JENNIFER A. JACKSON | BRYAN CAVE LEIGHTON PAISNER AGRICULTURE & THE LAW
What Employers Should Know About California’s New Data Privacy Law
Employers with operations in California should be aware of the California Consumer Privacy Act (CCPA), a new data privacy law that goes into effect January 1, 2020. Because the CCPA is framed in terms of protecting the rights of “consumers,” many employers may not realize that the act, as currently drafted, also regulates the handling of personal information about California-based employees. Employers subject to the CCPA should be addressing compliance obligations now, including analyzing the treatment of employee data and updating or introducing new data privacy and data security policies. Those who fail to comply may find themselves subject to civil penalties of $2,500 to $7,500 per violation, and/or defending class action lawsuits for statutory damages of $100 – $750 per employee per data breach incident. Which Companies are Subject to the CCPA? The CCPA applies to for-profit entities doing business in California that collect personal information about California residents, “determine the purposes and means of the processing” of that personal information, and — have annual gross revenue greater than $25 million, OR — buy, sell or share personal information of 50,000 consumers or devices, OR — derive 50 percent of their annual revenue from sharing personal information. “consumers,” the definition of “consumer” is broader than one might expect. “‘Consumer’ means a natural person who is a California resident ...” Read literally, “consumer” includes not only an individual that consumes a product, such as a customer of a store, but also that store’s California-based employees, prospective customers and business contacts. As a practical matter, any California-based employee whose personal Who is Protected by the CCPA? While the CCPA is framed in terms of protecting
information is collected by a business subject to the CCPA is protected.
What Information is Covered by the CCPA? “Personal information” is defined by the CCPA as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The CCPA provides an extensive (but not exhaustive!) list of data types that may fall under the broad definition of “personal information.” The following are examples of data governed by the CCPA that employers are most likely to collect about their employees: 1. Real name 4. Social Security Number 5. Driver’s license number 6. Passport number 7. Signature 8. Physical characteristics or description 9. Telephone number 10. State identification card number 11. Insurance policy number 12. Education 13. Educational information (as defined by 34 C.F.R. Part 99) 14. Employment 15. Employment history 16. Bank account number 17. Credit card number 18. Characteristics of protected classification under California law 19. Characteristics of protected classification under federal law 20. Biometric information 21. Internet or other electronic network activity 22. Browsing history 2. Postal address 3. Email address
32 Western Grower & Shipper | www.wga.com MAY | JUNE 2019
Made with FlippingBook - professional solution for displaying marketing and sales documents online