ARTICLE
25 July 2023

The California Attorney General Investigates CA Employers' CCPA Compliance

F
Fenwick
Contributor
Fenwick
Fenwick provides comprehensive legal services to leading technology and life sciences companies — at every stage of their lifecycle — and the investors that partner with them. For more than four decades, Fenwick has helped some of the world's most recognized companies become and remain market leaders. Visit fenwick.com to learn more.
Explore
On July 14, 2023, California Attorney General Rob Bonta announced an "investigative sweep" through inquiry letters sent to large California employers.
United States Privacy
Photo of Tyler G. Newby
Photo of Daniel McCoy
Photo of Sheeva Ghassemi
Photo of David Feder
Photo of Heba Tawadross
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

On July 14, 2023, California Attorney General Rob Bonta announced an "investigative sweep" through inquiry letters sent to large California employers. The sweep seeks information on companies' compliance with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Right Act (CPRA), regarding the personal information of employees and job applicants.

AG Bonda said he seeks "to learn how employers are complying with their legal obligations" and "look[s] forward to their timely response."

Here's what California employers need to know:

  • The CCPA applies to "covered businesses"—i.e., those with a total annual gross revenue exceeding $25 million, that buy, sell or share the personal information of 100,000 or more California residents or households, or that derive 50% or more of their annual revenue from selling or sharing the personal information of California residents.
  • Effective January 1, 2023, the personal information protections in the CCPA extend to California-based employees, job applicants, independent contractors, owners, directors, officers and medical staff members ("workforce").
  • Covered employers have privacy obligations for their workforce, including transparency regarding the collection, use and handling of their data; the ability to request, delete and move their data, subject to defined objections; and safeguarding their data through reasonable security measures.
  • California has recently boosted its ability to enforce the CCPA. The CPRA amendments to the CCPA eliminated the 30-day grace period employers and other covered businesses originally had to make corrections after receiving a notice of noncompliance. The California Privacy Protection Agency may now bring administrative enforcement actions without prior notice.

With both heightened regulatory enforcement and a looming investigative sweep, employers subject to the CCPA should review their privacy programs to ensure compliance when handling workforce personal information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Tyler G. Newby
Tyler G. Newby
Photo of Daniel McCoy
Daniel McCoy
Photo of Sheeva Ghassemi
Sheeva Ghassemi
Photo of David Feder
David Feder
Photo of Heba Tawadross
Heba Tawadross
Your Author LinkedIn Connections
ARTICLE
25 July 2023

The California Attorney General Investigates CA Employers' CCPA Compliance

United States Privacy
Contributor
Fenwick
Fenwick provides comprehensive legal services to leading technology and life sciences companies — at every stage of their lifecycle — and the investors that partner with them. For more than four decades, Fenwick has helped some of the world's most recognized companies become and remain market leaders. Visit fenwick.com to learn more.
Explore
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More