What California Employers Need to Know About New Data Privacy Act
On Jan. 1, 2023, the California Privacy Rights Act will take effect, extending privacy protection rights to California resident employees. Please review important information about the CPRA and how it might impact employers:
California privacy rights established in 2020
On Jan. 1, 2020, the nation’s first comprehensive privacy legislation went into effect. The California Consumer Privacy Rights Act (CCPA) created consumer privacy rights and business obligations with respect to the collection and sale of personal information of California consumers. Many businesses covered by the CCPA have already implemented compliance plans.
Which employers are affected?
The CPRA only applies to for-profit companies with:
- at least one employee residing in California, AND
- global company revenue of $25 million or more in the previous calendar year
Application of privacy law extended to employers effective in 2023
At the end of 2020, the CCPA was amended by the California Privacy Rights Act (CPRA), extending similar data privacy protection to California resident employees. These employer-related provisions of the CPRA go into effect on January 1, 2023, triggering related employer obligations. The California Privacy Protection Agency (CPPA) is the state agency created to implement and enforce the law beginning July 1, 2023.
Recommended actions for employers
Employers should seek advice from their legal counsel soon to determine whether the CCPA-CPRA applies to them and, if so, what actions they must take to comply with the law.
If the CCPA-CPRA applies, your company must fulfill its own obligations including:
- Provide a notice to each of your employees and job applicants at the point of data collection,
- Make a compliant privacy policy available to your employees, and
- Respond to privacy-related data requests from your employees in a prescribed timeframe.
What is G&A’s role in supporting California privacy laws?
As a third-party outsourced HR and payroll provider, G&A Partners has its own compliance obligations under the law. G&A may provide privacy notices to your employees who exercise data requests in connection with our compliance efforts. G&A will also assist you in providing the applicable data we hold so you can fulfill your employer compliance responsibilities when appropriate.
Note: G&A’s role and responsibilities under the CPRA do not relieve your company of its own independent compliance obligations under the law.
Learn More About California Privacy Laws
- Bloomberg Law’s brief gives an overview of the laws in plain language and includes resources such as FAQs.
- State of California Department of Justice, Office of the Attorney General provides information about the implementation, administration, and enforcement of the laws.
- Review the California Privacy Protection Agency (CPPA) website, the agency tasked with enforcing the regulations surrounding the CPRA.
- Review the International Association of Privacy Professionals’ topic page on the CCPA and CPRA.
Learn About Other States’ Privacy Laws
- The National Conference of State Legislatures provides an overview of state laws related to digital privacy.