There’s a new law on the books protecting consumers’ personal information. It was signed into California law in 2019 – but its implications impact employers in all states. Any company serving Golden State residents must comply with the California Consumer Privacy Act (CCPA).
What is the CCPA?
The CCPA provides broad new protections for consumers, allowing them to see all the information a company has saved on them, as well as full lists of third parties with whom that data has been shared.
- You may already be familiar with the European Union’s General Data Protection Regulation (GDPR) law, adopted in 2016. The CCPA could have repercussions on U.S. companies that extend beyond GDPR parameters.
- As part of protecting consumers’ personal information, the CCPA allows individuals to sue companies if they feel privacy guidelines have been violated, even if there is no breach.
What Do Employers Need to Know?
Your company must comply with the CCPA, even if it’s not headquartered – or even if it has no physical presence at all – in California. However, for CCPA mandates to apply, your company must:
- Serve California residents.
- Have at least $25 million in annual revenue.
- Have personal data on at least 50,000 people or collect half of its revenue from the sale of personal data.
Businesses have 30 days to comply with the law, once they’re notified of a violation. If issues are not resolved, companies face fines of up to $7,500 per record. CCPA assigns specific penalties in the event of unauthorized access to information, whether via a breach, exfiltration, theft, or “disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices.”
The CCPA and Background Checks
Background check data was included in CCPA’s original scope of coverage. However, as part of several amendments to the law that have already taken effect, activities authorized by the federal Fair Credit Reporting Act (FCRA) are exempt, since the two laws share common goals.
But just because background checks are exempted, you can’t simply ignore CCPA mandates. If CCPA applies to your business, you’re still required to meet compliance responsibilities, including:
- Privacy notices to employees: You must provide these notices, which describe what personal information will be gathered and how it will be used.
- Reasonable security measures: California law already required companies to notify consumers about data breaches. CCPA reinforced that law and lets California residents seek $100 to $750 per incident in statutory damages when breaches occur.
- Access and deletion request requirements: You must be prepared to provide employees, job candidates, and independent contractors with the right to access and delete personal information that is used for workplace reasons, free of retaliation.
Chane Solutions Is Here to Assist You!
Like most legislation, the CCPA is complex and multifaceted – and it may continue to evolve with changing conditions and business climates. Chane Solutions provides expert guidance on the best employment screening practices around compliance issues and industry legislation, whether they’re on the federal, state, or local level. We’re committed to keeping our clients informed with trends and updates as they occur. Contact us today to learn more.