BCLP At Work

BCLP At Work

CCPA

Main Content

The CCPA: Employee Data Requirements May Be Delayed, But Do Not Appear to be Going Away

July 12, 2019

Categories

Action is currently underway to amend the California Consumer Privacy Act (“CCPA”) to provide employers an additional year to comply with the CCPA with respect to employee data of California-based employees.

The California Senate Judiciary Committee has passed AB-25, an amendment to the CCPA that would delay most of the compliance obligations for employee data until January 1, 2021. Specifically, the amendment provides that employees are not “consumers” for most purposes of the statute until January 1, 2021.

If the legislature passes the bill, the CCPA will still apply to employers with California-based employees in the following ways, effective January 1, 2020:

  • Employees will be able to sue employers for a data breach involving their unencrypted data
  • Employers must provide a notice to employees describing the categories of employee information collected, used and disclosed by the employer.

While there have been many predictions that the CCPA would be amended to remove employee data from the requirements of the statute altogether, if the California state legislature approves the bill amending the CCPA, the effect will be to simply delay the compliance obligations for employers for a year.

For now the bill is with the Senate Appropriations Committee for hearing and another round of voting.  Assuming Appropriations votes to pass the bill, it will go to the Floor for a vote.  The Appropriations Committee has until August 30th to vote on bills.

BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols

Employer CCPA FAQs #9: May an employer become subject to the CCPA because of a corporate transaction?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).   Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers address their obligations under the California Consumer Privacy Act. If you or your

Employer CCPA FAQs #8: Does the CCPA apply to non-profit employers?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).   Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers address their obligations under the California Consumer Privacy Act. If you or your

Employer CCPA FAQs #7: If an employer is based in California, will the CCPA requirements apply to all employee data held by the employer?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).   Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers address their obligations under the California Consumer Privacy Act. If you or your

Employer CCPA FAQs #6: Does an employer need to generate revenue in California in order for CCPA to apply?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).   Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program to employers that includes a formal gap assessment as well as policies, procedures, and protocols to close identified gaps.  BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has a team

Employer CCPA FAQs #5: Does an employer have to be “established” in the United States for U.S. data privacy and security laws, and particularly the CCPA, to apply?

In this Series of our FAQs examining the California Consumer Privacy Act (“CCPA”), we are examining the scope of the law’s jurisdiction.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).  Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program to employers that includes a formal gap assessment as well as policies, procedures, and protocols to close identified gaps.  BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has

Employer CCPA FAQs #4: What information is not “Personal Information” under the CCPA?

This post is part of our series of FAQs examining the California Consumer Privacy Act (“CCPA”)  that should help employers with operations in California to determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, the CCPA is a new privacy law that will go into effect in early 2020. Because the CCPA refers to “consumers” many HR professionals do not realize that the CCPA, as currently enacted, also applies to data collected about California-based employees. Please see our recent blog post for a summary of which employers will be subject to the CCPA and the key requirements of the law. Although the law will not be in effect until next year, employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply with the European Union’s General Data Protection Regulation (“GDPR”), the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and updated or new data policies. Employers who are required to comply with the GDPR will likely already be familiar with many of the requirements of the CCPA, and a key area of interest is the degree to which the CCPA aligns with GDPR for purposes of implementing CCPA compliant practices for their California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols

Employer CCPA FAQs #3: As used in the CCPA, do the terms “personal data,” and “personal information” mean the same thing?

In the coming weeks we will be releasing a series of FAQs examining the California Consumer Privacy Act (“CCPA”)  of particular importance to employers.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, employers with operations in California should be aware of the CCPA, a new privacy law that applies to data collected about California-based employees.   Because the CCPA refers to “consumers” many HR professionals don’t realize that the Act, as currently drafted, applies to data collected about California-based employees. Please see our recent blog post summarizing the CCPA for employers. The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply with the GDPR, the requirements of the CCPA for California-based employees will likely require a new analysis of the treatment of employee-data and updated or new data policies. For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).  Employers who are complying with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP also offers a complete compliance

Employer CCPA FAQs #2: What is “personal information” under the CCPA?

In the coming weeks we will be releasing a series of FAQs examining the California Consumer Privacy Act (“CCPA”)  of particular importance to employers.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, employers with operations in California should be aware of the CCPA, a new privacy law that applies to data collected about California-based employees.   Because the CCPA refers to “consumers” many HR professionals don’t realize that the Act, as currently drafted, applies to data collected about California-based employees. Please see our recent blog post summarizing the CCPA for employers. The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply with the GDPR, the requirements of the CCPA for California-based employees will likely require a new analysis of the treatment of employee-data and updated or new data policies. For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).  Employers who are complying with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP also offers a complete

Employer CCPA FAQs #1: Does the CCPA apply to employee data?

In the coming weeks we will be releasing a series of FAQs examining the California Consumer Privacy Act (“CCPA”)  of particular importance to employers.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, employers with operations in California should be aware of the California Consumer Privacy Act (“CCPA”), a new privacy law that applies to data collected about California-based employees.   Because the CCPA refers to “consumers” many HR professionals don’t realize that the Act, as currently drafted, applies to data collected about California-based employees.  See our recent blog summarizing the CCPA for employers: [https://bclpatwork.com/meet-the-ccpa-new-privacy-rules-for-california-employees/] The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.  For US employers who have not had to comply with the GDPR, the requirements of the CCPA for California-based employees will likely require a new analysis of the treatment of employee-data and updated or new data policies. For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”). Employers who are complying with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP also offers

The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.