CCPA Could Lead to Changes to Privacy Notice

The California Consumer Privacy Act (CCPA), which became enforceable on January 1 2020 has resulted in may Californian-based businesses struggling to ascertain what they must do to achieve compliance with the new legislation.

In addition to this, on February 10, the California Attorney General’s office made public an updated version of its proposed regulations, which for the first time gave more guidance on the notice obligations that must be adhere to in relation to their employees. The comment period for these proposed changes has been extended to February 25, 2020. This article addresses the recent changes incorporated into the CCPA as they concern employees.

In 2019, how the CCPA was relevant for employee data became an unanswered question that left many employers in a state of much confusion as the legislation constantly refers to ‘consumers’ explicitly. Due to this amendments were added to the CCPA on October 11 which achieved a number of things including:

1. Exempted employers, for one year, from abiding by the CCPA’s more onerous provisions
2. Granting access and deletion rights to employees, job applicants, or independent contractors
3. Ensuring that employers are provide notice regarding information that is collected from, disclosed by, and/or used for their employees.

In relation to how the legislation is relevant for employees, the following are the important points to remember:

1. Privacy Notice for Employees: The amendment added some wording to the CCPA including “employment-related information,” which was defined to state that  personal information that is gathered by the business in relation to employees, applicants, independent contractors, owners, directors, officers, emergency contacts, and/or dependents.
2. ADA Accessibility: Privacy notices under the CCPA must be reasonably accessible to individuals with disabilities. For notices made available online, the business must follow generally recognized industry standards.
3. The Bottom Line:  Based on recent amendments to the CCPA and the Attorney General’s suggested revised regulations, employers are asked to review their privacy policies, including whether these policies meet ADA accessibility requirements. In addition to this, business owners should be prepared to extend full protection and statutory rights to employees starting on January 1, 2021. Business owner must also think about the method of delivery of their privacy notice to their employees and how to best provide such notice.

If you have an concerns in relation to how you business is behaving in relation to the CCPA, in relation to your employees, then you should seek guidance from an experienced professional as soon as you can. Otherwise you risk being sanctioned with a fiscal penalty that may prove costly for your company.