cpra-sensitive-pi

Installation
SKILL.md

CPRA Sensitive Personal Information

Overview

The California Privacy Rights Act (CPRA) introduced the concept of "sensitive personal information" (sensitive PI) as a distinct category under Cal. Civ. Code §1798.140(ae), effective January 1, 2023. This category parallels but is not identical to the GDPR's "special categories of data" under Article 9. The CPRA grants consumers the right to limit a business's use and disclosure of their sensitive PI to specific enumerated purposes under §1798.121.

Unlike the GDPR, which generally prohibits processing of special categories unless an exception applies, the CPRA permits businesses to collect and use sensitive PI but gives consumers the right to restrict that processing after collection through the "limit use" mechanism.

Sensitive PI Categories (§1798.140(ae))

Category 1: Government Identifiers

Social Security number, driver's license number, state identification card number, or passport number.

Liberty Commerce Inc. Processing: Liberty Commerce Inc. collects Social Security numbers for tax reporting (1099-K forms) from marketplace sellers exceeding $600 in annual sales per IRS reporting thresholds. Driver's license numbers are collected for age verification on restricted product purchases. These are stored in a segregated, encrypted database with access limited to the tax compliance and fraud prevention teams.

Category 2: Account Credentials

Installs
8
GitHub Stars
187
First Seen
Jun 9, 2026
cpra-sensitive-pi — mukul975/privacy-data-protection-skills