Retailers and other employers with operations in California should be aware of the potential application of the California Consumer Privacy Act (“CCPA”) to data collected about California employees.  Although the CCPA refers to “consumers,” as currently drafted the CCPA’s definition of a “consumer” also will apply to California-based employees.

As we previously reported, the CCPA grants consumers various rights with regard to their personal information held by businesses.  This is part of a multi-part series addressing frequently asked questions concerning the CCPA.

Which employers will have to comply with the CCPA?

Employers with employees in California will need to comply with the CCPA if their business falls into one of the following three categories:

  • Their business buys, sells, or shares the “personal information” of 50,000 “consumers” or “devices”;
  • Their business has gross revenue greater than $25 million; or
  • Their business derives 50% or more of its annual revenue from sharing personal information.
  • What are the key implications of having to comply with the CCPA?

    Employers who have to comply with the CCPA will be subject to the CCPA’s:

  • Expansive definition of “personal information”;
  • New notice requirements for California-based employees, which notices describe the employer’s collection of and use and disclosure of personal information;
  • New data privacy rights for California-based employees, including the right to access, delete, and opt out of the “sale” of personal information;
  • Special rules for the collection and use of personal information of minors;
  • Requirement to implement appropriate and reasonable security practices and procedures;
  • Enforcement provisions, including