← Back to the Blog

Why Employers Should Prioritize Data Privacy

As data privacy becomes increasingly important, companies must start paying attention to it on behalf of their employees. Employers need to generate privacy statements and policies, informing employees about the information being collected, with whom it is shared, and why. 

Though it will be a while until California begins enforcing or punishing many data-related violations, it is still vital that employers make compliance a priority so they are not caught unprepared—and for many, preparations may be heavy—when enforcement does begin. 

It’s crucial to make compliance a priority to reduce your liability. Because this is a big deal, you are going to have to spend time and thought on it. You should get ahead while there is time. 

But there is an opportunity here, too. You can use this time to set your company apart and build trust. Sage employers will position employee privacy as an advantage, setting your company apart and building trust among employees and candidates.

Background on Data Privacy Laws

In 2018, the California Consumer Privacy Act (CCPA) was passed to enhance privacy rights and consumer protection for California residents. The act requires businesses to adhere to strict privacy requirements regarding the personal information they collect about consumers. In 2020, the California Privacy Rights Act (CPRA) was approved, amending the CCPA and expanding some of its protections. Many CPRA provisions took effect on January 1, 2023, requiring employers to comply with the law as it pertains to employees, job applicants, and independent contractors.

Understanding CPRA Obligations

Under the CPRA, businesses must meet several obligations to protect consumers’ privacy, including:

• Providing disclosure notices when collecting personal information.
• Complying with consumer requests regarding personal information (with some exceptions).
• Implementing reasonable security measures to protect collected personal information.
• Not discriminating or retaliating against anyone exercising their rights under the law.

Employers should educate employees and contractors on these obligations and ensure they understand and comply with the CPRA. In doing so, farsighted employers can create a more transparent environment and foster trust between the business and its customers.

The Importance of Data Privacy Policies

Employers must create data privacy policies that are transparent and inform employees about their rights under the CPRA. For example, how the employer will use and store contact information should be documented and clear. 

These policies should include details on the categories of personal information collected, the purposes for which it is used, the length of time the information is retained, and whether the information is sold or shared. 

Employers should update their privacy policies at least once every 12 months to ensure compliance with the law.

Administering Employee CPRA Rights

Employers must develop procedures for receiving and responding to employee CPRA requests, such as producing, deleting, or correcting personal information. These procedures may require adaptation or even re-envisioning  to accommodate employees, job applicants, and independent contractors. 

Employers should consult with legal counsel to determine the optimal way to receive and respond to requests, as well as identify what information is subject to CPRA requests and whether exceptions may apply.

Preparing for Compliance

Employers can and should begin preparing for data privacy compliance by taking the following steps:

1. Audit employment-related information practices. Create a data map that tracks the collection, usage, storage, and custody of information.
2. Review CPRA rights. You need to work with legal counsel to establish procedures and tools for processing and responding to requests.
3. Update or create required notices and privacy policies. 
4. Train relevant personnel on CPRA consumer rights and request processing.
5. Identify service providers and contractors with whom personal information is disclosed. You should then ensure compliance with respect to those contracts and any shared user data.
6. Review and implement reasonable security measures to protect personal information from unauthorized access.

Data privacy is becoming increasingly important in the modern workplace. By prioritizing data privacy, employers can create a competitive advantage, build trust among employees, and ensure compliance with evolving privacy laws. 

By proactively addressing data privacy concerns, employers can safeguard their business and foster a transparent and secure work environment for all. We know this is a potentially confusing topic that is new for many organizations—and we’re here to help! Let’s talk, and we’ll point you in the right direction.

---

---