Until January 2021, employers are not legally required to handle employee data in the same manner as consumers under the California Consumer Privacy Act. However, experts recommend scrutinizing employee and contractor data to avoid litigation and challenges to regulatory changes in California and elsewhere in the future.
In a webinar titled "Bracing for the Wild Ride in Data Privacy Regulation," sponsored by Corporate Counsel and LexisNexis on Thursday, Mark Brennan, a global innovation partner at Hogan Lovells in Washington, D.C., said that while the CCPA was being crafted, there was not total clarity on what should be done about employee personal information.
"There was not, at the time, an alternative framework for employee data," Brennan said.
In October, however, Assembly Bill 25 was signed into law. The law exempted employers for one year from complying with the CCPA with respect to a person who is an employee, job applicant or director or officer. AB25 sunsets at the end of the year and employees will then be granted the same protections from their employers guaranteed to consumers under the CCPA.
Although AB25 is active for the next nine months, employees still have the option to sue their employers over data breaches, Sean Nalty, a shareholder at Ogletree, Deakins Nash, Smoak & Stewart in San Francisco, said in an interview with Corporate Counsel on Friday. That exemption coupled with the broad terms of the CCPA could lead to heavy fines.
"Each piece of personal information that is subject to the breach can lead to damages of between $150 and $750 per breach," Nalty explained. "It is important that companies make sure their culture and standards are focused on data privacy protections."