<\/span><\/h3>\n\n\n\nIf this won\u2019t apply to you, feel free to close this email! If it does apply, hang tight…<\/em><\/p>\n\n\n\nThis is a pretty heavy lift with a lot of little caveats… if the CPRA applies to you, we recommend counsel assist you with the disclosures that are required. We provide a high-level overview of the information available, but as you all know (and as a reminder), we do not provide legal advice.<\/p>\n\n\n\n
As of January 1, 2023, certain employers may need to add disclosures to their application and onboarding processes. Enforcement is set to begin on July 1, 2023.<\/p>\n\n\n\n
<\/span>Businesses are considered covered employers when they\u2026<\/span><\/h3>\n\n\n\n\nhave at least one employee in California<\/li>\n\n\n\n collect information of California consumers and\/or employees AND<\/li>\n\n\n\n have gross revenue for the previous year exceeding $25 million; buy, sell or share personal information of 100,000 or more consumers or households; OR derives 50% or more of its annual revenue from selling or sharing consumer personal information<\/li>\n<\/ul>\n\n\n\n<\/span>Employee rights include:\u00a0<\/span><\/h3>\n\n\n\n\nRight to know:<\/strong> Employees must be provided with a notice that states the personal information that the employer collects, shares, sells or discloses. This includes data it sends to third party administrators, such as benefit brokers.<\/li>\n\n\n\nRight to Rectify<\/strong>: Employees may request to correct or change the personal information their employer has on file. The employee may only change certain information with valid verification (such as a social security card). Items such as email or phone number do not need to be verified prior to change.<\/li>\n\n\n\nRight to Delete<\/strong>: Employees may request that certain personal information be deleted. We understand that certain information is required to employ someone (such as social security numbers or dependent information), and those exceptions are granted. However, if personal information is found to not be relevant or needed during the course of employment, the employee may ask that it be deleted. Personal information required to be kept for record retention purposes or other applicable laws does not need to be deleted at the employee\u2019s request.<\/li>\n\n\n\nRight to Data Portability<\/strong>: Employees may request that a copy of their personal information be sent to them or to an authorized third party.<\/li>\n\n\n\nRight to Limit Use:<\/strong> Employees may request that disclosure and use of sensitive personal information be limited.<\/li>\n<\/ul>\n\n\n\n<\/span>This law also protects against any discrimination or retaliation for employees who exercise their rights under the CPRA.<\/span><\/h3>\n\n\n\nThe CPRA also requires that certain notices be given at the time the data is collected (\u201ctime of collection\u201d) and an online privacy policy. The\u00a0time of collection notice\u00a0must be provided at or before the time personal information is being collected from employees, applicants, contractors, etc. explaining what information is being collected, how it is being used, and how long it is being stored. <\/p>\n\n\n\n
<\/span>A\u00a0privacy policy\u00a0must also be created and available to employees that states:\u00a0<\/span><\/h3>\n\n\n\n\nCategories of personal information collected during the previous 12 months;<\/li>\n\n\n\n Sources of the collected personal information;<\/li>\n\n\n\n Business or commercial purposes for collecting personal information;<\/li>\n\n\n\n Categories of third parties who may receive their personal information;<\/li>\n\n\n\n A statement that the business has not sold or shared personal information during the previous 12 months;<\/li>\n\n\n\n Employee’s rights under the CPRA and how to exercise those rights.<\/li>\n<\/ul>\n\n\n\nThe online privacy policy should be made available to all employees and contain a retrospective view of how the company has handled personal data in the last 12 months. The notice should include the appropriate protections it is implementing to protect personal information, security procedures, sources from which they are collecting the data, business or commercial purposes for the data, the categories of third parties that the company discloses this data to (such as a benefits broker), and how employees may exercise their rights under the CPRA.<\/p>\n\n\n\n
This\u00a0is a lot of information\u00a0and generally out of the HR realm, aside from the distribution of the disclosures.\u00a0We recommend if this applies to you, you review with counsel to ensure your notices comply with the specific CPRA requirements.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"Join us for the Get Ready for 2023 (Employment Law Update Edition)! Each week we will highlight a new law coming in 2023. We\u2019ll start with the ones that will require the most action and end with the good-to-knows. If you need assistance with executing any of these new requirements or are unsure if it […]<\/p>\n","protected":false},"author":2,"featured_media":2500,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,2,38],"tags":[],"yoast_head":"\n
California Privacy Rights Act - Total Package HR<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n \n \n\t \n\t \n\t \n