Breathing Room for Employers as Court Enjoins Enforcement of California Privacy Rights Act Regulations

Jul 5, 2023 08:00 pm Cyber Security 99
Breathing Room for Employers as Court Enjoins Enforcement of California Privacy Rights Act Regulations

On June 30, 2023, a California court enjoined until March 29, 2024, enforcement of the final regulations implementing the California Privacy Rights Act (CPRA). Importantly for employers, this ruling prevents enforcement of only a portion of the web of requirements imposed by the new California privacy law.  This ASAP explains the impact of the ruling on employers that are subject to the CPRA.


Relevant Background to the Court’s Ruling


The CPRA regulations were issued by California’s new privacy agency, the California Privacy Protection Agency (the “Agency”), and became final on March 29, 2023, to implement the CPRA.1 The CPRA amended the California Consumer Privacy Act (CCPA), effective January 1, 2023.  Crucially for employers, the CPRA terminated the CCPA’s near-complete exemption for the personal information (“HR Data”) of California residents in their capacity as job applicants, employees, independent contractors, and emergency contacts (“HR Individuals”).


As a result, starting on January 1, 2023, the CCPA’s comprehensive data protection requirements, as amended by the CPRA, applied in their entirety to for-profit California employers with more than $25 million in annual gross revenues. Under the CPRA’s amendments to the CCPA, these California employers must provide expanded privacy notices to HR Individuals, negotiate CPRA contract terms with most vendors that handle HR Data, and comply with requests from HR Individuals to exercise CPRA data rights, among other steps.


The CPRA provided a six-month grace period on administrative enforcement and required that enforcement after July 1, 2023, be prospective only. There is no private right of action under the CPRA or the CCPA except in the case of a data security breach.  Because the CCPA applied in only a very limited way to HR Data, employers effectively had until July 1, 2023, to come into compliance with the new comprehensive privacy requirements.  To facilitate those compliance efforts, the CPRA required the Agenc ..

Support the originator by clicking the read the rest link below.

breathing employers court enjoins enforcement california privacy rights regulations
Read The Rest from the original source
jdsupra.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!