Privacy Policy CCPA Rights Reference missing
Privacy Policy CCPA Rights Reference missing
Description
The vulnerability arises because the system fails to verify whether the privacy policy references rights under the CCPA, potentially leaving users' data unprotected and violating legal requirements.
Recommendation
To mitigate vulnerability, ensure that your privacy policy clearly outlines the rights granted to consumers under the California Consumer Privacy Act (CCPA), including the right to access, delete, and opt-out of the sale of their personal information. Regularly review and update your privacy policy to ensure compliance with CCPA regulations and provide transparency to consumers about how their data is collected, used, and shared.
Links
- Android Privacy Guidelines
- Privacy Policies for Mobile Apps
- Apple Privacy Manifest
- CWE-359: Exposure of Private Information ("Privacy Violation")
Standards
- OWASP_MASVS_L1:
- OWASP_MASVS_L2:
- OWASP_MASVS_RESILIENCE:
- CWE_TOP_25:
- GDPR:
- ART_5
- ART_6
- ART_7
- ART_9
- ART_11
- ART_13
- ART_15
- ART_16
- ART_17
- ART_32
- CCPA:
- CCPA_1798_100
- CCPA_1798_105
- CCPA_1798_110
- CCPA_1798_115
- CCPA_1798_120
- CCPA_1798_125
- CCPA_1798_130
- CCPA_1798_135
- CCPA_1798_140
- CCPA_1798_150
- PCI_STANDARDS:
- OWASP_MASVS_v2_1:
- MASVS_PRIVACY_1
- MASVS_PRIVACY_2
- MASVS_PRIVACY_3
- MASVS_PRIVACY_4
- OWASP_ASVS_L1:
- OWASP_ASVS_L2:
- OWASP_ASVS_L3:
- SOC2_CONTROLS:
- CC_2_3
- CC_5_3