In this episode of Conversations with TED, partners Mitzi Hill and Ann Schildhammer discuss the California Consumer Privacy Act (CPRA) and employer impact starting January 1, 2023. The duo discusses new employer obligations for covered companies that have employees or independent contractors in California. For those companies that have not yet done any personal privacy compliance work, these sound like new obligations but are not. The novel part about these obligations is that for the first time in the country, they are being extended specifically to the employment relationship. This is a shift into an employment bedrock and California is oftentimes looked as a leader with major changes like this. All of this isn’t restricted to employers who are physically located in California, rather it applies to any covered company in the country that meets a certain size threshold ($25 million annual revenues is one measurement) and has employees in California. Non- profit organizations are the exception.
In terms of preparing businesses to comply with the forthcoming CPRA, the team notes that companies in California that are already doing privacy compliance have very little work left to do. Those companies that have never done any privacy compliance are advised to speak with their in-house counsel to get in place by January 1, 2023. Planning for these efforts is particularly important for any engagement of 3rd parties for any data sharing practices or partnerships.