Employee Privacy Rights Under the CPRA
The California Privacy Rights Act (CPRA) is a consumer protection law that was approved by California voters in 2020. The CPRA placed significant restrictions on how companies may collect, store, use and share consumer data. In addition to protecting consumers, the CPRA also established a number of data privacy rights for employees of companies that operate in California. Employee privacy rights under the CPRA are robust: workers whose personal data is collected by their employers can take legal action when that data is misused.
To learn more about how the CPRA safeguards employee privacy rights, keep reading this blog.
CPRA Requirement: Notification and Disclosures to Employees
Under the California Privacy Rights Act (CPRA), employees of qualifying businesses have the right to be notified by their employers when their personal data is being collected for any reason. Additionally, employers must notify workers about why their personal data is being collected. If your employer has collected your personal information and failed to notify you in advance so that you could provide consent, then they may be in violation of California data privacy laws.
Additionally, the CPRA mandates that employees must be given very specific details about what type of personal information is being collected by their employers. Previous consumer privacy laws broadly protected employees by compelling companies to disclose certain aspects of their data collection procedures. Now, companies must specifically disclose to all employees the precise category of personal information that has been collected in the previous 12 months.
CPRA Gives Employees the Right to Correct Inaccurate Information
Just like consumers, employees also have the right to correct or delete inaccurate information that has been collected. Similarly, employees can opt out of any plans by the company to share their personal information with others. If an employee makes this kind of request, the company has 45 days to honor it.
CPRA Requirement: Businesses Must Maintain an Employee Privacy Policy
The California Privacy Rights Act (CPRA) also strengthened existing data protection laws that require companies to maintain an employee privacy policy explaining the company’s rules and policies about personal data collection. Under the CPRA, employers must not only have a written employee privacy policy, but the policy also needs to be posted so that it is easily accessible by workers.
Additionally, the employee privacy policy must detail exactly what the collected information will be used for, including whether the data will be sold to third parties or shared with third parties.
The CPRA Protects Employees Against Retaliation
The California Privacy Rights Act (CPRA) intersects with California employment law, which means that employees who exercise their digital privacy rights under the consumer privacy statute are protected against retaliation by their employers.
The California Privacy Rights Act Also Protects Consumers
While the California Privacy Rights Act (CPRA) provides explicit protections for employees, the statute’s primary purpose is to ensure that consumer data remains confidential after it has been shared with businesses. One of the main ideas behind the CPRA is that individuals should have control over how their sensitive personal information is used by companies. When a company violates the privacy of customers, or otherwise fails to take reasonable steps to ensure that customer data remains confidential, that company should be held accountable.
The CPRA officially expanded the scope and protections of the California Consumer Privacy Act (CCPA), which already protected consumers against invasions of privacy involving their personal information. The CPRA gives consumers new privacy rights that did not exist under previous consumer privacy laws. These new consumer rights include the ability to correct inaccurate information being retained by companies. More generally, the CPRA ensures that consumers have a legal right to limit how their sensitive personal data is collected, used, and disclosed.
Contact the Los Angeles Employment Lawyers at Tauler Smith LLP
Did your employer monitor your emails, record your phone conversations, or collect your personal information in any other way? California strictly regulates how companies can collect and/or share the information of their workers. The Los Angeles employment lawyers at Tauler Smith LLP possess an in-depth understanding of both employment laws and privacy laws, and we are passionate about protecting employee rights.
Call 310-590-3927 or email us today to discuss your case.