The California Consumer Privacy Act (CCPA) was signed into law in June 2018 and first took effect on January 1, 2020. The CCPA imposed regulations on businesses that collect individual's data and was intended to give consumers the right to know what has been collected, right to request the deletion of information, right to opt-out of sales of information and the right to non-discrimination when exercising rights under the CCPA. 

What Changed?

• When originally enacted the CCPA exempted Employee Data and Business to Business Data.
• Following enactment of the California Privacy Rights Act (CPRA), these exemptions are ending January 1st, 2023.
• Employers will need to prepare to comply with privacy regulations that previously did not apply to the employer-employee relationship. 

Note: To provide additional time to make necessary adjustments, enforcement of CPRA will not begin until July 1, 2023 and will only apply to violations on or after July 1, 2023

Who are Covered Businesses?

To qualify as Covered, a business must be:

A for profit entity that collects and controls a California consumers’ personal information and at least one of these:

• As of January 1st of a calendar year had worldwide annual gross revenues over $25,000,000.00 in the preceding calendar year.
• Alone or in combination, annually buys, sells, or shares, personal information of 100,000 or more California consumers or households; or
• Derives 50% or more of annual revenues from selling or sharing California consumers’ personal information.

High-Level Requirements:

As of January 1, 2023, covered employers must prepare to:

• Provide California Residents with a specific privacy disclosure notice
• Respond to California Resident privacy requests
  • CA residents can request a list of their information that has been collected
  • CA residents can also request that data be corrected or deleted
    • If the data serves a required business purpose, it is acceptable to deny the request of deletion

How Can Paycor Help?

• Paycor is a service provider as defined by the CPRA, this means that Paycor can assist with certain requirements but it is the responsibility of the employer to comply with the CPRA.
• Employers should consult their legal advisor to confirm if the law applies to their organization, evaluate current data collection practices and establish a process for handling privacy requests & disclosure notices. 
• As of January 1, 2023, customers can contact Paycor to assist with requests for data collected, data amendment and data deletion
  • All California employee CCPA requests will need to go through a customer contact, Paycor will not handle CCPA requests directly from employees
  • If you receive a CCPA request from an employee, contact the Paycor Support team
  • After initial contact, you will receive an email requesting the CCPA Request Type and Employee Name & Number
    • CCPA Request Types are: Data Deletion, Data Amendment & Data Report
  • After the request type and employee name and number are provided, the support team will manage the request with a support case. 

Note:

• Employers have 45 days from date of request to complete any necessary action.
• Paycor will make every effort to turn around responses as soon as possible.

Agency Resources: 
See the California CCPA Overview & FAQS.