Privacy practitioners have been waiting to hear whether California would extend business-friendly privacy exemptions for HR and B2B data from its privacy law past the end of this year. At the end of August, California declined to extend those exemptions. Such data will therefore be treated as covered, private information subject to the same privacy protections as consumer data.
Why It Matters
Including HR and B2B contact data in the coverage of California's privacy law makes its requirements much more broadly applicable. Before now, companies that did business there and met one of its size thresholds (based on revenue or amount of data collected, generally) could focus on consumer issues and not worry about their internal systems. Starting in January, they must treat employees like any other stakeholder.
Among other things, this means giving them notice of privacy practices, ensuring that you understand whether you "sell" or "share" their information within the meaning of the California law, and having a procedure to deal with access requests. California has not left a lot of time to get ready for this coverage, so acting now is important.