COMPLIANCE WITH THE CALIFORNIA CONSUMER PRIVACY ACT IN THE WORKPLACE: WHAT EMPLOYERS NEED TO KNOW
By Lydia F. de la Torre and Lauren Kitces1
The California Consumer Privacy Act (CCPA) represents a quantum leap in consumer privacy and a major change in the regulatory framework applicable to companies doing business in California. The CCPA goes into effect on January 1, 2020, and imposes limits on the collection and sale of personal information by organizations that meet certain thresholds (‘businesses’) and provides certain individuals (‘consumers’) with four different rights and asserts an obligation on businesses: the right to opt-out of data sales (opt-in for minors), the right to delete, the right to know, the right to not be discriminated against for exercising any of the preceding rights and the obligation to inform. While the law contains certain limitations, at its core, it is based on the idea that consumers should have transparency regarding the use of their personal information, and control over aspects of its use.
The CCPA regulates the processing of data of ‘consumers’ and defines consumer to mean: (i) a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section reads on September 1, 2017, (ii) ‘however identified, including by any unique identifier’.2 The term ‘resident,’ as defined in the law, includes (1) every individual who is in the State for a reason other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State and is outside the State for a temporary or transitory purpose.3 Accordingly, the CCPA applies to employee data, contractor data, applicant data, and the data of company officers and directors who are residents of California.