Overview
During this webinar, Privacy Partner Katy Linsky and Employment Associate Laurie Baddon discussed best practices for employers to prepare for enforcement of the California Consumer Privacy Act (CCPA).
Top takeaways included:
- HR data—including employee, job applicant and contractor data—is in scope of the CCPA. The previous exemption for this type of data has lapsed.
- Enforcement is active. The California Attorney General recently announced an investigative sweep into California employers’ compliance with the CCPA.
- More lead time is needed than you may think to develop a compliance program. Key steps include scoping impacted processing activities and identifying key stakeholders, thoroughly evaluating and modifying current practices and policies, updating contracts with third parties, implementing training and processes for responding to employee rights requests and updating cybersecurity processes and procedures.
- There is no “one size fits all” for compliance. Considerations include the size of your business, the availability of existing privacy compliance programs to leverage and the various jurisdictions in which your business operates.
- Testing and flexibility is key. It is important to test your privacy compliance program prior to launching to weed out any issues. Continuously monitor your program to determine when (and what) updates may be required.
McDermott has extensive experience working with employers to operationalize these requirements, and we have developed templates, guidance, playbooks and other tailored materials specifically for creating compliance programs. Contact Katy, Laurie or your regular McDermott lawyer to discuss how we can help.
View key takeaways from and recordings of other webinars in our New State Privacy Laws Series: