrum’s Privacy Preferences page or access the “Limit the Use of My Sensitive Personal Information” link available on our websites and applications, to manage your privacy preferences.
Where can I find Spectrum’s privacy policies?
How can I request to opt out of the sale or sharing of my personal information under CCPA/CPRA?
- The CCPA/CPRA grant California consumers the right to opt-out of the sale or sharing of their personal information, including for cross-context behavioral advertising purposes. Please visit Spectrum’s Privacy Preferences page to manage your privacy preferences.
What is a verifiable consumer request under CCPA/CPRA?
- The CCPA/CPRA define a verifiable consumer request as a request that a consumer, or someone legitimately acting on the consumer's behalf, makes and that the business can reasonably verify is from the person about whom it collected personal information in order to exercise one of the consumer’s California privacy rights. Under the CCPA/CPRA, Spectrum may deny a consumer’s requests for access, correction or deletion when it cannot reasonably verify the consumer’s, or his or her authorized agent’s, identity.
How do I submit a verifiable consumer request for access, deletion, or correction?
- In order to submit a verifiable consumer request for access to, deletion, or correction of your personal information, please visit our online request page at https://privacy.spectrum.net.
When should I expect to receive a response to my verifiable consumer request?
- Under the CCPA/CPRA, Spectrum has forty-five (45) days in which to respond to a consumer’s verifiable consumer request. In some instances, Spectrum may need additional time to complete your request. The CCPA/CPRA permit Spectrum to seek a one-time extension for an additional forty-five (45) days, for up to a total of ninety (90) days. In the event Spectrum needs additional time, we will notify you of the need for an extension within the initial forty-five (45) day period.
Is there any personal information that Spectrum is not required to delete when responding to my request for deletion?
The California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) grants California consumers the right to submit a verifiable consumer request that a business and its service providers delete the personal information collected from the consumer, subject to certain exceptions. Specifically, Spectrum and/or its service providers may decline a consumer’s request to delete their personal information when such information is necessary to:
- Complete the transaction for which the PI was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
- Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business; or
- Comply with a legal obligation.
Will I be charged for submitting a verifiable consumer request or for Spectrum’s efforts to respond to my request?
- The California Consumer Privacy Act (“CCPA”) requires businesses to provide consumers with their personal information free of charge. However, the CCPA provides that “manifestly unfounded or excessive," particularly repeat requests, businesses may either charge a "reasonable fee" reflecting administrative costs involved or deny the consumer’s request and notify the consumer of the reason.
How will I know when my verifiable consumer request has been completed?
- For access and portability requests, you will receive an email that will contain instructions on how you can view and or download your personal information file. For a correction or deletion, the email will contain the results of the request.
How does an authorized agent submit a verifiable consumer request for access to or deletion of the personal information on behalf of a California consumer?
- Visit our online request page dedicated to authorized agent requests at California Consumer Authorized Agent Consumer Request. Valid documentation, such as a valid power of attorney, reflecting that you are authorized to act on behalf of a California consumer must be provided with your submission.