This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| less than a minute read

HR and B2B Data Subject to California Privacy Law As of 1/1/2023

Privacy practitioners have been waiting to hear whether California would extend business-friendly privacy exemptions for HR and B2B data from its privacy law past the end of this year. At the end of August, California declined to extend those exemptions. Such data will therefore be treated as covered, private information subject to the same privacy protections as consumer data.  

Why It Matters

Including HR and B2B contact data in the coverage of California's privacy law makes its requirements much more broadly applicable. Before now, companies that did business there and met one of its size thresholds (based on revenue or amount of data collected, generally) could focus on consumer issues and not worry about their internal systems. Starting in January, they must treat employees like any other stakeholder.  

Among other things, this means giving them notice of privacy practices, ensuring that you understand whether you "sell" or "share" their information within the meaning of the California law, and having a procedure to deal with access requests. California has not left a lot of time to get ready for this coverage, so acting now is important.  

On Aug. 31, hopes were dashed when the California legislative session ended without enacting Assembly Bill 1102. The bill would have extended grace periods for certain business-to-business and human resources personal information under the California Consumer Privacy Act as amended by the California Privacy Rights Act. CCPA/CPRA will become fully operational on Jan. 1, 2023, for B2B and HR personal information and will be subject to the same rigorous California privacy regulations as "consumer" personal information.

Tags

data security and privacy, hill_mitzi, insights