On January 1, 2024, businesses must post updated Privacy Policies under the California Consumer Privacy Act (CCPA), which requires annual updates of disclosures and fully applies in the job applicant and employment context since January 1, 2023.
With respect to job applicants and employees, businesses subject to the CCPA are required to:
- Issue detailed privacy notices with prescribed disclosures, terminology, and organization;
- Respond to data subject requests from employees and job candidates for copies of information about them, correction, and deletion;
- Offer opt-out rights regarding disclosures of information to service providers, vendors, or others, except to the extent they implement qualified agreements that contain particularly prescribed clauses; and
- Offer opt-out rights regarding the use of sensitive information except to the extent they have determined they use sensitive personal information only within the scope of statutory exceptions.
If employers sell, share for cross-context behavioral advertising, or use or disclose sensitive personal information outside of limited purposes, numerous additional compliance obligations apply. For more: see also our related previous post: Employers Must Prepare Now for New California Employee Privacy Rights.