A guideline for human resources professionals to ensure compliance.
CDF's Privacy Practice Group leaders recently authored the article "How HR Can Protect Employers From Privacy Claims Under CPRA," for HR.com's HR Legal & Compliance Excellence February 2023 edition.
"At a time when businesses are under attack from the outside, they must also protect themselves from opening the door to employee claims under the California Privacy Rights Act (CPRA).
For many California employers, compliance with privacy laws, such as the CPRA, inevitably falls on human resources professionals.
This article provides an overview of the CPRA and guidelines for human resources professionals to ensure that their business is protected from litigation. The California Privacy Protection Agency (CPPA) is set to start enforcement on July 1, 2023, and individuals will also have a private right of action expanding the scope of litigation against employers by disgruntled former employees.
Covered California employers need to take active measures to protect their employees’ personal information and other data, as well as timely respond to employees’ requests that relate to such information.
Which California Employers Are Covered?
Any business with California employees that meets the coverage test should ensure compliance with the CPRA. Most businesses, even small businesses, are covered by the CPRA since the revenue threshold is $25 million dollars. In addition, employers that buy, sell, or receive personal information of 100,000 or more consumers on an annual basis (for commercial purposes), and employers that derive fifty percent or more of their annual revenues from selling consumers’ personal information are also covered.
While these tests appear to be straightforward, the government interprets “sale” to include obtaining any benefit from sharing personal information or other data gathered from the internet, such as discounts, advertising, or other benefits that are not typically viewed as financial transactions.
The CPRA requires covered employers to provide privacy notices and take active steps to protect personal information routinely collected during employment to applicants and employees."
To continue reading this article, click here.