California Labor &
Employment Law Blog
Final Privacy Regulations Anticipated To Go Into Effect In April 2023 - Enforcement Scheduled to Start July 1, 2023
Feb 17, 2023

Final Privacy Regulations Anticipated To Go Into Effect In April 2023 - Enforcement Scheduled to Start July 1, 2023

Topics: New Laws & Legislation, Workplace Privacy

On February 14, 2023, the California Privacy Protection Agency (CPPA) submitted its proposed final regulations (“Regulations”) to the Office of Administrative Law for a final review. It is anticipated that Regulations will go into effect in April 2023. The CPPA is California’s regulatory agency dedicated to enforcing consumers’ and employees’ privacy rights. The projected enforcement date remains July 1, 2023, so California employers should take proactive steps to comply with the California Privacy Rights Act (CPRA) as explained by the Regulations. Nonetheless, the California Attorney General has already begun and continues to enforce the CPRA.

The Regulations provide some guidance on a variety of topics including opt-out mechanisms, mandatory recognition of opt-out preference signals, and the handling of employee requests. Employers are still required to give privacy notices to applicants and employees, maintain a privacy policy, engage in data mapping, address employees’ requests to delete or correct their personal information, and ensure third parties are not using employees’ personal data for unauthorized purposes.  

The Regulations provide some relief with respect to private information stored on old systems. Covered entities may “delay compliance with requests to correct, with respect to information stored on archived or backup systems until the archived or backup system relating to that data is restored to an active system or is next accessed or used.” In other words, if the information is stored on a system that is not active, an employer might not have an immediate obligation to delete or correct such information unless that system comes back into usage.

The Regulations also refined the definition of “disproportionate effort” to give relief to third parties associated with an employer. The Regulations indicate that an employer might be relieved from taking action if the action would require a disproportionate effort or resources that outweigh the reasonably foreseeable impact on the employee. However, there is no bright-line test to provide guidance on how the CPPA will interpret those terms in the real world. Thus, an employer that avoids taking action under this portion of the Regulations should be sure to consult with competent counsel before making its final decision.

The Regulations highlighted the importance of “good faith” in complying with the CPRA. As the official enforcement body under the CPRA, the CPPA has the discretion to “consider all facts it determines to be relevant, including the amount of time between the effective date of the statutory or regulatory requirement(s) and the possible or alleged violation(s) of those requirements, and good faith efforts to comply with those requirements.” The Regulations, along with recent comments from the CPPA’s officers at the California Lawyer’s Association Privacy Conference, indicate that the CPPA will give serious weight to employers who engage in good faith efforts at compliance and encounter documented difficulties carrying out privacy policies. At least in the early days of enforcement, one may optimistically expect greater leniency for employers who demonstrate a clear-cut good faith effort to comply with the CPRA as opposed to employers who claim ignorance or those who flaunt the Regulations. Therefore, if an entity is a covered entity, it should consult with counsel to prepare notices, policies, training and have procedures in place that comport with the CPRA’s obligations to honor employee privacy.

If you are a California employer, make sure you have your ducks in a row before July 1, 2023. Contact your favorite CDF attorney to assist you with your privacy policy. 

About CDF

For over 25 years, CDF has distinguished itself as one of the top employment, labor and immigration firms in California, representing employers in single-plaintiff and class action lawsuits and advising employers on related legal compliance and risk avoidance. We cover the state, with five locations from Sacramento to San Diego.

> visit primary site

About the Editor in Chief

Sacramento Office Managing Partner and Chair of CDF’s Traditional Labor Law Practice Group. Mark has been practicing labor and employment law in California for thirty years. His practice has a special emphasis on the representation of California employers in union-management relations and handling federal and state court litigation and administrative matters triggered by all types of employment-related disputes. He is also adept at providing creative and practical legal advice to help minimize the risks inherent in employing workers in California. He recently named “Sacramento Lawyer of the Year” in Employment Law-Management for 2021 by Best Lawyers®.
> Full Bio   > Email   Call 916.361.0991

CDF Labor Law LLP © 2024

Editorial Board About CDF What We Do Contact Us Attorney Advertising Disclaimer Privacy Policy Cookie Policy