Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations

California probes employers’ CCPA compliance

Privacy, Cyber Risk & Data Security State Issues California State Attorney General CCPA Consumer Protection

Privacy, Cyber Risk & Data Security

On July 14, the California attorney general announced it recently sent inquiries to several large employers as part of an investigation into companies’ compliance with their legal obligations under the California Consumer Protection Act (CCPA). The investigation centers on how companies handle the personal information of employees and job applicants. As previously covered by InfoBytes, temporary exemptions related to human resource and business-to-business data provided by the CCPA and the California Privacy Rights Act expired on January 1 of this year. Amendments were introduced last legislative session that would have extended the exemption for “personal information that is collected and used by a business solely within the context of having an emergency contact on file, administering specified benefits, or a person’s role . . . [in] that business.” The amendments also proposed extending certain exemptions related to “personal information reflecting a communication or a transaction between a business and a company, partnership, sole proprietorship, nonprofit, or government agency that occurs solely within the context of the business conducting due diligence or providing or receiving a product or service.” However, the amendments were not adopted, and the exemptions expired.

The AG said they are sending the inquiry letters “to learn how employers are complying with their legal obligations.” Covered businesses subject to the CCPA are required to comply with the statute’s privacy protections as they relate to employee data, including providing notice of privacy practices and honoring consumer requests to exercise their rights to access, delete, and opt out of the sale and sharing of their personal information.