Maintaining Compliance with New CCPA Requirements

The California Consumer Privacy Act of 2018 (CCPA) established requirements that protect consumer information from being collected, sold, or utilized by certain businesses. Also applicable to employees, these requirements require companies covered within CCPA parameters to provide notice to applicants, employees, and independent contractors if they collect their personal information for use in any aspect of recruitment, employment, or contracting.

While many employers are currently exempt from these requirements as a result of the “Workforce Data Exemption” implemented during the pandemic, these standards will be enforced again next year. Beginning in January 2023, the CCPA requirements for employee data are expected to expand once again, which will impact employers across the country.

When the California Privacy Rights Act of 2020 (CPRA) takes effect on January 1, 2023, it is important that companies covered by CCPA are compliant with the requirements, which have been amended several times since 2018.

Companies that conduct business in California—including through online activity—and meet one of the following criteria are covered by CCPA.

  • Have a gross annual revenue of at least $25 million.
  • Annually buy, receive, or sell the personal information of 50,000 or more California consumers, households, or devices.
  • Derive 50% or more of their revenue from selling California consumers’ personal information.

If your company falls within this umbrella, PBO Advisory can provide support and education to assist in ensuring compliance with CCPA requirements. It is important to be prepared in advance, as there may be significant data mapping required to track and review all the areas in which you store employee data and how/when it is shared.

For more information, contact PBO Advisory’s Chief People Officer Nicole Devine.

Nicole Devine
Consulting Chief People Officer
858-622-1681 Ext. 287