What does a Human Resources Director need to know about the CCPA?

The CCPA applies to the personal information of the California employees of a business that is subject to the statute.  The specific rights afforded to employees were set to phase-in throughout 2020.The following summarizes the top operational impacts that the CCPA has upon human resource departments:

  1. Privacy notices. Under the CCPA, employers are required to provide California employees with privacy notices that, among other things, itemize the categories of personal information collected, shared, and sold about the employee.1
  2. Access rights. Under the CCPA, California employees are permitted to request access to the personal information that the employer has collected about the employee.2
  3. Deletion rights. Under the CCPA, California employees are permitted to request the deletion of the personal information that the employer has collected from the employee.3 Note that the CCPA does not require that employers grant such requests in all situations.
  4. HR benefits providers. Under the CCPA, an employer must stake steps to verify that by providing personal information about California employees to benefits providers it is not “selling” personal information as that term is defined in the statute. If a sale does occur, the employer must disclose the sale to the employee and offer them the ability to opt-out of the sale through a “Do Not Sell” mechanism.
  5. Data security breach. Under the CCPA, if the sensitive information of a California employee (e.g., Social Security Number) is breached as a result of the employer’s inadequate data security, an employee may be able to initiate suit to recover statutory liquidated damages.4