Benefits Bryan Cave

Benefits BCLP

Data Privacy

Main Content

Employer CCPA FAQs #1: Does the CCPA apply to employee data?

In the coming weeks we will be releasing a series of FAQs examining the California Consumer Privacy Act (“CCPA”)  of particular importance to employers.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance.

By way of background, employers with operations in California should be aware of the CCPA, a new privacy law that applies to data collected about California-based employees.   Because the CCPA refers to “consumers” many HR professionals don’t realize that the Act, as currently drafted, applies to data collected about California-based employees. Please see our recent blog post summarizing the CCPA for employers.

The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply with the GDPR, the requirements of the CCPA for California-based employees will likely require a new analysis of the treatment of employee-data and updated or new data policies.

For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).  Employers who are complying with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees.

BCLP also offers a

Meet the CCPA: New Privacy Rules for California Employees

Employers with operations in California should be aware of the California Consumer Privacy Act (“CCPA”), a new privacy law that applies to data collected about California-based employees.   HR professionals should be aware that, although the CCPA refers to “consumers,” as currently drafted the CCPA’s definition of a “consumer” will apply to California-based employees.

Which employers will have to comply with the CCPA?

Employers with employees in California will need to comply with the CCPA if their business falls into one of the following three categories:

1. Their business buys, sells, or shares the “personal information” of 50,000 “consumers” or “devices”;

2. Their business has gross revenue greater than $25 million; or

3. Their business derives 50% or more of its annual revenue from sharing personal information.

What are the key implications of having to comply with the CCPA?

The Employers who have to comply with the CCPA will be subject to the CCPA’s:

1. Expansive definition of “personal information”;

2. New notice requirements for California-based employees, which notices describe the employer’s collection of and use and disclosure of personal information;

3. New data privacy rights for California-based employees, including the right to access, delete, and opt out of the “sale” of personal information;

4. Special rules for the collection and use of personal information of minors;

5. Requirement to implement appropriate and reasonable security practices and procedures;

6. Enforcement

The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.