SlideShare a Scribd company logo

California consumer privacy act and its impact on california employers

mosmedicalreview
mosmedicalreview

The CCPA could have major implications for employers, the workers’ comp industry, lawyers, medical record retrieval companies serving lawyers, & insurers.

Health & Medicine
1 of 7
Download to read offline
California Consumer Privacy Act and Its Impact on California Employers The CCPA could have major implications for employers, the workers’ comp industry, lawyers, medical record retrieval companies serving lawyers, & insurers. Medical Record Review 8596 E. 101st Street, Suite H Tulsa, OK 74133
www.mosmedicalrecordreview.com 918-221-7791 Close on the foot of the General Data Protection Regulation (GDPR) of the European Union that became effective on May 25, 2018, California has become the first U.S. state to introduce its own suite of consumer privacy rules – the California Consumer Privacy Act (CCPA). This Act was signed into law on June 28, 2018 by Gov. Jerry Brown and contains many provisions aimed at strengthening consumers’ privacy rights. The CCPA becomes effective on January 1, 2020 and is expected to be the most expansive privacy law currently in the United States, in some ways. What impact will the new law have on the rights of employees and programs such as workers’ compensation in an organization? As a welfare program for the employees, workers’ compensation pays benefits to workers injured at the workplace. The benefits are granted based on a comprehensive Medical Records Analysis and evaluation of the circumstances under which the injury occurred. The CCPA will affect employers across the United States as well as on a global level and encourage legislation similar to it in other states. For instance, a group of senators in Washington state introduced the Washington Privacy Act SB 5376 (WPA), which would establish requirements similar to that of GDPR on businesses that collect personal information related to residents of Washington. Apart from requirements for notice, and consumer rights including access, rectification, and deletion, the WPA would put restrictions on the use of automatic profiling and facial recognition. Since the CCPA’s implementation date is approaching fast and taking into account the fact that certain provisions may reach back prior to the effective date, businesses must start preparing as soon as possible. So, here are some facts to know about the CCPA, how it applies to employee personal information and how business owners can stay compliant.  Businesses the CCPA applies to: Any business entity in the State of California that satisfies one or more of the following conditions is bound by the new law:  Annual gross revenue in excess of $25 million  Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices  Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
www.mosmedicalrecordreview.com 918-221-7791 The Act would apply to any business that controls or is controlled by another business that meets the above criteria and shares common branding with the former. This could have wide-reaching implications for franchised businesses and subsidiaries. The law aims to reach businesses that handle significant amounts of data and smaller companies may also be included in this. Also, businesses with small operations in California and meet one of the above requirements will have significant privacy obligations concerned with those operations.  Employee rights under the CCPA: The CCPA’s definition of consumer (a resident of California) may extend to personal information of California residents maintained by employers and may include job applicants, temporary workers, full- or part- time workers, volunteers, interns, independent contractors and even their dependents or beneficiaries. Under this Act, employees are consumers and have the same rights as any California consumer such as the following.  Notice, disclosure and non-waiver: Employers must inform employees about the categories of personal information collected and the purpose of the collection at or before collecting the information. No additional categories of information can be collected without prior notice. When employees’ personal information is sold or disclosed to third parties for “business purposes” that include disclosures to benefit providers, payroll vendors and others, employees must be notified of the same. In their agreements with service providers, employers must strictly prohibit any unauthorized use or sale of employee information other than specified processing purposes. Employers cannot ask their employees to contractually waive any rights ensured by the CCPA. There are specific requirements as regards how employees must be notified of and may exercise their CCPA rights such as toll-free numbers to submit requests and clear and conspicuous links titled “Do Not Sell My Personal Information.”  Access to data: Employees can request that employers disclose the categories of personal information collected about them and the specific personal information collected. Once the request is verified, employers must provide the information within 45 days and free of charge, with a limit of no more than 2 requests in a 12- month period.
www.mosmedicalrecordreview.com 918-221-7791  Deletion of personal data: Employees can also request that their personal information be deleted. However, employers can retain any information necessary for performance of the employment contract; or if the information is required only for internal purposes related to security, First Amendment rights and other uses described in Cal. Civ. Code § 1798.105(d) et seq.  Opt-out option: Employees have the right to opt out of the sale of their personal information, wherein “sale” comes under the CCPA’s broad definition. Covered employers must be cautious regarding this broad definition when signing corporate deals or when engaging third-party service providers that could involve the transfer of sensitive personal data.  No discrimination: Employers cannot discriminate or retaliate against employees who exercise their rights under the CCPA.  CCPA may not apply to all data collected for administration of employee benefits: The CCPA provides certain exemptions that may exclude certain benefit plan data – i.e. plans subject to the HIPAA privacy and security regulations and include medical plans, dental plans, and health flexible spending arrangements. Medical information that an employer receives in connection with a Family and Medical Leave Act certification, Americans with Disabilities Act reasonable accommodation, workers’ compensation claims and employer’s group health plan. There are many other kinds of employee benefits such as life and disability insurance plans, pension and 401(k) plans, tuition assistance programs, employee discount programs, wellness programs, transportation fringe benefit programs and others. Some of these programs may involve plans that may be subject to ERISA (Employee Retirement Income Security Act of 1974), which pre- empts certain state laws to the extent such laws relate to ERISA-covered employee benefit plans. CCPA and such laws could complicate the national administration of such plans.  Employers could face sanctions if they fail to comply with CCPA: Employees in California may institute a civil action under CCPA if certain types of non-encrypted or non-redacted personal data is subject to unauthorized access, theft, exfiltration, or disclosure as a result of the employer’s violation of a duty to implement and maintain
www.mosmedicalrecordreview.com 918-221-7791 reasonable security measures and practices appropriate to protect the personal information.  The employee is not required to show any actual injury or harm to maintain a civil action.  Actionable personal information is limited to social security numbers, driver’s license numbers, and medical and financial information. It is not extended to the broader categories of information mentioned in the CCPA’s “personal information” definition.  The employee must provide the business 30 days’ written notice of the alleged violation to allow the business to rectify the defect. If the defect is set right and the business does so within the 30-day window, no damages for individual or class-wide actions may be initiated.  If the employee initiates an action for actual pecuniary damages resulting from the breach or unauthorized access of their personal data, the above notice is not required.  The employee must notify the California Attorney General’s office within 30 days of filing any action. This is to give the office an opportunity to prosecute rather than allowing the civil action to proceed.  What happens to collected employee data if the business is acquired: If there is a merger, acquisition or bankruptcy and a third party assumes control of all or part of the business, then the employees’ personal information may be part of business assets transferred to the third party. Though this type of transfer is not considered a sale of personal information under the CCPA, if the third party materially alters how it uses or discloses the employee’s personal information and that use or disclosure is materially inconsistent with the notice provided to the employee at the time of collection, the third party must provide the employee with prior notice of the changed practices.  What happens to employee data if the employee is no longer a resident of California: If an employee moves or is transferred to somewhere outside of California, he/she may not be protected by the CCPA. However, the employee’s personal information may be protected by other laws and the organization may still have the same or even increased obligation to protect the worker’s data.
www.mosmedicalrecordreview.com 918-221-7791  CCPA’s interaction with federal, state, or local laws: The CCPA specifies that its obligations are a matter of state-wide concern in California and supersede and pre-empt all rules and regulations, codes, ordinances, and other laws adopted by a city, county, municipality, or local agency regarding the collection and sale of a consumer’s personal information by a business. The Act also makes it clear that its obligations shall not restrict a business’s ability to comply with federal, state, local laws or regulations. Though the CCPA is drafted to supplement federal and state law, it shall not apply if it is pre-empted by or is in conflict with federal law, the United States Constitution, or the California Constitution. What Steps Can Businesses Take? Now is the time for organizations in California to closely monitor developments with regard to the Act and start considering whether employees’ personal information is impacted. Also, they have to determine:  Whether the company is covered and if so, whether it will separately address California employees  When and how to update employee data to address the information requirements  How to structure a process for data access requests from employees  Whether additional contractual language is required with any third parties, including vendors, receiving employee personal information to exert better control on how those third parties utilize the sensitive employee data they receive  What system modifications and awareness training will be needed to implement the above-mentioned things California Legislature may consider legislation in 2019 before the implementation date to address any meaningful and technical issues identified in the Act. The workers’ compensation industry, workers’ comp lawyers, social security lawyers, medical record retrieval companies handling medical data for these lawyers, insurance companies and other stakeholders need to watch out for developments related to the CCPA. In fact, many insurers, employers and defense firms are concerned as to how this law could expose them to liability for data breaches and problems with information security. An important consideration now is whether your company
www.mosmedicalrecordreview.com 918-221-7791 meets CCPA mandates when collecting, using, sharing or processing personal information about individuals located in California.

Recommended

Privacy update 04.29.2010
Privacy update 04.29.2010Privacy update 04.29.2010
Privacy update 04.29.2010stevemeltzer
 
Hot Topics of Human Resources
Hot Topics of Human ResourcesHot Topics of Human Resources
Hot Topics of Human ResourcesMPCA
 
CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law padler01
 
HIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHealthCare Too, LLC
 
Valuation Testimony
Valuation TestimonyValuation Testimony
Valuation TestimonyAndy Lewis
 
PPP. Interim Final Rules (IFR) from SBA
PPP. Interim Final Rules (IFR) from SBAPPP. Interim Final Rules (IFR) from SBA
PPP. Interim Final Rules (IFR) from SBAGeorge Benaroya
 
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...Davis Wright Tremaine LLP
 
Indest, Health Law, 25_hlr_507
Indest, Health Law, 25_hlr_507Indest, Health Law, 25_hlr_507
Indest, Health Law, 25_hlr_507Miles Indest
 

Recommended

Privacy update 04.29.2010
Privacy update 04.29.2010Privacy update 04.29.2010
Privacy update 04.29.2010stevemeltzer
 
Hot Topics of Human Resources
Hot Topics of Human ResourcesHot Topics of Human Resources
Hot Topics of Human ResourcesMPCA
 
CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law CSI 2008, Legal Developments In Security and Privacy Law
CSI 2008, Legal Developments In Security and Privacy Law padler01
 
HIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHIPAA Privacy, Security, Breach Overview
HIPAA Privacy, Security, Breach OverviewHealthCare Too, LLC
 
Valuation Testimony
Valuation TestimonyValuation Testimony
Valuation TestimonyAndy Lewis
 
PPP. Interim Final Rules (IFR) from SBA
PPP. Interim Final Rules (IFR) from SBAPPP. Interim Final Rules (IFR) from SBA
PPP. Interim Final Rules (IFR) from SBAGeorge Benaroya
 
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...
Ftc As Enforcer Proposed Data Breach Notification Rule For Personal Health R...Davis Wright Tremaine LLP
 
Indest, Health Law, 25_hlr_507
Indest, Health Law, 25_hlr_507Indest, Health Law, 25_hlr_507
Indest, Health Law, 25_hlr_507Miles Indest
 
Are Your Prepaid Calling Cards Legal Final
Are Your Prepaid Calling Cards Legal FinalAre Your Prepaid Calling Cards Legal Final
Are Your Prepaid Calling Cards Legal FinalEdwardAMaldonado
 
Hippa training v2
Hippa training v2Hippa training v2
Hippa training v2Suzanne Guggenheim
 
Adrs Flip Chart From Ppl
Adrs Flip Chart From PplAdrs Flip Chart From Ppl
Adrs Flip Chart From Pplsusantj3
 
Affirmative Defense Response System (ADRS)
Affirmative Defense Response System (ADRS)Affirmative Defense Response System (ADRS)
Affirmative Defense Response System (ADRS)guest95afa8
 
Impax fourth quarter and full year 2017 earnings call presentation
Impax fourth quarter and full year 2017 earnings call presentationImpax fourth quarter and full year 2017 earnings call presentation
Impax fourth quarter and full year 2017 earnings call presentationimpax-labs
 
Proposed Unfair Claims Settlement Practices Rules - TN
Proposed Unfair Claims Settlement Practices Rules - TNProposed Unfair Claims Settlement Practices Rules - TN
Proposed Unfair Claims Settlement Practices Rules - TNDan Kuczek, LUTCF
 
Brian Balow HIPAA Final Rule
Brian Balow HIPAA Final RuleBrian Balow HIPAA Final Rule
Brian Balow HIPAA Final Rulemihinpr
 
Hm300 week 8 part 2 of 2
Hm300 week 8 part 2 of 2Hm300 week 8 part 2 of 2
Hm300 week 8 part 2 of 2BHUOnlineDepartment
 
HIPAA Overview
HIPAA OverviewHIPAA Overview
HIPAA OverviewTim Perry, MPA, MS, CPHIMS, PCMH CCE, CISSP
 
Portfolio
PortfolioPortfolio
PortfolioShelley Riseden
 
Sample Business Associate Agreement
Sample Business Associate AgreementSample Business Associate Agreement
Sample Business Associate AgreementJorge M. Abril, P.A.
 
Hipaa Goes Hitech
Hipaa Goes HitechHipaa Goes Hitech
Hipaa Goes HitechCandy Matheny
 
Business Continuity Protection Program
Business Continuity Protection ProgramBusiness Continuity Protection Program
Business Continuity Protection ProgramJasonSchupp1
 
Using consumer reports: What employers need to know
Using consumer reports: What employers need to knowUsing consumer reports: What employers need to know
Using consumer reports: What employers need to knowFYI Screening
 
False Claims Act & Physicians - Basic Primer
False Claims Act & Physicians - Basic PrimerFalse Claims Act & Physicians - Basic Primer
False Claims Act & Physicians - Basic PrimerT Anthony Howell
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR WhitepaperRichard Goddard
 
LIT_AprilMay2014_FalseClaimsActFeature
LIT_AprilMay2014_FalseClaimsActFeatureLIT_AprilMay2014_FalseClaimsActFeature
LIT_AprilMay2014_FalseClaimsActFeatureNadya Salcedo
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaserLava Consult BVBA
 
CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfVISTA InfoSec
 
California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners Daniel Connor
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfDaviesParker
 

More Related Content

What's hot

Are Your Prepaid Calling Cards Legal Final
Are Your Prepaid Calling Cards Legal FinalAre Your Prepaid Calling Cards Legal Final
Are Your Prepaid Calling Cards Legal FinalEdwardAMaldonado
 
Adrs Flip Chart From Ppl
Adrs Flip Chart From PplAdrs Flip Chart From Ppl
Adrs Flip Chart From Pplsusantj3
 
Affirmative Defense Response System (ADRS)
Affirmative Defense Response System (ADRS)Affirmative Defense Response System (ADRS)
Affirmative Defense Response System (ADRS)guest95afa8
 
Impax fourth quarter and full year 2017 earnings call presentation
Impax fourth quarter and full year 2017 earnings call presentationImpax fourth quarter and full year 2017 earnings call presentation
Impax fourth quarter and full year 2017 earnings call presentationimpax-labs
 
Proposed Unfair Claims Settlement Practices Rules - TN
Proposed Unfair Claims Settlement Practices Rules - TNProposed Unfair Claims Settlement Practices Rules - TN
Proposed Unfair Claims Settlement Practices Rules - TNDan Kuczek, LUTCF
 
Brian Balow HIPAA Final Rule
Brian Balow HIPAA Final RuleBrian Balow HIPAA Final Rule
Brian Balow HIPAA Final Rulemihinpr
 
Sample Business Associate Agreement
Sample Business Associate AgreementSample Business Associate Agreement
Sample Business Associate AgreementJorge M. Abril, P.A.
 
Business Continuity Protection Program
Business Continuity Protection ProgramBusiness Continuity Protection Program
Business Continuity Protection ProgramJasonSchupp1
 
Using consumer reports: What employers need to know
Using consumer reports: What employers need to knowUsing consumer reports: What employers need to know
Using consumer reports: What employers need to knowFYI Screening
 
False Claims Act & Physicians - Basic Primer
False Claims Act & Physicians - Basic PrimerFalse Claims Act & Physicians - Basic Primer
False Claims Act & Physicians - Basic PrimerT Anthony Howell
 
LIT_AprilMay2014_FalseClaimsActFeature
LIT_AprilMay2014_FalseClaimsActFeatureLIT_AprilMay2014_FalseClaimsActFeature
LIT_AprilMay2014_FalseClaimsActFeatureNadya Salcedo
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 

What's hot (19)

Are Your Prepaid Calling Cards Legal Final
Are Your Prepaid Calling Cards Legal FinalAre Your Prepaid Calling Cards Legal Final
Are Your Prepaid Calling Cards Legal Final
 
Hippa training v2
Hippa training v2Hippa training v2
Hippa training v2
 
Adrs Flip Chart From Ppl
Adrs Flip Chart From PplAdrs Flip Chart From Ppl
Adrs Flip Chart From Ppl
 
Affirmative Defense Response System (ADRS)
Affirmative Defense Response System (ADRS)Affirmative Defense Response System (ADRS)
Affirmative Defense Response System (ADRS)
 
Impax fourth quarter and full year 2017 earnings call presentation
Impax fourth quarter and full year 2017 earnings call presentationImpax fourth quarter and full year 2017 earnings call presentation
Impax fourth quarter and full year 2017 earnings call presentation
 
Proposed Unfair Claims Settlement Practices Rules - TN
Proposed Unfair Claims Settlement Practices Rules - TNProposed Unfair Claims Settlement Practices Rules - TN
Proposed Unfair Claims Settlement Practices Rules - TN
 
Brian Balow HIPAA Final Rule
Brian Balow HIPAA Final RuleBrian Balow HIPAA Final Rule
Brian Balow HIPAA Final Rule
 
Hm300 week 8 part 2 of 2
Hm300 week 8 part 2 of 2Hm300 week 8 part 2 of 2
Hm300 week 8 part 2 of 2
 
HIPAA Overview
HIPAA OverviewHIPAA Overview
HIPAA Overview
 
Portfolio
PortfolioPortfolio
Portfolio
 
Sample Business Associate Agreement
Sample Business Associate AgreementSample Business Associate Agreement
Sample Business Associate Agreement
 
Hipaa Goes Hitech
Hipaa Goes HitechHipaa Goes Hitech
Hipaa Goes Hitech
 
Business Continuity Protection Program
Business Continuity Protection ProgramBusiness Continuity Protection Program
Business Continuity Protection Program
 
Using consumer reports: What employers need to know
Using consumer reports: What employers need to knowUsing consumer reports: What employers need to know
Using consumer reports: What employers need to know
 
False Claims Act & Physicians - Basic Primer
False Claims Act & Physicians - Basic PrimerFalse Claims Act & Physicians - Basic Primer
False Claims Act & Physicians - Basic Primer
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
 
LIT_AprilMay2014_FalseClaimsActFeature
LIT_AprilMay2014_FalseClaimsActFeatureLIT_AprilMay2014_FalseClaimsActFeature
LIT_AprilMay2014_FalseClaimsActFeature
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaser
 

Similar to California consumer privacy act and its impact on california employers

CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfVISTA InfoSec
 
California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners Daniel Connor
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfDaviesParker
 
California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners Daniel Connor
 
Sia Partners_CCPA 2018_The American GDPR
Sia Partners_CCPA 2018_The American GDPRSia Partners_CCPA 2018_The American GDPR
Sia Partners_CCPA 2018_The American GDPRLoïc Vachon
 
Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondFuture-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondTrustArc
 
epic-adppavccpa-07292022.pdf
epic-adppavccpa-07292022.pdfepic-adppavccpa-07292022.pdf
epic-adppavccpa-07292022.pdfDanielBerkowitz11
 
What to expect from the New York Privacy Act
What to expect from the New York Privacy ActWhat to expect from the New York Privacy Act
What to expect from the New York Privacy ActVISTA InfoSec
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAVISTA InfoSec
 
Corporate compliance powerpoint
Corporate compliance powerpointCorporate compliance powerpoint
Corporate compliance powerpointsmcmanus3
 
State Statutes and Employment Screening Services
State Statutes and Employment Screening ServicesState Statutes and Employment Screening Services
State Statutes and Employment Screening ServicesVeremark
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfInternet Law Center
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
 
Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...
Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...
Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...CBIZ, Inc.
 
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveCybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveData Con LA
 
Background Screening Presentation 2011
Background Screening Presentation 2011Background Screening Presentation 2011
Background Screening Presentation 2011poseyjj
 
HIPAA Security Rule application to Business Associates heats up
HIPAA Security Rule application to Business Associates heats upHIPAA Security Rule application to Business Associates heats up
HIPAA Security Rule application to Business Associates heats upDavid Sweigert
 
Health Reform Bulletin: Certification of Compliance with Electronic Transacti...
Health Reform Bulletin: Certification of Compliance with Electronic Transacti...Health Reform Bulletin: Certification of Compliance with Electronic Transacti...
Health Reform Bulletin: Certification of Compliance with Electronic Transacti...CBIZ, Inc.
 

Similar to California consumer privacy act and its impact on california employers (20)

CCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdfCCPA Compliance Vs CPRA Compliance.pdf
CCPA Compliance Vs CPRA Compliance.pdf
 
California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners
 
California-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdfCalifornia-Privacy-Right-Act.pdf
California-Privacy-Right-Act.pdf
 
California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners California Consumer Protection Act - Insight from Sia Partners
California Consumer Protection Act - Insight from Sia Partners
 
Sia Partners_CCPA 2018_The American GDPR
Sia Partners_CCPA 2018_The American GDPRSia Partners_CCPA 2018_The American GDPR
Sia Partners_CCPA 2018_The American GDPR
 
Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and BeyondFuture-Proof Your Workplace Privacy Approach for CPRA and Beyond
Future-Proof Your Workplace Privacy Approach for CPRA and Beyond
 
epic-adppavccpa-07292022.pdf
epic-adppavccpa-07292022.pdfepic-adppavccpa-07292022.pdf
epic-adppavccpa-07292022.pdf
 
Driving change
Driving changeDriving change
Driving change
 
What to expect from the New York Privacy Act
What to expect from the New York Privacy ActWhat to expect from the New York Privacy Act
What to expect from the New York Privacy Act
 
Key additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRAKey additions and amendments introduced under the CPRA
Key additions and amendments introduced under the CPRA
 
Corporate compliance powerpoint
Corporate compliance powerpointCorporate compliance powerpoint
Corporate compliance powerpoint
 
State Statutes and Employment Screening Services
State Statutes and Employment Screening ServicesState Statutes and Employment Screening Services
State Statutes and Employment Screening Services
 
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdfBipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
Bipartisan_Privacy_Discussion_Draft_Section_by_Section39.pdf
 
California Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to knowCalifornia Consumer Privacy Act: What your brand needs to know
California Consumer Privacy Act: What your brand needs to know
 
Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...
Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...
Health Reform Bulletin 125 | Updated Employer Shared Responsibility Guidance,...
 
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's PerspectiveCybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
 
Background Screening Presentation 2011
Background Screening Presentation 2011Background Screening Presentation 2011
Background Screening Presentation 2011
 
HIPAA Security Rule application to Business Associates heats up
HIPAA Security Rule application to Business Associates heats upHIPAA Security Rule application to Business Associates heats up
HIPAA Security Rule application to Business Associates heats up
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
Health Reform Bulletin: Certification of Compliance with Electronic Transacti...
Health Reform Bulletin: Certification of Compliance with Electronic Transacti...Health Reform Bulletin: Certification of Compliance with Electronic Transacti...
Health Reform Bulletin: Certification of Compliance with Electronic Transacti...
 

Recently uploaded

Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...
Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...
Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...Nehru place Escorts
 
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...narwatsonia7
 
Hi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near Me
Hi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near MeHi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near Me
Hi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near Menarwatsonia7
 
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore EscortsCall Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escortsvidya singh
 
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...Nehru place Escorts
 
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Deliverynehamumbai
 
Aspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas AliAspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas AliRewAs ALI
 
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls JaipurCall Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipurparulsinha
 
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Miss joya
 
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls ServiceKesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Servicemakika9823
 
Call Girl Service Bidadi - For 7001305949 Cheap & Best with original Photos
Call Girl Service Bidadi - For 7001305949 Cheap & Best with original PhotosCall Girl Service Bidadi - For 7001305949 Cheap & Best with original Photos
Call Girl Service Bidadi - For 7001305949 Cheap & Best with original Photosnarwatsonia7
 
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...Miss joya
 
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceMiss joya
 
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000aliya bhat
 
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service CoimbatoreCall Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatorenarwatsonia7
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiNehru place Escorts
 
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Servicenarwatsonia7
 

Recently uploaded (20)

Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...
Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...
Russian Call Girls Chennai Madhuri 9907093804 Independent Call Girls Service ...
 
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
 
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
 
Hi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near Me
Hi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near MeHi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near Me
Hi,Fi Call Girl In Mysore Road - 7001305949 | 24x7 Service Available Near Me
 
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore EscortsCall Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
 
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
 
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
Russian Call Girls in Chennai Pallavi 9907093804 Independent Call Girls Servi...
 
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Aspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas AliAspirin presentation slides by Dr. Rewas Ali
Aspirin presentation slides by Dr. Rewas Ali
 
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls JaipurCall Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❤8445551418 VIP Call Girls Jaipur
 
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
 
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls ServiceKesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
Kesar Bagh Call Girl Price 9548273370 , Lucknow Call Girls Service
 
Call Girl Service Bidadi - For 7001305949 Cheap & Best with original Photos
Call Girl Service Bidadi - For 7001305949 Cheap & Best with original PhotosCall Girl Service Bidadi - For 7001305949 Cheap & Best with original Photos
Call Girl Service Bidadi - For 7001305949 Cheap & Best with original Photos
 
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
VIP Call Girls Pune Vani 9907093804 Short 1500 Night 6000 Best call girls Ser...
 
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
 
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Whitefield Just Call 7001305949 Top Class Call Girl Service Available
 
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
Ahmedabad Call Girls CG Road 🔝9907093804 Short 1500 💋 Night 6000
 
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service CoimbatoreCall Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
 
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls ServiceCall Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
Call Girls Service Bellary Road Just Call 7001305949 Enjoy College Girls Service
 

California consumer privacy act and its impact on california employers

  • 1. California Consumer Privacy Act and Its Impact on California Employers The CCPA could have major implications for employers, the workers’ comp industry, lawyers, medical record retrieval companies serving lawyers, & insurers. Medical Record Review 8596 E. 101st Street, Suite H Tulsa, OK 74133
  • 2. www.mosmedicalrecordreview.com 918-221-7791 Close on the foot of the General Data Protection Regulation (GDPR) of the European Union that became effective on May 25, 2018, California has become the first U.S. state to introduce its own suite of consumer privacy rules – the California Consumer Privacy Act (CCPA). This Act was signed into law on June 28, 2018 by Gov. Jerry Brown and contains many provisions aimed at strengthening consumers’ privacy rights. The CCPA becomes effective on January 1, 2020 and is expected to be the most expansive privacy law currently in the United States, in some ways. What impact will the new law have on the rights of employees and programs such as workers’ compensation in an organization? As a welfare program for the employees, workers’ compensation pays benefits to workers injured at the workplace. The benefits are granted based on a comprehensive Medical Records Analysis and evaluation of the circumstances under which the injury occurred. The CCPA will affect employers across the United States as well as on a global level and encourage legislation similar to it in other states. For instance, a group of senators in Washington state introduced the Washington Privacy Act SB 5376 (WPA), which would establish requirements similar to that of GDPR on businesses that collect personal information related to residents of Washington. Apart from requirements for notice, and consumer rights including access, rectification, and deletion, the WPA would put restrictions on the use of automatic profiling and facial recognition. Since the CCPA’s implementation date is approaching fast and taking into account the fact that certain provisions may reach back prior to the effective date, businesses must start preparing as soon as possible. So, here are some facts to know about the CCPA, how it applies to employee personal information and how business owners can stay compliant.  Businesses the CCPA applies to: Any business entity in the State of California that satisfies one or more of the following conditions is bound by the new law:  Annual gross revenue in excess of $25 million  Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices  Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
  • 3. www.mosmedicalrecordreview.com 918-221-7791 The Act would apply to any business that controls or is controlled by another business that meets the above criteria and shares common branding with the former. This could have wide-reaching implications for franchised businesses and subsidiaries. The law aims to reach businesses that handle significant amounts of data and smaller companies may also be included in this. Also, businesses with small operations in California and meet one of the above requirements will have significant privacy obligations concerned with those operations.  Employee rights under the CCPA: The CCPA’s definition of consumer (a resident of California) may extend to personal information of California residents maintained by employers and may include job applicants, temporary workers, full- or part- time workers, volunteers, interns, independent contractors and even their dependents or beneficiaries. Under this Act, employees are consumers and have the same rights as any California consumer such as the following.  Notice, disclosure and non-waiver: Employers must inform employees about the categories of personal information collected and the purpose of the collection at or before collecting the information. No additional categories of information can be collected without prior notice. When employees’ personal information is sold or disclosed to third parties for “business purposes” that include disclosures to benefit providers, payroll vendors and others, employees must be notified of the same. In their agreements with service providers, employers must strictly prohibit any unauthorized use or sale of employee information other than specified processing purposes. Employers cannot ask their employees to contractually waive any rights ensured by the CCPA. There are specific requirements as regards how employees must be notified of and may exercise their CCPA rights such as toll-free numbers to submit requests and clear and conspicuous links titled “Do Not Sell My Personal Information.”  Access to data: Employees can request that employers disclose the categories of personal information collected about them and the specific personal information collected. Once the request is verified, employers must provide the information within 45 days and free of charge, with a limit of no more than 2 requests in a 12- month period.
  • 4. www.mosmedicalrecordreview.com 918-221-7791  Deletion of personal data: Employees can also request that their personal information be deleted. However, employers can retain any information necessary for performance of the employment contract; or if the information is required only for internal purposes related to security, First Amendment rights and other uses described in Cal. Civ. Code § 1798.105(d) et seq.  Opt-out option: Employees have the right to opt out of the sale of their personal information, wherein “sale” comes under the CCPA’s broad definition. Covered employers must be cautious regarding this broad definition when signing corporate deals or when engaging third-party service providers that could involve the transfer of sensitive personal data.  No discrimination: Employers cannot discriminate or retaliate against employees who exercise their rights under the CCPA.  CCPA may not apply to all data collected for administration of employee benefits: The CCPA provides certain exemptions that may exclude certain benefit plan data – i.e. plans subject to the HIPAA privacy and security regulations and include medical plans, dental plans, and health flexible spending arrangements. Medical information that an employer receives in connection with a Family and Medical Leave Act certification, Americans with Disabilities Act reasonable accommodation, workers’ compensation claims and employer’s group health plan. There are many other kinds of employee benefits such as life and disability insurance plans, pension and 401(k) plans, tuition assistance programs, employee discount programs, wellness programs, transportation fringe benefit programs and others. Some of these programs may involve plans that may be subject to ERISA (Employee Retirement Income Security Act of 1974), which pre- empts certain state laws to the extent such laws relate to ERISA-covered employee benefit plans. CCPA and such laws could complicate the national administration of such plans.  Employers could face sanctions if they fail to comply with CCPA: Employees in California may institute a civil action under CCPA if certain types of non-encrypted or non-redacted personal data is subject to unauthorized access, theft, exfiltration, or disclosure as a result of the employer’s violation of a duty to implement and maintain
  • 5. www.mosmedicalrecordreview.com 918-221-7791 reasonable security measures and practices appropriate to protect the personal information.  The employee is not required to show any actual injury or harm to maintain a civil action.  Actionable personal information is limited to social security numbers, driver’s license numbers, and medical and financial information. It is not extended to the broader categories of information mentioned in the CCPA’s “personal information” definition.  The employee must provide the business 30 days’ written notice of the alleged violation to allow the business to rectify the defect. If the defect is set right and the business does so within the 30-day window, no damages for individual or class-wide actions may be initiated.  If the employee initiates an action for actual pecuniary damages resulting from the breach or unauthorized access of their personal data, the above notice is not required.  The employee must notify the California Attorney General’s office within 30 days of filing any action. This is to give the office an opportunity to prosecute rather than allowing the civil action to proceed.  What happens to collected employee data if the business is acquired: If there is a merger, acquisition or bankruptcy and a third party assumes control of all or part of the business, then the employees’ personal information may be part of business assets transferred to the third party. Though this type of transfer is not considered a sale of personal information under the CCPA, if the third party materially alters how it uses or discloses the employee’s personal information and that use or disclosure is materially inconsistent with the notice provided to the employee at the time of collection, the third party must provide the employee with prior notice of the changed practices.  What happens to employee data if the employee is no longer a resident of California: If an employee moves or is transferred to somewhere outside of California, he/she may not be protected by the CCPA. However, the employee’s personal information may be protected by other laws and the organization may still have the same or even increased obligation to protect the worker’s data.
  • 6. www.mosmedicalrecordreview.com 918-221-7791  CCPA’s interaction with federal, state, or local laws: The CCPA specifies that its obligations are a matter of state-wide concern in California and supersede and pre-empt all rules and regulations, codes, ordinances, and other laws adopted by a city, county, municipality, or local agency regarding the collection and sale of a consumer’s personal information by a business. The Act also makes it clear that its obligations shall not restrict a business’s ability to comply with federal, state, local laws or regulations. Though the CCPA is drafted to supplement federal and state law, it shall not apply if it is pre-empted by or is in conflict with federal law, the United States Constitution, or the California Constitution. What Steps Can Businesses Take? Now is the time for organizations in California to closely monitor developments with regard to the Act and start considering whether employees’ personal information is impacted. Also, they have to determine:  Whether the company is covered and if so, whether it will separately address California employees  When and how to update employee data to address the information requirements  How to structure a process for data access requests from employees  Whether additional contractual language is required with any third parties, including vendors, receiving employee personal information to exert better control on how those third parties utilize the sensitive employee data they receive  What system modifications and awareness training will be needed to implement the above-mentioned things California Legislature may consider legislation in 2019 before the implementation date to address any meaningful and technical issues identified in the Act. The workers’ compensation industry, workers’ comp lawyers, social security lawyers, medical record retrieval companies handling medical data for these lawyers, insurance companies and other stakeholders need to watch out for developments related to the CCPA. In fact, many insurers, employers and defense firms are concerned as to how this law could expose them to liability for data breaches and problems with information security. An important consideration now is whether your company
  • 7. www.mosmedicalrecordreview.com 918-221-7791 meets CCPA mandates when collecting, using, sharing or processing personal information about individuals located in California.