What You Need to Know About The California Privacy Rights Act for Employers  

California Privacy Rights Act

What You Need to Know About The California Privacy Rights Act for Employers  

On January 1, 2023, the California Privacy Rights Act (CPRA) goes into effect. The CPRA includes a long list of requirements for human resources departments. HR departments will be required to audit personal information collected from employees and to create workflow processes related to employees’ CPRA rights. Understanding your obligations under the CPRA helps ensure your compliance with the law.

Disclosure Requirements

The CPRA requires employers to impose a provision with service providers and contractors that receive employee and HR information. Recipients of data will face new restrictions on what they can do with it and to whom they can sell or share it. The disclosure must have statements about the purposes for which HR data can be used, prohibitions of selling, sharing, retaining, or disclosing data, and requirements for employers to ensure service providers protect the privacy of employees and HR data. The disclosure also must include a statement on actions that will be taken if HR data is accessed without permission.

Employee Rights Under the CPRA

The CPRA confers new rights to employees. Current employees may request that the employer correct errors in HR data. They can also request a copy of their data. Upon termination of employment or any time thereafter, former employees may ask employers to delete their data. This deletion would include the removal of data stored by contractors and service providers of the employer.

Prepare for CPRA Now

CPRA requirements may overwhelm employers who don’t start preparing in advance. Now is the time to create an internal audit of existing external vendors and what data they have about your workers. Your company will also need an explanation of how service providers and contractors are using and storing the data of your employees. This is also the time to create forms and processes for handling employee requests for deletion of their data.

At Private Eyes, we help employers maintain compliance and protect sensitive employee data. To learn more about CPRA and how it could affect your business operations, contact us today.

Have questions?  Speak to an expert for more information.