California Labor &
Employment Law Blog
CPRA Countdown: Ensuring Your Organization’s Privacy Compliance in the New Year
Jan 12, 2024

CPRA Countdown: Ensuring Your Organization’s Privacy Compliance in the New Year

Topics: Privacy

By: Dalia Z. Khatib

With the new year underway, and enforcement looming, it is more important than ever to ensure your organization is compliant with the California Privacy Rights Act (CPRA)—the amendment to the California Consumer Privacy Act (CCPA). 

To help get you there, we have a few reminders and tips:

Covered Employers

While not every employer is required to comply, the CPRA requires compliance for many employers. As a reminder, a covered employer is an organization that:

  • Maintains annual gross revenues in excess of $25 million in the preceding calendar year;
  • Buys, sells, or shares personal information of 100,000 or more California consumers or households; or 
  • Derives 50 percent or more of its annual revenue from selling or sharing California consumers’ personal information.

Any employer with California employees should consult with counsel to evaluate the above criteria to determine whether their organization qualifies as a “covered employer”. 

Enforcement of New Regulations

Last year, the California Chamber of Commerce successfully delayed enforcement of the new CPRA regulations that were issued on March 29, 2023. Nonetheless, the California Privacy Protection Agency (Agency) is allowed to commence enforcement starting March 29, 2024. Some regulations may already be enforceable. 

Compliance Tips

A few action items toward compliance with the CPRA:

  • Be Prepared: Get your team ready to respond to requests from employees about their personal information by conducting training and developing processes.
  • Give Notice: Give Notice to all Applicants/Employees before or at the time you collect their personal information. The Notice’s goal is to inform employees and applicants of what information is collected, how it is used, and the rights that they have.
  • Update Your Handbook: While you may already be updating your handbook to account for 2024’s new California labor laws, make sure that you have a compliant privacy policy in place that belongs in your employee handbook. 
  • Map Out Data: Full compliance requires employers to track where personal information data “lives”. It is important for employers to have their processes in place for data mapping.

As always, our Privacy Practice Group will continue to monitor developments related to the CCPA, the CPRA and the Agency’s enforcement actions. Please contact a member of CDF's Privacy Practice Group (Dan Forman, Dalia Khatib, or Linda Wang) to discuss compliance with any investigation by the Agency or with questions about the CCPA & CPRA. Our Privacy Practice Group is available to assist with policies, notices and general compliance for employers. 

About CDF

For over 25 years, CDF has distinguished itself as one of the top employment, labor and immigration firms in California, representing employers in single-plaintiff and class action lawsuits and advising employers on related legal compliance and risk avoidance. We cover the state, with five locations from Sacramento to San Diego.

> visit primary site

About the Editor in Chief

Sacramento Office Managing Partner and Chair of CDF’s Traditional Labor Law Practice Group. Mark has been practicing labor and employment law in California for thirty years. His practice has a special emphasis on the representation of California employers in union-management relations and handling federal and state court litigation and administrative matters triggered by all types of employment-related disputes. He is also adept at providing creative and practical legal advice to help minimize the risks inherent in employing workers in California. He recently named “Sacramento Lawyer of the Year” in Employment Law-Management for 2021 by Best Lawyers®.
> Full Bio   > Email   Call 916.361.0991

CDF Labor Law LLP © 2024

Editorial Board About CDF What We Do Contact Us Attorney Advertising Disclaimer Privacy Policy Cookie Policy