Point of sale systems typically collect and retain inherently “personal information” as defined by the CCPA, such as the customer’s name, address, phone number, email, and payment information. 1 While personal information is generally subject to deletion requests, the CCPA provides nine exceptions which, together, create a strong argument that point of sale information does not need to be deleted. Although there is no “one size fits all” exception, the chart below outlines how each exception may apply to point of sale information.
Note that retaining point of sale information indefinitely is probably not defensible. Regardless of what exception a business uses, maintaining a current and enforceable record retention schedule can bolster the overarching argument that point of sale information should be retained in lieu of a deletion request.