Many thanks to Lothar Determann and Jonathan Tam for this post.

Some of your job applicants and employees in California may be alarmed if you tell them you sell their personal information. But you will have to say you sell their personal information if you disclose their personal information to third parties after January 1, 2022 without including certain data processing clauses in your contracts, as required by the California Consumer Privacy Act (CCPA). So we recommend reviewing these contracts to ensure they include the prescribed clauses if you wish to avoid being a “seller” of personal information.

You should also get ready to field data access, deletion, correction, portability and other requests from your employees and other personnel in California starting January 1, 2023. This will require implementing new protocols and training up your human resources and compliance teams. We also recommend tightening up your data retention and deletion protocols to limit the amount of information you have to review when handling data subject requests.

Do you use employee monitoring software or algorithms to help you evaluate job applicants? You should ensure that your use of these and similar tools address upcoming requirements regarding automated decision-making, risk assessments and the use of sensitive personal information. Note that the CCPA also currently requires employers to issue privacy notices to their California employees pursuant to a California Privacy Rights Act (CPRA) amendment that took effect on December 16, 2020.

There is an HR exception under the CCPA but it is not comprehensive and expires January 1, 2023. When the CCPA originally passed in 2018, it included a limited, temporary carve-out for personal information of job applicants, employees, independent contractors and other personnel, who only needed to receive a brief “notice at collection.” The CPRA extended the limited carve-out until January 1, 2023 and immediately expanded the list of disclosures that employers have to provide to employees and candidates at or before the time of collecting their personal information.[1] Such “notices at collection” must include details about the types of personal information collected, the purposes for which the information is collected, and how long the personal information is retained or the criteria for determining the same. The California Attorney General’s CCPA Regulations also require notices at collection to indicate whether the business sells California residents’ personal information and a notice of the their right to opt-out of sales if so, and a link to the business’s privacy policy.[2] You should begin to address these requirements immediately if you have not done so already.


Continue Reading Employers Must Prepare Now For New California Employee Privacy Rights

Special thanks to Melissa Allchin and Lothar Determann.

Our California Employer Update webinar is designed to ensure that California in-house counsel are up to speed on the top employment law developments of 2021 and are prepared for what’s on the horizon in 2022.

With our “quick hits” format, we provide a content-rich presentation complete

We identified and mapped out our most relevant blog posts, articles and video chats to serve as a quick and handy roadmap to recovery and renewal for your company.

Our 2022 Employment & Compensation Resource Navigator provides US multinational companies organized links to Baker McKenzie’s most helpful, relevant thought leadership in one brief document. Arranged

Special thanks to guest contributors Melissa Allchin and Harry Valetk

Our Labor and Employment, Global Immigration and Mobility, and Data Privacy lawyers discuss vaccine passports — what they are, how countries are already using them domestically and for international travelers, data privacy concerns related to the use of digital health documentation, and what employers should

Special thanks to guest contributors John Evason and Monica Kurnatowska.

The pandemic instantly proved that remote work is possible for a large swath of workers, but also brought a sharp focus on issues such as mental well-being, team engagement, productivity, data privacy and cybersecurity risks, and much more.

Simultaneously, as businesses were trying to

Special thanks to our guest contributors Matthew Gorman and Cristina Messerschmidt.

In this Mobility Minute, our Immigration and Data Privacy lawyers will be looking at the issue of data privacy, or lack thereof, at US ports of entry, including international airports. We will review a recent court decision that appears to further minimize protections

With special thanks to Lothar Determann for this post.

The California Privacy Rights Act of 2020 (CPRA) introduces sweeping changes to the California Consumer Privacy Act of 2018 (CCPA), which already imposes an obligation on California employers to issue privacy notices to employees since January 1, 2020. These notices must be updated as

We identified and mapped out our most relevant blog posts, articles and video chats to serve as a quick and handy roadmap to recovery and renewal for your company.

Our 2021 Employment & Compensation Resource Navigator provides US multinational companies organized links to Baker McKenzie’s most helpful, relevant thought leadership in one brief document. Arranged