One of the most ubiquitous technologies on the web may become a liability risk for businesses. Learn about Google Analytics, wiretap lawsuits, and how to protect your company.
Since it was passed in 2018, the California Consumer Privacy Act (CCPA) has been seen as mainly an issue for marketing and eCommerce teams—i.e., people who deal with customers and website visitors. Even though they handle large volumes of personal information, human resources departments were spared many of the privacy law’s requirements because they deal exclusively with internal data from job applicants, employees, and contractors.
That changed on January 1, 2023, when the CCPA’s long-standing exemption for employment-related data expired. Now, applicants, employees, and contractors are treated exactly the same as any other consumers.
Privacy disclosures are central to CCPA compliance, and after the employee-data exemption expired in 2023, these disclosures expanded significantly for HR departments.
Here’s some of the information that must now be disclosed:
Job applications and employee agreements must be updated to include the new disclosures, but it’s not as simple as copying and pasting boilerplate language from a generic privacy policy.
Businesses should first create a data map in order to understand their own information practices (i.e., where personal data is collected, how it’s used, and who else may have access), and potentially make policy changes to bring those practices in line with the law.
Independent contractors make up a significant part of the workforce for some businesses. To the extent that a business is collecting and processing individuals’ personal information, the CCPA does not distinguish between contractors and employees. Accordingly, businesses will need to make full privacy disclosures to any contractors they hire, just as they would with employees.
However, if the contractors are receiving personal information as part of their job, there is also a contractual requirement that must be met. They need to have a written contract with the business that does the following:
Fortunately this requirement should be relatively simple for businesses to meet. They will just need to draft an agreement with the necessary language for any contractors they hire.
Because job applicants, employees, and contractors are treated the same as any other consumer, they have the same privacy rights as other consumers. This means businesses are likely to get privacy requests from those individuals, a situation which may present special challenges.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.