What happened?

In November 2024, the California Privacy Protection Agency (CPPA) proposed new regulations targeting the use of artificial intelligence (AI) in employment decisions. These regulations address concerns about bias, transparency, and data security.

Overview:

The proposed regulations impose new requirements on businesses using automated decision-making technology (ADMT) for significant employment decisions, such as hiring, work assignments, compensation, promotions, and terminations.

• ADMTs include any technology that processes personal information to make or assist in making these decisions, including AI, machine learning, and statistical analysis.

• The CPPA’s proposed regulations signal a significant shift in regulatory expectations for businesses using AI in hiring and employment decision-making processes.

• The CPPA is accepting written comments until February 19. Comments may be mailed to the agency’s office or emailed to regulations@cppa.ca.gov.
  • Note that any comments submitted are public records and will be published on the CPPA’s website.

• These regulations are part of a broader effort to ensure AI tools are used responsibly and ethically in the workplace. If approved, they are expected to become effective by mid-2025.

Additional Details

Key Elements of the Draft Regulations

1. Pre-Use Notice: Employers must inform employees, independent contractors, and job applicants about using ADMT, their right to opt-out, and their right to access ADMT before processing personal information.

2. Bias Review: Employers using ADMT for significant decisions must conduct bias reviews to ensure the technology does not discriminate based on protected classes.

3. Opt-Out Option: Employees and applicants can opt-out of being evaluated by ADMT and request a human review of significant employment decisions. However, employers can deny this request if the ADMT has accuracy and non-discrimination safeguards.

4. Cybersecurity Audits: Employers must complete annual cybersecurity audits to ensure data protection measures are up-to-date and effective.

5. Risk Assessments: Under Section 7150, businesses using ADMT for significant decisions must conduct a risk assessment before processing. These assessments should detail the processing’s nature, purpose, and risks and identify potential discrimination based on protected classes. Employers must complete a risk assessment within 24 months of the regulations’ effective date and annually thereafter. The assessment must be submitted to the CPPA.

6. Access Rights to ADMT: Under proposed Section 7222, businesses using ADMT must provide access to the ADMT, allowing consumers to request information about the ADMT’s output in their case, how the business used the output, and how the ADMT worked, including system logic and key parameters affecting the output.

“Please mark the effective date on your calendar as a reminder to be fully prepared and ready to ensure compliance with applicable laws and regulations.”

Source References

• CPPA Public Comment Period Expanded to February 19, 2025
• CPPA Proposed Rules

This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.