Cpra Brings Big Changes To Perceived Big Brother Employers – Lexology

CPRA Brings Big Changes to Perceived Big Brother Employers – Lexology

Review your content’s performance and reach.
Become your target audience’s go-to resource for today’s hottest topics.
Understand your clients’ strategies and the most pressing issues they are facing.
Keep a step ahead of your key competitors and benchmark against them.
add to folder:
Questions? Please contact [email protected]
Seyfarth Synopsis: Employers need to be aware and prepare for significant changes to options and rights afforded to employees with respect to their private data and information coming with the California Privacy Rights Act’s (CPRA) January 1, 2023, operative date. Employers will have significant obligations when the grace periods for HR and business to business (B2B) data expire on that date.
Expect The Unexpected
In November 2020, California residents voted to pass the CPRA, which gives California consumers heightened rights and control over their personal information. Until recently, the older privacy statute, the California Consumer Privacy Act (CCPA), has basically been a floater for California employers, with minimal obligations being enforced, as we previously blogged about.
The current obligations are limited to providing employees (or job applicants, contractors, or other workers) with a notice of collection and reasonably safeguarding their personal information, due to a partial exemption under the CCPA for information collected in the context of employment.
But, these privacy protections are about to go from floater status to Head of Household on January 1, 2023, when the partial exemption for employers under the CCPA will expire. Although legislation was proposed to extend the exemption for employers until at least January 1, 2026, the last day on which the California legislature could have passed those bills into law was August 31, 2022—now the business to business (B2B) and HR exemptions have been evicted from the law and employees will be able to leverage their new privacy rights in several new ways, including in the context of disputes.
More Than A Showmance: New Obligations For Covered Employers In 2023 Under CPRA
California employees of covered employers will have increased rights as of January 1, 2023, and accordingly, their employers will have increased compliance obligations. These new rights include, among others:
The Power Of Veto
Employers will need to evaluate employee requests to exercise their rights to determine their obligations under the CPRA, as employers have certain bases to deny employee requests.
For example, if an employee wants to exercise their right to deletion, the employer could rightfully deny that request to the extent that certain personal information is required to carry out the employment relationship (to process payroll, provide benefits, etc.). Or, employers could deny the request because of statutory requirements that dictate the retention of certain employment related information, such as demographic and pay information that must be the subject of regulatory reporting.
Also, the right to rectification can also be significantly limited to certain personal information that can be verified. So, while it would be reasonable for an employee to change their address, it may not be reasonable without backup documentation for them to change their Social Security number or taxation information. Employers are also still allowed to utilize data to enable solely internal uses that are reasonably aligned with the expectations of the employee based on their relationship with the employer.
However, in the wake of employee requests, covered employers must keep in mind that the CPRA prohibits discrimination against employees for exercising their rights under CPRA—so be careful if these individuals are selected to go on the block.
How Companies Can Be More Prepared Than A Superfan Or A Veteran
Before year’s end, there are a number of steps that employers should take to prepare for their new obligations. Organizations should consider the following when determining whether they are CPRA ready:
Workplace Solutions
This is a significant change for California employers that may require a re-assessment of how personal data is handled and maintained, policy and procedure changes, or even a complete overhaul of privacy and cybersecurity activities. Wise employers won’t be caught as a have-not and will begin these initiatives now in order to meet the deadlines January 1, 2023, deadline.
add to folder:
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].
© Copyright 2006 – 2022 Law Business Research


Leave a Comment

Leave a Reply

Your email address will not be published.

Digital Financial Inclusion and Security: The Regulation of Mobile Money in Ghana – Carnegie Endowment for International Peace

Cyber Risks in the Education Sector | Why Cybersecurity Needs to Be Top of the Class – SentinelOne

Apple zero day vulnerability for sale with €8m price tag – Tech Monitor

‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide – JD Supra