sensitive personal information (SPI). Are you ready?
SPI - What You Need To Understand
What is it?
Under the California Privacy Rights Act (“CPRA”) and the Virginia Consumer Data Protection Act (“VCDPA”), “sensitive personal information,” which has passed into U.S. privacy law, is an acknowledgment that specific personal data requires an explicit opt-in for this data to be used.
What Falls Under SPI?
The CPRA defines “sensitive personal information” as information that reveals:
Consumers’ geolocation. (Think location targeting)
Consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership. (Think multicultural targeting)
Personal information collected and analyzed concerning a consumer’s health (Think health targeting)
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. (Think purchase data)
Contents of a consumer’s mail, email, or text messages, unless the business is the intended recipient of the communication; (Think inbox extensions)
Consumer’s social insurance number, genetic & biometric data
What to do about it?
When working with SPI, you must ensure you are working with partners who have obtained this data in a direct, consented, compliant way. Make sure you are protecting your brand by choosing your partners wisely. Remember, data does not respect state boundaries, and states like Virginia require opt-in, not ‘opt-out.’
Why Reklaim?
All SPI data inside of Reklaim is collected 1x1 via an interface with the consumer where they explicitly 'opt-in' to sharing this data for marketing purposes. If you are looking for SPI data consented directly by the consumer to power your campaigns in 2023 in programmatic, social, or other mediums, please get in touch with our team directly. Also - don't forget to sign up for Reklaim here.