In the Headlines
August 30, 2021

Got Workers in California? It's Time to Brush up on the State's Data Privacy Law

HR Dive

Data Privacy attorney Ashley Shively spoke with HR Dive about the California Consumer Privacy Act (CCPA) and what employers need to know to remain in compliance with it. Passed in 2018 and amended in 2020, the act regulates the collection, use and disclosure of "personal information" that businesses collect from California residents, giving residents the right to know what information a business has obtained about them, have that information deleted and opt out of the sale of that information. The law also defines "personal information" broadly, encompassing traditional identifying information like name and physical address in addition to new categories like IP address, browsing history and even biometric data. It also applies to any business — regardless of location — that has a gross annual revenue of $25 million or handles personal information of 50,000 California residents each year.

With that in mind, Ms. Shively said employers must start implementing security measures to safeguard the information of all employees, contractors and job applicants who are California residents. Some of these measures may include secure configuration of network devices as well as mail and web browser protections. They also must give employees notice of privacy policy and practices, which can be done through an "internal-facing policy distributed to employees." Above all, she commented, the CCPA is the first of its kind in the U.S., and companies who have contact with California residents' information need to take note of it.

"It's the first comprehensive state data privacy law in the United States," she said. "Subject to certain limited exceptions, the CCPA applies to most employers that collect or use the personal information of their California employees, applicants and contractors."

READ: Got Workers in California? It's Time to Brush up on the State's Data Privacy Law

Related News and Headlines