Insights
Publications

Employee Data under the CCPA: Expiration of Employer Exemptions Requires Compliance as of January 1, 2023

October 4, 2022 Blog
Privacy Blog

Since the California Consumer Privacy Act (“CCPA”) was passed in 2018, employers have been watching carefully to see how the law will apply to data collected and maintained about their employees. Up until now, employment data had been exempted from most of the CCPA’s requirements. But the new amendments to the CCPA embodied in the California Privacy Rights Act (“CPRA”) come into effect on January 1, 2023, and that, coupled with the fact that the legislature failed to extend the employer exemptions, means that many categories of human resources data will be subject to the requirements of the law.

The Current CCPA Employer Exemptions Are Expiring

As it stands (and through the end of 2022), covered employers are only obligated to notify employees of the categories of data being collected and the purposes for which the data will be used. In the event of a security breach involving employee data, employers are required to notify affected individuals and could be liable for statutory damages. In response to these requirements, most covered employers developed privacy notices with the required disclosures and reviewed their data security policies and protocols to ensure consistency with best practices.

But starting in 2023, employee data will be treated as any other commercial information, and covered employers will need to add employee and human resources data to their ongoing compliance efforts. Indeed, under the CCPA, “personal information” is defined broadly to include information that “identifies, relates to, describes, is reasonably associated with, or could reasonably be linked, directly or indirectly, with a particular consumer household.” Cal. Civ. Code § 1798.140(o)(1). In the employee or human resources context, personal information could include an employee’s contact information, insurance and benefits elections, bank and direct deposit information, emergency contacts, dependents, resume and employment history, performance evaluations, wage statements, time punch records, stock and equity grants, compensation history, and many other forms of data routinely collected in the context of the employment relationship. Moreover, the CPRA introduces a new concept of “sensitive personal information” (such as financial information, social security numbers, communications content, health information, and biometrics) that must be considered and addressed by the employer.

New Requirements Take Effect in 2023

So what does this mean for employers? First, employers must prepare and provide a privacy notice to an employee (or a job applicant since such applicant is likely providing personal information) at or before the time personal information is collected. This could mean including a privacy policy (and a click-through mechanism) on any online application site, in the employee handbook, and/or on internal websites. The privacy policy is likely to be similar to the online privacy policy the employer includes for consumers, though it will need to be revised to accurately reflect the categories of personal information collected (along with the length of time the employer intends to retain data in each category), as well as the categories of third parties with whom such information will be shared (e.g., payroll service providers, etc.).

Read the full Privacy blog post with key takeaways here.

Firm Highlights

Publication

Failures Are Valuable IP: Protect Your Startup’s Negative Trade Secrets

Technology companies and start-ups are familiar with protecting inventions with patents, and protecting their secret formulas, source code, and algorithms as trade secrets. But tech companies may not be aware of another powerful form of...

Read More
News

Jaya Bajaj Named to Lawyers of Color Hot List 2022

Read More
News

Farella Braun + Martel Announces 2023 New Partner Class

Read More
Publication

Employers Should Review Common Severance Agreement Terms Due to New NLRB Decision

Historically, employers have routinely included confidentiality and non-disparagement provisions in severance agreements with departing employees. Such provisions can be important for protecting sensitive personnel data or proprietary business information from disclosure. But in light...

Read More
Publication

New Laws and Compliance Updates for California Employers in 2023

California has passed several new or amended employment laws covering topics ranging from off-duty marijuana use, reproductive rights, California Family Rights Act, COVID-19, criminal law and the workplace, new avenues of enforcement against employers...

Read More
Publication

California Extends Presumption of COVID-19 as Workers’ Compensation Injury and Modifies Notice Requirements for Potential Exposure

In addition to AB 152 extending COVID-19 leave through December 31, 2022 , Governor Gavin Newsom has also signed into law two other COVID-related bills—AB 1751 and AB 2693—affecting employers’ policies regarding employees who...

Read More
Publication

Under FTC’s New Proposed Rule, Employers Will No Longer Be Able to Rely on Noncompete Agreements

The Federal Trade Commission (FTC) has proposed a rule that would prohibit the use of noncompete agreements in employment contracts. Noncompete agreements prevent employees and independent contractors from pursuing certain forms of employment &ndash...

Read More
News

Farella Braun + Martel Earns 2023 U.S. News – Best Lawyers® "Best Law Firms" Rankings

Read More
News

Farella Braun + Martel Recognized in Benchmark Litigation 2023

Farella Braun + Martel continues to be ranked among the top litigation firms in California in the  Benchmark Litigation  2023 guide. Farella was ranked “Highly Recommended” for Dispute Resolution in California and earned a...

Read More
Publication

California’s New Pay Transparency Law

Welcome to EO Radio Show – Your Nonprofit Legal Resource . Every January brings a slew of new laws that take effect at the federal and state level, and it seems that there are...

Read More