What is (and is not) personal information under the California Privacy Rights Act?
The California Privacy Rights Act (CPRA) defines personal information to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” (see Cal. Civ. Code § 1798.140 (v)).
There is pre-existing California Law that aligns with this definition. In particular, Cal Civ. § 1798.80 (e) defines personal information as “any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, […]”
It is important to note that one set of data can be deemed to be personal information of multiple individuals. For example, the service register of a car held by a mechanic or garage contains information about the car, mileage, dates of service checks, technical problems, and material condition. This information is associated on the record with a plate number and an engine number, which in turn can be linked to the owner. Where the garage is able to establish a connection between the vehicle and the owner, for the purpose of billing, all of the information on the vehicle is personal information of the owner under CPRA. In addition, the information may also be associated to the driver, who could be an…
