Are you aware of the critical role that data management plays in protecting your employees’ sensitive information? We're here to guide you through the crucial steps to comply with California legislation and ensure your organization and employees stay safe and secure.
The California Privacy Protection Agency and the California Supreme Court have decided to immediately begin enforcing the amended California Consumer Privacy Act (CCPA) regulations under the California Privacy Rights Act (CPRA) on February 9, 2024, which had previously been postponed until March 2024. The CCPA and CPRA apply to for-profit businesses that conduct business in the state of California and collect personal information (PI) from California residents.
As an employer, you assume responsibility for the collection, storage, and retention of your employees’ PI including social security numbers, addresses, driver’s licenses, financial account information, phone numbers, etc. Thus, you must take precautions to secure the data you gather about your employees and job seekers alike.
Here are three steps you should take to maintain compliance and ensure your employees feel safe and secure:
Provide Notices: Under the CPRA you are required to inform your employees who reside in California about employment-related PI collected and how that data is used. The notice must include categories of PI gathered, the purpose for which that information is obtained, data that is shared with third parties, the retention period of the collected information, and how they can exercise their rights. Notice must be given to employees at or before PI is collected.
Update Privacy Policies: You must review and ensure that your privacy policies are updated to reflect the amended regulation.
Vendor Compliance: If you share employment-related information with third parties you must establish data processing agreements. These agreements should clearly outline why the information is made available to a third party and what is required of the third party in terms of maintaining compliance under the CCPA. Additionally, it should be established that you will stop sharing the PI made available to third parties if unauthorized use is suspected.
It is your responsibility to act and immediately implement the necessary changes to protect your organization and safeguard the privacy of your employees. Don't let valuable data fall into the wrong hands - let's work together to keep it protected! For more information on how to stay compliant, reach out to an HR professional.