For the last few years, the California Consumer Privacy Act included partial exemption for employees, applications and independent contractors will last through Dec. 31. It was widely assumed that the exemption would be extended, but the California legislative session which ended Aug. 31 failed to make that happen.  

Without this extension, businesses covered by the CCPA may need to scramble to expand their CCPA compliance. Presently, compliance with respect to workforce members and certain others is limited. It includes providing a notice at or before the time of collection of persona information and maintaining reasonable safeguards to protect certain personal information. By comparison, employers will need to, among other things, expand their privacy policy to address workforce members and be ready to respond to the request of workforce members concerning their rights under the CCPA, including the right to delete their personal information.   

The exemption known as the “B2B” exemption generally excluded the personal information of individuals in their capacities as representatives of entities doing business with CCPA-covered businesses. It looks as if this exemption will cease to apply in California on Jan. 1. The question now remains: Does the California Consumer Privacy Act apply to employee and/or applicant data?   

To get a better handle on your compliance, follow these key steps for starters:  

  • Getting a better handle on the personal information collected, used, retained, and disclosed about workforce members 
  • Updating the business’ privacy policy 
  • Updating agreements with service providers  
  • Training staff on responding to requests from workforce members concerning their privacy rights under the CCPA 

It is imperative to have your compliance in order when it comes to CCPA. Just ask Sephora, which became the first company to be publicly fined for violating the act earlier this month. Sephora was fined $1.2 million for failing to:  

  • Disclose to consumers that it was selling their personal information 
  • Processing user requests to opt out of sale via user-enabled global privacy controls in violation of the CCPA 
  • Cure these violations within the 30 days currently allowed by the CCPA 

A fine of that magnitude will put a hurting on any company’s bottom line, but Sephora is a massive entity that most likely can withstand that hit better than most SMBs. To avoid a similar fate, partner with 2W Tech. 2W Tech is a technology service provider specializing in solutions for the manufacturing industry. We have IT consultants on staff that specialize in cybersecurity and IT compliance and would be happy to assist you on your compliance journey. Give us a call today to get started.  

Read More:

Visualize the Global Reach of Microsoft Azure With New Interactive Tool

Epicor Ranks as a Leader in the 2022 Nucleus Research SMB ERP Value Matrix

Back to IT News