No Items in Cart 
On February 9th, 2024, the California Court of Appeals rejected a lower court injunction of a new California privacy law. Previously, the California privacy law, known as the California Privacy Rights Act (CPRA), was enjoined by a Sacramento trial court. Originally scheduled to go into effect in early 2023, the trial court pushed the CPRA’s enactment to March 29th, 2024. Subsequently, the California Privacy Protection Agency (CPPA) appealed the decision, and the Court of Appeals rejected the lower court’s decision. Meanwhile, in a move that also affects California employers, in October 2023, Governor Gavin Newsom signed expanded California paid sick leave into law.
Overview of the California Privacy Law
Markedly, California voters passed the CPRA in November 2020, amending the California Consumer Privacy Act of 2018 (CCPA). Under its language, the CPRA provides additional privacy protections for individuals. Specifically, these protections apply to employees’ personal information, dependents who receive benefits, applicants, independent contractors, and board members. Additionally, the CPRA established the CPPA to implement and enforce the law. Going beyond existing federal law that primarily protects data in employees’ personnel files and even bars employers from asking specific illegal interview questions, the CPRA provides more comprehensive data protection that allows individuals to opt out of, delete, or correct certain records. In this case, the CPRA closely mirrors data protection laws overseas, like the European Union’s General Data Protection Regulation (GDPR). Previously, the CPRA was supposed to go into effect on January 1st, 2023 (later revised to July 1 of the same year). In light of the impending rule, according to Littler Mendelson P.C., the California Chamber of Commerce sued the Agency. The entity wanted an order requiring a one-year stay on enforcement from the date of the law’s adoption. As a result, the Sacramento court ordered the injunction until March 29th, 2024. Subsequently, the Agency filed a petition with the California Court of Appeals, which ended the injunction and instituted an immediate effective date.Covered Employers and Rights Under the California Privacy Law
Whereas previous employer obligations under the CCPA only included providing notice of collection and reasonable safeguards outside of the employment setting, the CPRA expands those and other protections to employees. Therefore, covered employees now have more data privacy rights under the CPRA. Additionally, covered employers have more compliance obligations. In general, covered businesses include those that:- do business in California,
- operate for profit,
- collect the personal information of California residents, and
- have a gross annual revenue exceeding $25 million in the preceding calendar year.
- receive notice about the type of information their employer collects, sells, shares, or otherwise discloses,
- correct any personal information the employer maintains,
- request the employer delete any personal information that they collected,
- receive or transmit to another entity a copy of their personal information, and
- request the employer limit the use or disclosure of sensitive information.
