CPRA Countdown: Ensuring Your Organization’s Privacy Compliance in the New Year
With the new year underway, and enforcement looming, it is more important than ever to ensure your organization is compliant with the California Privacy Rights Act (CPRA)—the amendment to the California Consumer Privacy Act (CCPA).
To help get you there, we have a few reminders and tips:
While not every employer is required to comply, the CPRA requires compliance for many employers. As a reminder, a covered employer is an organization that:
- Maintains annual gross revenues in excess of $25 million in the preceding calendar year;
- Buys, sells, or shares personal information of 100,000 or more California consumers or households; or
- Derives 50 percent or more of its annual revenue from selling or sharing California consumers’ personal information.
Any employer with California employees should consult with counsel to evaluate the above criteria to determine whether their organization qualifies as a “covered employer”.
Enforcement of New Regulations
Last year, the California Chamber of Commerce successfully delayed enforcement of the new CPRA regulations that were issued on March 29, 2023. Nonetheless, the California Privacy Protection Agency (Agency) is allowed to commence enforcement starting March 29, 2024. Some regulations may already be enforceable.
A few action items toward compliance with the CPRA:
- Be Prepared: Get your team ready to respond to requests from employees about their personal information by conducting training and developing processes.
- Give Notice: Give Notice to all Applicants/Employees before or at the time you collect their personal information. The Notice’s goal is to inform employees and applicants of what information is collected, how it is used, and the rights that they have.
- Map Out Data: Full compliance requires employers to track where personal information data “lives”. It is important for employers to have their processes in place for data mapping.
As always, our Privacy Practice Group will continue to monitor developments related to the CCPA, the CPRA and the Agency’s enforcement actions. Please contact a member of CDF's Privacy Practice Group (Dan Forman, Dalia Khatib, or Linda Wang) to discuss compliance with any investigation by the Agency or with questions about the CCPA & CPRA. Our Privacy Practice Group is available to assist with policies, notices and general compliance for employers.