CCPA Could Lead to Changes to Privacy Notice

by | Mar 1, 2020

The California Consumer Privacy Act (CCPA), which became enforceable on January 1 2020 has resulted in may Californian-based businesses struggling to ascertain what they must do to achieve compliance with the new legislation.

In addition to this, on February 10, the California Attorney General’s office made public an updated version of its proposed regulations, which for the first time gave more guidance on the notice obligations that must be adhere to in relation to their employees. The comment period for these proposed changes has been extended to February 25, 2020. This article addresses the recent changes incorporated into the CCPA as they concern employees.

In 2019, how the CCPA was relevant for employee data became an unanswered question that left many employers in a state of much confusion as the legislation constantly refers to ‘consumers’ explicitly. Due to this amendments were added to the CCPA on October 11 which achieved a number of things including:

  1. Exempted employers, for one year, from abiding by the CCPA’s more onerous provisions
  2. Granting access and deletion rights to employees, job applicants, or independent contractors
  3. Ensuring that employers are provide notice regarding information that is collected from, disclosed by, and/or used for their employees.

In relation to how the legislation is relevant for employees, the following are the important points to remember:

  1. Privacy Notice for Employees: The amendment added some wording to the CCPA including “employment-related information,” which was defined to state that  personal information that is gathered by the business in relation to employees, applicants, independent contractors, owners, directors, officers, emergency contacts, and/or dependents.
  2. ADA Accessibility: Privacy notices under the CCPA must be reasonably accessible to individuals with disabilities. For notices made available online, the business must follow generally recognized industry standards.
  3. The Bottom Line:  Based on recent amendments to the CCPA and the Attorney General’s suggested revised regulations, employers are asked to review their privacy policies, including whether these policies meet ADA accessibility requirements. In addition to this, business owners should be prepared to extend full protection and statutory rights to employees starting on January 1, 2021. Business owner must also think about the method of delivery of their privacy notice to their employees and how to best provide such notice.

If you have an concerns in relation to how you business is behaving in relation to the CCPA, in relation to your employees, then you should seek guidance from an experienced professional as soon as you can. Otherwise you risk being sanctioned with a fiscal penalty that may prove costly for your company.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy