On January 1, 2023, substantive amendments to the California Consumer Privacy Act (“CCPA”) took effect and the temporary exemptions of certain employees and business-to-business (“B2B”) personal information expired, providing employees, job applicants, independent contractors and B2B contacts with the same CCPA protection and rights as California consumers. The amendments have expanded coverage to include all personal information of employees, contractors, applicants and B2B contacts of California employers. While the amendments are effective, enforcement is expected to be delayed until July 1, 2023.
What Is The CCPA?
California was the first state to introduce data privacy protection regulation on par with the EU’s General Data Protection Regulation when it enacted the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”). The CPRA amendments created the first state agency focused exclusively on privacy: the California Privacy Protection Agency (“CPPA”). The CCPA provides consumers, who are California residents, with strong individual rights around their personal information and imposes various data protection duties on certain entities conducting business in California.
Who Is Now Covered?
The CCPA’s definition of consumers includes California-based (1) employees and job applicants; and (2) contacts of and from business customers, vendors, or independent contractors. However, the CCPA previously included the following two temporary exemptions:
As of January 1, 2023, these two temporary exemptions have expired and employees, candidates, independent contractors, and B2B contacts alike are now provided with the same CCPA protections and rights as other California consumers.
Among the CCPA’s definition of covered businesses are: (1) affiliates with common branding; (2) joint ventures or partnerships; and (3) any for-profit entity doing business in California that meets at least one of the following thresholds:
What Should Employers Do Now?
The CPPA is currently in the process of preparing regulations and guidance to implement the CPRA’s substantive amendments to the CCPA, which are expected to be finalized in the next several months. Nevertheless, employers should start to evaluate and address their obligations under the amended CCPA. Specifically, employers should:
The recent amendments to the CCPA demonstrates a larger trend towards increased regulation in the area of privacy law. As a result, California employers must be cognizant of how their workplaces collect, manage and disclose data, revising existing policies and procedures, where necessary, in order to be compliant with the new law.
Please contact Naureen Amjad, Riebana E. Sachs or a member of the Employment, Labor and Benefit Group with any questions.
©2023 Masuda, Funai, Eifert & Mitchell, Ltd. All rights reserved. This publication should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended solely for informational purposes and you should not act or rely upon information contained herein without consulting a lawyer for advice. This publication may constitute Advertising Material.