The compliance date for the California Privacy Rights Act (CPRA) is Jan. 1, 2023. There are significant changes from the current law, the California Consumer Privacy Act (CCPA), including the following:
- The CPRA no longer includes the employee exception, which means that California employees, applicants, emergency contacts, beneficiaries, independent contractors, and members of boards of directors have the same rights as any other consumer. Generally speaking, employees may request that the company disclose to them the personal information collected on them and or request that this information be deleted or corrected. Employees may direct the company not to sell or share their personal information, and each employee has the right to limit the use of sensitive personal information. Employees have the right to access personal information and to know what personal information is sold or shared and to whom.
- Employers must provide notice of employees' rights under the CPRA and give employees a way to tell the employer about their exercise of these rights. The employer has limited time to respond to a request and must properly document all responses.
- The CPRA makes a distinction between "personal information" and "sensitive personal information." Personal information is "information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." Sensitive personal information includes anything that reveals an individual's personal information, such as Social Security number, driver's license number, state identification card, passport number, account log-in, password, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership. The data privacy protections for sensitive personal information are required to be more robust than those used to protect personal information.
- Business-to-business transactions are now subject to the CPRA.
Employers may want to confirm that they have procedures in place to meet the Jan. 1, 2023, compliance date under the CPRA.
Sean Nalty is an attorney with Ogletree Deakins in San Francisco. ©2022. All rights reserved. Reprinted with permission.
Related Content
HR must always include human intelligence and oversight of AI in decision-making in hiring and firing, a legal expert said at SHRM24. She added that HR can ensure compliance by meeting the strictest AI standards, which will be in Colorado’s upcoming AI law.
The proliferation of artificial intelligence in the workplace, and the ensuing expected increase in productivity and efficiency, could help usher in the four-day workweek, some experts predict.
Advertisement
An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.
Advertisement