California has enacted the California Consumer Privacy Act of 2018, establishing the strictest data privacy law in the United States. Recent amendments provide a one-year partial exemption for personal information that is collected from job applicants, employees, business owners, directors, officers, medical staff or contractors. However, qualifying employers are still required to provide certain disclosures and are still liable for statutory damages if unencrypted, sensitive employee data is breached as a result of a failure to implement reasonable security measures.
The following is a CCPA checklist for employers:
· Determine whether the CCPA applies to your business.
· Inform key decision-makers about the CCPA and appoint privacy compliance manager.
· Conduct data mapping of employee personal information.
· Draft an employee-specific disclosure document.
· Ensure that the employee disclosure is provided at or prior to the collection of employee personal information (including all applicants).
· Ensure that all contracts with service providers with access to employee personal information include robust information security and privacy provisions.
· Ensure compliance with other privacy, security and data protection and disposal laws.
For more detailed information on this topic, please see our Alert.