CPRA for Employers Series
This continuing series of Littler publications provides a detailed analysis of CPRA Compliance for Employers.
The California Privacy Rights Act of 2020 (CPRA) will substantially expand the privacy and information security obligations of most employers doing business in California. This new and comprehensive legal framework will apply to the personal information of California residents who are employees, job applicants, independent contractors, and board members, as well as employees’ dependents who receive benefits through the employer (collectively, “HR Individuals”). In a marked departure from previous U.S. laws related to the data of HR Individuals, the CPRA creates a comprehensive data protection regime similar to data protection laws in many other parts of the world, such as the European Union’s General Data Protection Regulation.
This dramatic expansion of employers’ data obligations will go into effect on January 1, 2023, and will require significant changes to existing policies, procedures, and practices for handling HR Individuals’ personal information. While the compliance deadline may seem distant, most covered employers are likely to need much of this time to address the CPRA’s enhanced requirements. Additionally, the CPRA contains a 12-month lookback period for HR Individuals’ requests to exercise their new rights to know how the company handles their personal information. This means that, commencing January 1, 2022, employers should begin preparing their human resources data so that they can respond to employees’ CPRA rights requests.
Our Littler Insight – Substantial New Privacy Obligations for California Employers: The California Privacy Rights and Enforcement Act of 2020 Passes at the Polls – provides an overview of the upcoming legislation.
Until the CPRA goes into effect, the California Consumer Privacy Rights Act (CCPA) is the California law governing the handling of California residents’ personal information. Despite its name, the CCPA contains burdensome notice obligations for handling human resources data. Most employers with California residents who are applicants, employees, independent contractors, owners, or board members must comply with the CCPA, which requires providing these individuals with a Notice at Collection. The CCPA also substantially increases the risk associated with human resources data breaches.
With years of experience in employment and data protection laws, Littler’s CPRA/CCPA team can efficiently guide your organization while promptly addressing the human resources side of these important laws. Our team can assist with developing and implementing an entire CPRA compliance program, including:
CCPA Human Resources Toolkit
To assist your organization with the Notice at Collection, Littler has developed a CCPA Toolkit for HR Data. The documents included in the toolkit are:
Other CCPA Toolkits
We have also developed toolkits for companies engaged in processing human resources data as a service, including website privacy policies, internal policies for handling CCPA data rights requests, data rights request forms, and training presentations.
Please contact us with questions about our CCPA toolkits.
The Littler California Privacy Rights Act Podcast features conversations related to a law that will be a “game changer” for almost every employer that does business in California..