Page 55 - CCPA and GDPR Deskbook
P. 55
e. Having a parent or guardian communicate in person with trained personnel; and
f. Verifying a parent or guardian’s identity by checking a form of government- issued identification against databases of such information, as long as the parent or guardian’s identification is deleted by the business from its records promptly after such verification is complete.
(b) When a business receives an affirmative authorization pursuant to subsection (a), the business shall inform the parent or guardian of the right to opt-out and of the process for doing so on behalf of their child pursuant to section 999.315, subsections (a)-(f).
(c) A business shall establish, document, and comply with a reasonable method, in accordance with the methods set forth in subsection (a)(2), for determining that a person submitting a request to know or a request to delete the personal information of a child under the age of 13 is the parent or guardian of that child.
Note: Authority cited: Section 1798.185, Civil Code. Reference: Sections 1798.120, 1798.135 and 1798.185, Civil Code.
§ 999.331 Consumers 13 to 15 Years of Age
(a) A business that has actual knowledge that it sells the personal information of consumers at least 13 years of age and less than 16 years of age shall establish, document, and comply with a reasonable process for allowing such consumers to opt-in to the sale of their personal information, pursuant to section 999.316.
(b) When a business receives a request to opt-in to the sale of personal information from a consumer at least 13 years of age and less than 16 years of age, the business shall inform the consumer of the right to opt-out at a later date and of the process for doing so pursuant to section 999.315.
Note: Authority cited: Section 1798.185, Civil Code. Reference: Sections 1798.120, 1798.135 and 1798.185, Civil Code.
54 CCPA & GDPR Deskbook