Skip Repeated Content


A privacy notice typically discloses the following information to the public:

  • The categories of information collected from a data subject directly and from third parties about a data subject,
  • The purpose for which information is collected and used,
  • The extent to which the business tracks or monitors data subjects,
  • The extent to which the business shares the data subject’s information with third parties,
  • The standard by which the business protects the information from unauthorized access,
  • The ability (if any) of a data subject to request access to their information,
  • The ability (if any) of a data subject to request the deletion of their information,
  • The ability (if any) of a data subject to request the rectification of inaccurate information, and
  • The process by which a business will inform data subjects about changes in its privacy practices.

While the CCPA requires that a business that collects a consumer’s personal information about its employees disclose the first two categories of information “at or before the point of collection,” it does not require that all of the information typically contained in a privacy notice be disclosed to the employee at that time.1

For more information and resources about the CCPA visit

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. CCPA, Section 1798.100(b).

This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.