Since July 1, 2023, the California Privacy Protection Agency has the power to bring administrative enforcement actions under the California Consumer Privacy Act (CCPA) (see our post on California Privacy Law Action Items for Employers).
While a June 30, 2023 ruling by the Sacramento County Superior Court stays enforcement of the March 29, 2023 CCPA regulations until March 29, 2024, employers should carry on with their CCPA compliance efforts. It is not time to hit the snooze button!
Even with the stay, employers could now be subject to immediate enforcement of the CCPA as revised by the California Privacy Rights Act and the August 2020 operative CCPA regulations.
Homework! Here are our top 5 action items for CA employers
- Implement / update contracts with service providers, affiliates and other parties to whom you disclose personal information about applicants and personnel, to avoid triggering or violating opt-out rights of employees (and implement an opt-out program if required);
- Issue / update privacy notices to job applicants and employees and addressing applicant and HR data in your online CCPA Privacy Policy;
- Update the company’s data subject request program and train HR professionals;
- Revisit data deletion and retention policies given broad access rights for employees and associated compliance costs and risks; and
- Prepare assessments concerning the use of “sensitive personal information” to support reliance on exceptions or offer opt-out rights to employees.
For extra credit
Register now for our upcoming California Privacy Law Series webinar focused on CCPA Requirements, Regulations and Enforcement taking place on Wednesday, July 19 at 12 p.m. PT.
For more information, please see our California Privacy Law blog and resource page.