Update Applicable to:
All employers covered by the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) in the state of California
This is a reminder of a deadline for the California Code of Regulations Title 11, Section 999.317 under the CCPA and CPRA.
What are the details?
All businesses covered by the CCPA/CPRA must identify any employee who may receive an inquiry from a consumer regarding the business’s privacy practices and train those employees. Covered businesses include those that meet at least one of the following requirements:
- Making more than $25 million annually.
- Collecting personal information of 50,000 or more California residents under CCPA in effect today, or 100,000 or more California residents when CPRA goes into effect on January 1, 2023; or
- Deriving 50 percent or more of their revenue from the sale/sharing of California residents’ personal information.
To comply with the law, training must include:
- Consumer rights under the CCPA/CPRA;
- How consumers can exercise those rights; and
- The business’s responsibility in responding to those inquiries/rights.
CCPA/CPRA provisions will be enforced by the newly created California Privacy Protection Agency. Businesses covered by the CCPA/CPRA should make sure they’re complying with the consumer rights provided by these laws and that their employees who may receive an inquiry are properly trained by the compliance deadline of January 1, 2023.
For more information, please see the links below:
What do employers need to do? Employers should review the links provided above, monitor CCPA/CPRA activity, update the training required for staff responsible for handling consumer rights requests to reflect the CPRA changes and review the adequacy of the business’s safeguards to protect personal information.
Need help understanding how changes to employment laws will affect your business?
Learn more about how Vensure's California PEO services can help you navigate complex employment laws and keep your business compliant.
This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.