CPRA or California Privacy Rights Act went into law in 2020. However, employees and employers may wonder whether they are covered or impacted by the changes to the CPRA in California. These changes fall under employment law and anyone who has questions about their rights under the law should seek the advice of an employment lawyer.
What are the CPRA Requirements for Businesses?
CPRA affects employment data, and it impacts many businesses in California. It also extends coverage and protection to many of the Golden State’s labor force.
Automatic inclusion for businesses occurs when:
- The company makes more than $25 million in revenue per year. That means that many small businesses may be excluded.
- The company processes or handles the personal data of more than 100K people including households. The act is targeting analytic companies that either collect personal data firsthand or buy or sell it to others. This process includes information used to market to a target audience.
Some small businesses will fall under the criteria of CPRA simply due to the fact that they hold employee information and data.
What Kind of Personal Information Does CPRA Cover?
Any type of personal data that can identify someone, even if that identification is not by name. That means that if you are a California resident, and you buy something online and the company or “cookies” tracks you, and can identify you even by your IP Address then you fall under the legal framework of CPRA.
Data that Identifies You
- Your name
- Your address
- Your email address
- Your driver’s license number or SS number
- The IP address of your phone and home computer
- Metadata – Ad targeting data, etc.
The types of data that CPRA looks at is not just basic data. The laws under the CPRA help to control how big companies, marketing companies, and other companies that collect personal or identifying data deal with that data.
What Businesses Must Do
Notice – Businesses are required to provide each employee and applicant with a privacy notice that outlines how personal data is used. For example, if you apply for a job through a hiring company that company must inform you if they sell your personal data or who they share application data with.
Employee Rights – CPRA makes it mandatory that employers limit access to personal information such as social security numbers, phone numbers, addresses, etc. That information is to be protected from sources who do not work directly with it. Providing employee information to those outside of the work environment can potentially be troublesome for employers. Some personal information can be deleted by the employee, however, certain exceptions exist that would then violate employment law.
Data Compliance – When a company uses third-party or vendors to handle personal data there must be a data processing agreement in place before any access to data is given.
Companies that violate the CPRA statutes will incur monetary fines if they do not meet the correction phase of the act. The compliance of CPRA is complex and so is figuring out if an employee is covered or if a business must participate.
Contact DLaw If You Are Experiencing An Employment Issue
If you need to understand your employment rights, reach out to Davtyan Law Firm at (818) 275-5799. We provide employment law services to workers all throughout the state of California.