Benefits Bryan Cave

Main Content

The CCPA: Employee Data Requirements May Be Delayed, But Do Not Appear to be Going Away

July 12, 2019

Categories

Action is currently underway to amend the California Consumer Privacy Act (“CCPA”) to provide employers an additional year to comply with the CCPA with respect to employee data of California-based employees.

The California Senate Judiciary Committee has passed AB-25, an amendment to the CCPA that would delay most of the compliance obligations for employee data until January 1, 2021. Specifically, the amendment provides that employees are not “consumers” for most purposes of the statute until January 1, 2021.

If the legislature passes the bill, the CCPA will still apply to employers with California-based employees in the following ways, effective January 1, 2020:

  • Employees will be able to sue employers for a data breach involving their unencrypted data
  • Employers must provide a notice to employees describing the categories of employee information collected, used and disclosed by the employer.

While there have been many predictions that the CCPA would

Employer CCPA FAQs #9: May an employer become subject to the CCPA because of a corporate transaction?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.

As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.

For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European

Employer CCPA FAQs #8: Does the CCPA apply to non-profit employers?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.

As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.

For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European

Deep Dive: DOL Appeals Federal Court’s Association Health Plan Ruling and Issues Interim Guidance

As we predicted in our last Deep Dive, the Department of Labor (DOL) has appealed the District Court for the District of Columbia’s ruling in State of New York, et al. v. United States Department of Labor, et al. which vacated key portions of the DOL’s association health plan regulation (AHP Rule). The DOL filed its Notice of Appeal with the federal district court (D.D.C.) on April 26.

In response to the Court’s ruling (and before filing its appeal) the DOL had published a Q&A-style discussion of the ruling’s impact. After filing its appeal, the DOL published an official statement (DOL Statement) outlining interim guidance for previously-formed AHPs and employers who began participating in an AHP in reliance on the AHP Rule. The DOL Statement clarifies that these employers and AHPs may continue their coverage for

IRS Expands Determination Letter Program for Mergers of Qualified Plans Following Corporate Transactions

The IRS recently reversed course on the availability of the determination letter program for merged qualified retirement plans – thereby providing new alternatives for integrating qualified retirement plan benefits in the context of corporate transactions.

Merged Plan Relief:  Rev. Proc. 2019-20, released on May 1, 2019, expands the IRS’ determination letter program for individually designed qualified retirement plans (e.g., defined benefit plans or defined contribution plans) that result from a merger of two or more qualified retirement plans following a corporate merger, acquisition or other similar business transaction (a “Merged Plan”).  The newly expanded program will be available beginning September 1, 2019 and continuing on an ongoing basis.

Eligibility:  To be eligible for the determination letter program:

  • The Merged Plan must be a combination of two or more qualified retirement plans maintained by previously unrelated entities (i.e., entities that are not members of the same controlled

Employer CCPA FAQs #7: If an employer is based in California, will the CCPA requirements apply to all employee data held by the employer?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.

As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.

For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European

Employer CCPA FAQs #6: Does an employer need to generate revenue in California in order for CCPA to apply?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.

As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.

For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data

Employer CCPA FAQs #5: Does an employer have to be “established” in the United States for U.S. data privacy and security laws, and particularly the CCPA, to apply?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.

As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.

For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data

Deep Dive: Association Health Plan Considerations following the Court Order Vacating the DOL’s Final Rule

On March 28, 2019, the Federal District Court for the District of Columbia issued an opinion and order vacating key portions of the Department of Labor’s regulation, published in June 2018, which had expanded the definition of “employer” under Section 3(5) of ERISA (the “AHP Rule”), thereby broadening the scope of association health plans (“AHPs”).  According to the Court, it is unreasonable to interpret “employer” as including working owners and groups that do not have “a true commonality of interest” and doing so leads to “absurd results” and is an “end run” around the Affordable Care Act.  The Court’s opinion was issued with immediate effect and has cast doubt on the future use of AHPs, especially self-insured AHPs.

As background, the AHP rule was promulgated in response to President Trump’s October 12, 2017, Executive Order, which directed the DOL to expand access to and

Employer CCPA FAQs #4: What information is not “Personal Information” under the CCPA?

This post is part of our series of FAQs examining the California Consumer Privacy Act (“CCPA”)  that should help employers with operations in California to determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.

By way of background, the CCPA is a new privacy law that will go into effect in early 2020. Because the CCPA refers to “consumers” many HR professionals do not realize that the CCPA, as currently enacted, also applies to data collected about California-based employees. Please see our recent blog post for a summary of which employers will be subject to the CCPA and the key requirements of the law.

Although the law will not be in effect until next year, employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply

The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.