Employers Beware: California Regulators Announce CCPA Compliance “Sweep”
The California Consumer Privacy Act (CCPA) is a state law that initially took effect on January 1st, 2020. It put more stringent requirements in place for companies that take, solicit, and use sensitive consumer information. Recently, the law was reformed. As of January 1, 2023, the CCPA privacy protections were extended to include information of employees and job applicants.
On July 14, 2023, California Attorney General Rob Bonta announced his plan for a comprehensive investigative sweep—seeking information from employers to ensure that they are in full compliance with the new provisions of the CCPA. Here, our Coachella Valley employment attorney highlights the key things that employers should know about the CCPA.
The CCPA Applies to Large and Many Mid-Sized Employers in California
All businesses in California must comply with the CCPA if they fit into one of the following three categories:
- Have gross revenue of at least $25 million;
- Purchase, sell, or share personal information of at least 100,000 California residents or devices; or
- Generate at least half of annual revenue from the selling of personal information of Californians.
Job Applicant and Employee Data are Now Covered By The CCPA
Initially, the CCPA contained a provision that excluded job applicants and employee data from its privacy requirements. However, that provision was allowed to expire. As of January 1, 2023, all employers in California that are subject to the CCPA must comply with CCPA’s robust privacy protections as it relates to employee data. The CCPA defines personal information (PI) in a relatively broad manner. It includes things like:
- Social Security Number (SSN);
- Driver’s license information;
- Passport number;
- Financial account information;
- Address, phone number, and email;
- Demographic information; and
- Biometric information.
A Covered Employer Must Provide a Notice When Collected Employee Data
Notably, employers in California that are subject to the CCPA must provide a notice to job applicants and employees when they collect any sensitive data. In order to be in full compliance with the CCPA, a notice from an employer must meet the following four criteria:
- The notice must describe the categories of information that was collected;
- The notice must state whether or not information will be sold or otherwise shared;
- The notice must state the length of time information will be retained; and
- The notice must include a list of third parties that were involved in the collection of the information and/or that will receive the information.
With the latest inquiry letter from the California Attorney General, it is clear that state regulators are prepared to enforce the CCPA. There are financial penalties for violations. Covered employers should take proactive measures to comply with the employer data protections of the CCPA.
Consult With a California Employment Attorney in Southern California
At the Law Office of Karen J. Sloat, APC, our California employment lawyer has deep experience representing employers. We help our clients put the right practices in place to be in full compliance with federal and state law. Contact us today to arrange your fully confidential initial consultation. Our firm represents employers throughout the Coachella Valley.