California Privacy Rights Act of 2020 (CPRA)

The California Privacy Rights Act of 2020

The California Privacy Rights Act of 2020 (CPRA) will substantially expand the privacy and information security obligations of most employers doing business in California. This new and comprehensive legal framework will apply to the personal information of California residents who are employees, job applicants, independent contractors, and board members, as well as employees’ dependents who receive benefits through the employer (collectively, “HR Individuals”). In a marked departure from previous U.S. laws related to the data of HR Individuals, the CPRA creates a comprehensive data protection regime similar to data protection laws in many other parts of the world, such as the European Union’s General Data Protection Regulation.

This dramatic expansion of employers’ data obligations will go into effect on January 1, 2023, and will require significant changes to existing policies, procedures, and practices for handling HR Individuals’ personal information. While the compliance deadline may seem distant, most covered employers are likely to need much of this time to address the CPRA’s enhanced requirements. Additionally, the CPRA contains a 12-month lookback period for HR Individuals’ requests to exercise their new rights to know how the company handles their personal information. This means that, commencing January 1, 2022, employers should begin preparing their human resources data so that they can respond to employees’ CPRA rights requests.

Our Littler Insight – Substantial New Privacy Obligations for California Employers: The California Privacy Rights and Enforcement Act of 2020 Passes at the Polls – provides an overview of the upcoming legislation.

Littler’s Experienced Privacy Team

With years of experience in employment and data protection laws, Littler’s CPRA team can efficiently guide your organization while promptly addressing the human resources side of these important laws. Our team can assist with developing and implementing an entire CPRA compliance program, including:

• Data mapping to identify all repositories of HR Individuals’ personal information and the flow of that personal information into, and out of, the company
• Drafting required notices at collection and online privacy policies
• Preparing policies and procedures to address CPRA rights requests from HR Individuals
• Enhancing existing information security policies and procedures to meet the CPRA’s compliance standard
• Developing and implementing mandatory retention schedules
• Drafting and negotiating required agreements with service providers, contractors, and other third parties
• Providing employee training

Littler's CPRA Publications   Littler's CPRA Podcasts

Resources

CPRA Compliance Suite

To assist your organization with CPRA compliance, Littler’s CPRA Team has developed the CPRA Compliance Suite. This comprehensive suite of templates and guidance can be purchased as an entire package or on an a la carte basis. Littler’s CPRA Compliance Suite consists of more than one dozen documents, including:

• Template fact-finding memos and compliance documents to address CPRA requirements applicable to HR data
• Information Security Supplement
• Non-HR Data Supplement

Please contact your Littler attorney or CPRA@littler.com for more information about pricing.

Learn More About Available Templates

Does the new CPRA apply to employers?

The Littler CPRA Podcast

The Littler California Privacy Rights Act Podcast features conversations related to a law that will be a “game changer” for almost every employer that does business in California..

Listen on iTunes