As data privacy becomes increasingly important, companies must start paying attention to it on behalf of their employees. Employers need to generate privacy statements and policies, informing employees about the information being collected, with whom it is shared, and why.
Though it will be a while until California begins enforcing or punishing many data-related violations, it is still vital that employers make compliance a priority so they are not caught unprepared—and for many, preparations may be heavy—when enforcement does begin.
It’s crucial to make compliance a priority to reduce your liability. Because this is a big deal, you are going to have to spend time and thought on it. You should get ahead while there is time.
But there is an opportunity here, too. You can use this time to set your company apart and build trust. Sage employers will position employee privacy as an advantage, setting your company apart and building trust among employees and candidates.
In 2018, the California Consumer Privacy Act (CCPA) was passed to enhance privacy rights and consumer protection for California residents. The act requires businesses to adhere to strict privacy requirements regarding the personal information they collect about consumers. In 2020, the California Privacy Rights Act (CPRA) was approved, amending the CCPA and expanding some of its protections. Many CPRA provisions took effect on January 1, 2023, requiring employers to comply with the law as it pertains to employees, job applicants, and independent contractors.
Under the CPRA, businesses must meet several obligations to protect consumers’ privacy, including:
Employers should educate employees and contractors on these obligations and ensure they understand and comply with the CPRA. In doing so, farsighted employers can create a more transparent environment and foster trust between the business and its customers.
Employers must create data privacy policies that are transparent and inform employees about their rights under the CPRA. For example, how the employer will use and store contact information should be documented and clear.
These policies should include details on the categories of personal information collected, the purposes for which it is used, the length of time the information is retained, and whether the information is sold or shared.
Employers should update their privacy policies at least once every 12 months to ensure compliance with the law.
Employers must develop procedures for receiving and responding to employee CPRA requests, such as producing, deleting, or correcting personal information. These procedures may require adaptation or even re-envisioning to accommodate employees, job applicants, and independent contractors.
Employers should consult with legal counsel to determine the optimal way to receive and respond to requests, as well as identify what information is subject to CPRA requests and whether exceptions may apply.
Employers can and should begin preparing for data privacy compliance by taking the following steps:
Data privacy is becoming increasingly important in the modern workplace. By prioritizing data privacy, employers can create a competitive advantage, build trust among employees, and ensure compliance with evolving privacy laws.
By proactively addressing data privacy concerns, employers can safeguard their business and foster a transparent and secure work environment for all. We know this is a potentially confusing topic that is new for many organizations—and we’re here to help! Let’s talk, and we’ll point you in the right direction.