The California Privacy Rights Act of 2020

The California Privacy Rights Act of 2020 (CPRA) will substantially expand the privacy and information security obligations of most employers doing business in California. This new and comprehensive legal framework will apply to the personal information of California residents who are employees, job applicants, independent contractors, and board members, as well as employees’ dependents who receive benefits through the employer (collectively, “HR Individuals”). In a marked departure from previous U.S. laws related to the data of HR Individuals, the CPRA creates a comprehensive data protection regime similar to data protection laws in many other parts of the world, such as the European Union’s General Data Protection Regulation.

This dramatic expansion of employers’ data obligations will go into effect on January 1, 2023, and will require significant changes to existing policies, procedures, and practices for handling HR Individuals’ personal information. While the compliance deadline may seem distant, most covered employers are likely to need much of this time to address the CPRA’s enhanced requirements. Additionally, the CPRA contains a 12-month lookback period for HR Individuals’ requests to exercise their new rights to know how the company handles their personal information. This means that, commencing January 1, 2022, employers should begin preparing their human resources data so that they can respond to employees’ CPRA rights requests.

Our Littler Insight – Substantial New Privacy Obligations for California Employers: The California Privacy Rights and Enforcement Act of 2020 Passes at the Polls – provides an overview of the upcoming legislation.

The California Consumer Privacy Act of 2018

Until the CPRA goes into effect, the California Consumer Privacy Rights Act (CCPA) is the California law governing the handling of California residents’ personal information. Despite its name, the CCPA contains burdensome notice obligations for handling human resources data. Most employers with California residents who are applicants, employees, independent contractors, owners, or board members must comply with the CCPA, which requires providing these individuals with a Notice at Collection. The CCPA also substantially increases the risk associated with human resources data breaches.

Littler’s Experienced Privacy Team

With years of experience in employment and data protection laws, Littler’s CPRA/CCPA team can efficiently guide your organization while promptly addressing the human resources side of these important laws. Our team can assist with developing and implementing an entire CPRA compliance program, including:

  • Data mapping to identify all repositories of HR Individuals’ personal information and the flow of that personal information into, and out of, the company
  • Drafting required notices at collection and online privacy policies
  • Preparing policies and procedures to address CPRA rights requests from HR Individuals
  • Enhancing existing information security policies and procedures to meet the CPRA’s compliance standard
  • Developing and implementing mandatory retention schedules
  • Drafting and negotiating required agreements with service providers, contractors, and other third parties
  • Providing employee training

CPRA and CCPA News & Analysis

Toolkits

CPRA Toolkits

Coming Soon!

CCPA Human Resources Toolkit

To assist your organization with the Notice at Collection, Littler has developed a CCPA Toolkit for HR Data. The documents included in the toolkit are:

  • Template notice for applicants
  • Template notice for employees
  • Template notice for independent contractors
  • Template notice for board members/directors
  • Template notice for emergency contacts
  • Fact-finding memo to collect information for the notice on dependents
  • Memo explaining the legal framework and how to customize the notices

Other CCPA Toolkits

We have also developed toolkits for companies engaged in processing human resources data as a service, including website privacy policies, internal policies for handling CCPA data rights requests, data rights request forms, and training presentations.

Please contact us with questions about our CCPA toolkits.

The Littler CPRA Podcast

The Littler California Privacy Rights Act Podcast features conversations related to a law that will be a “game changer” for almost every employer that does business in California..

Listen on iTunes