Side by Side Comparison: How sensitive data is defined among states
In a previous Clarip article on “Handling Sensitive Personal Information under the CPRA and the VCDPA,” we discussed the CPRA and the VCDPA’s different approaches to regulating personal information explicitly categorized as “sensitive” or “special.” The terms currently used by CPRA and VCDPA are similar to the privacy law predecessor GDPR, and this chart takes a more in-depth look into how the main data privacy statutes define sensitive personal information.
Data Field | GDPR | CPRA | VCDPA |
---|---|---|---|
Biometric data | If used to uniquely identify a data subject | If used to uniquely identify a data subject | If used to uniquely identify a data subject |
Child-collected data | |||
Citizenship | |||
Contents of consumer’s email | |||
Contents of consumer’s mail | |||
Contents of consumer’s SMS texts | |||
Credit card number (with required security code or password) | |||
Debit card number (with required security code or password) | |||
Driver’s License Number | |||
Ethnic origin | |||
Financial account number (which permits access to the account) | |||
Genetic data | If used to uniquely identify a data subject | If used to uniquely identify a data subject | |
Health information | |||
Health insurance information | |||
Immigration Status | |||
Medical or health information | Mental or Physical Diagnosis | ||
Military identification number | |||
Other unique identification number issued on a government document used to verify identity | |||
Passport number | |||
Philosophical beliefs | |||
Political opinion | |||
Precise geolocation | |||
Racial origin | |||
Religious beliefs | |||
Sex life | |||
Sexual orientation | |||
Social Security Number | |||
Tax identification number | |||
Trade union membership | |||
Username and password that would permit access to an online account |
Clarip’s automated data mapping technology will help your business stay compliant regardless of which data privacy laws you need to comply with. Our Data Risk Intelligence Scan can identify the sensitive personal information that your organization processes. Using our Rules Engine, we can flag processing activities that may expose your organization to data privacy risks. Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.
Access Clarip’s Privacy Whitepapers Today
Privacy News
– Clarip Blog
Whitepapers
– What Your Company Needs to Know About Regulations of Biometric Data
– Right to Opt-Out of Sale of Personal Data Under the California and Nevada Laws
– Responding to Personal Data Deletion Requests Under the California Consumer Privacy Act
– Right to Opt-Out of Sale of Personal Data Under the California and Nevada Laws
– Verifiable Data Subject Requests under the GDPR and the CCPA
– Other Resources
California Consumer Privacy Act
– CCPA Text
– CCPA Summary
– CCPA vs GDPR
– CCPA Privacy Software
– CCPA Webinar
– SB-1121 Amendments
EU GDPR
– GDPR Text
– GDPR Compliance
– Consent Management Software
– GDPR Data Mapping Software
– DSAR Portal