California Labor &
Employment Law Blog
Big Changes to California Consumer Privacy Laws on Fall Ballot as Enforcement and Class Action Litigation Heats Up
Aug 19, 2020

Big Changes to California Consumer Privacy Laws on Fall Ballot as Enforcement and Class Action Litigation Heats Up

Topics: Legal Information, New Laws & Legislation, Workplace Privacy

The California Secretary of State Alex Padilla recently announced that the California Privacy Rights Act (CPRA) will appear on the upcoming November 3, 2020 ballot.  Nicknamed the “CCPA 2.0,” the CPRA would amend the California Consumer Privacy Act and impose more stringent requirements on employers when it comes to consumer/employee privacy.  These changes include establishing the “California Privacy Protection Agency” tasked with enforcing the CCPA through administrative actions, issuing privacy regulations, auditing businesses' compliance with the CCPA, and imposing administrative fines.  While the proposed amendments do not yet include a Private Attorneys General Act (PAGA) provision allowing private plaintiffs to pursue civil penalties on behalf of the state for CCPA violations, such a provision may be on the horizon.  The California legislature originally passed PAGA because the labor enforcement agencies could not keep up with the growing number of complaints of Labor Code violations in the workplace.  With the rapid digitalization of information, growth of companies, and collection of personal information, the proposed California Privacy Protection Agency may simply become an administrative step for private plaintiffs to hurdle before pursuing litigation to claim penalties and attorneys’ fees. 

The CPRA would further expand the scope of protection under the CCPA to include “sensitive personal information” such as geolocation; race; ethnicity; religion; genetic data; union membership; private communications; and certain sexual orientation, health, and biometric information.  It would also specifically forbid “[r]etaliating against an employee, applicant for employment, or independent contractor” for exercising their “opt-out” or other CCPA rights.  Click here for the proposed amendments. 

Alastair MacTaggart, Board Chair and Founder of Californians for Consumer Privacy, filed the initiative for the CPRA to appear on the November 2020 ballot.  Californians for Consumer Privacy collected 931,000 signatures to qualify for the ballot, which needs a simple majority vote to become law.  According to Californians for Consumer Privacy, a recent poll from Goodwin/Simon found that 72% of voters in their study will vote in favor of the initiative.  Multiple organizations oppose the initiative including the ACLU of California, ACLU of Northern California, California Alliance for Retired Americans, Color of Change, Consumer Federation of California, Counsel on Islamic American Relations – California, and Media Alliance.  Despite the organizational opposition, the prevalent news of data breaches and the concern over personal data will likely lead to the initiative passing in November.  

If successful at the ballot-box,  employers will have two years to prepare as it does not take effect until January 1, 2023.  There is a silver lining in that the proposed amendments extend exemptions from CCPA obligations for employee and business-to-business communications to this date.  Employers will need to comply with notice and data security provisions of the CCPA, but the other provisions will not be enforceable until 2023.   

And as many business have learned, on July 1, 2020, the California Attorney General’s office turned its sites on enforcement of the CCPA providing an online means for consumers to submit complaints and sending out a barrage of notice letters to companies that it believed were in violation of the CCPA that started the clock on a 30 day response and cure period. 

In addition new class action litigation is testing the CCPA in California’s state and federal courts.  On March 30, 2020, Cullen v. Zoom Video Communications, Inc., 2020 WL 1561732 (N.D. Cal. 2020) was filed alleging that Zoom collects personal information of its users and discloses it to third parties including Facebook, Inc. without proper notice.  On June 11, 2020, Atkinson v. Minted, Inc. 2020 WL 3254373 (N.D. Cal. 2020), Minted is targeted for responsibility due to a hack that resulted in the attempted sale of 5 million customer records including names, email addresses, passwords, addresses, and telephone numbers.  And, on July 10, 2020, Gardiner v. Walmart, Inc. 2020 WL 3956295 (N.D. Cal 2020) alleged that Walmart is responsible for a hacker that stole millions of accounts, including customers’ names and addresses and sold them on the web.  And, in State Court on May 26, 2020, a complaint alleges that Epiq Systems is responsible after it was hit by a ransomware attack that resulted in the theft of personal information. Karter v. Epiq Systems, Inc., 2020 WL 3577517 (Cal. Super. 2020).

These recently filed cases all allege that the companies violated either the notice or data security provisions of the CCPA.  Cal. Civ. Code §§ 1798.100, 1798.150.  While these lawsuits were brought on behalf of consumers, employees will likely be filing these types of lawsuits soon against their employers for such violations.   The damages sought in these lawsuits range from $5 million dollars to $5 billion dollars, plus attorneys’ fees, which are expected to be substantial. As you know from our previous blog posts, the CCPA requires employers to comply with its notice and data security provisions, and the California Attorney General will be enforcing such actions as of July 1, 2020.  If you qualify as a covered business under the CCPA, you should be implementing compliant policies immediately. 

About CDF

For over 25 years, CDF has distinguished itself as one of the top employment, labor and immigration firms in California, representing employers in single-plaintiff and class action lawsuits and advising employers on related legal compliance and risk avoidance. We cover the state, with five locations from Sacramento to San Diego.

> visit primary site

About the Editor in Chief

Sacramento Office Managing Partner and Chair of CDF’s Traditional Labor Law Practice Group. Mark has been practicing labor and employment law in California for thirty years. His practice has a special emphasis on the representation of California employers in union-management relations and handling federal and state court litigation and administrative matters triggered by all types of employment-related disputes. He is also adept at providing creative and practical legal advice to help minimize the risks inherent in employing workers in California. He recently named “Sacramento Lawyer of the Year” in Employment Law-Management for 2021 by Best Lawyers®.
> Full Bio   > Email   Call 916.361.0991

CDF Labor Law LLP © 2023

Editorial Board About CDF What We Do Contact Us Attorney Advertising Disclaimer Privacy Policy Cookie Policy