The term “sensitive personal information” is often referred to in contracts, regulatory guidance, and policy documents. What constitutes sensitive personal information, and the practical implications of that designation, differ among laws, regulations, and privacy frameworks? The program will discuss what types of personal information are considered “sensitive” under different legal regimes including the CCPA, CPRA, CPA, VCDPA, and GDPR, and explain how that designation impacts what businesses can, and cannot, do with information.
Key topics to be discussed include:
- How different statutes and regulations use the phrase “sensitive personal information”
- What companies must do in order to collect sensitive personal information from consumers and employees
- What restrictions are imposed on companies that collect sensitive personal information
- What regulatory considerations should companies consider