CPRA Countdown: Ensuring Your Organization’s Privacy Compliance in the New Year

Dalia Khatib
CDF Labor Law LLP
Contact
LinkedIn
Facebook
X
Send
Embed

With the new year underway, and enforcement looming, it is more important than ever to ensure your organization is compliant with the California Privacy Rights Act (CPRA)—the amendment to the California Consumer Privacy Act (CCPA). 

To help get you there, we have a few reminders and tips:

Covered Employers

While not every employer is required to comply, the CPRA requires compliance for many employers. As a reminder, a covered employer is an organization that:

  • Maintains annual gross revenues in excess of $25 million in the preceding calendar year;
  • Buys, sells, or shares personal information of 100,000 or more California consumers or households; or 
  • Derives 50 percent or more of its annual revenue from selling or sharing California consumers’ personal information.

Any employer with California employees should consult with counsel to evaluate the above criteria to determine whether their organization qualifies as a “covered employer”. 

Enforcement of New Regulations

Last year, the California Chamber of Commerce successfully delayed enforcement of the new CPRA regulations that were issued on March 29, 2023. Nonetheless, the California Privacy Protection Agency (Agency) is allowed to commence enforcement starting March 29, 2024. Some regulations may already be enforceable. 

Compliance Tips

A few action items toward compliance with the CPRA:

  • Be Prepared: Get your team ready to respond to requests from employees about their personal information by conducting training and developing processes.
  • Give Notice: Give Notice to all Applicants/Employees before or at the time you collect their personal information. The Notice’s goal is to inform employees and applicants of what information is collected, how it is used, and the rights that they have.
  • Update Your Handbook: While you may already be updating your handbook to account for 2024’s new California labor laws, make sure that you have a compliant privacy policy in place that belongs in your employee handbook. 
  • Map Out Data: Full compliance requires employers to track where personal information data “lives”. It is important for employers to have their processes in place for data mapping.

As always, our Privacy Practice Group will continue to monitor developments related to the CCPA, the CPRA and the Agency’s enforcement actions. 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© CDF Labor Law LLP | Attorney Advertising

Written by:

CDF Labor Law LLP
CDF Labor Law LLP
Contact
more
less

CDF Labor Law LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide