Overview
Employers and business-to-business (B2B) companies have only three months left to implement California’s comprehensive privacy requirements. Although other US privacy laws taking effect in 2023 exempt HR and B2B data, California failed to enact legislation that would extend the state’s existing exemptions through the new year. As a result, companies must extend robust, GDPR-like privacy protections to California employees, applicants, contractors and business contacts by January 1, 2023 (when modifications to the California Consumer Privacy Act (CCPA) from the California Privacy Rights Act (CPRA) take effect). Given California’s active CCPA enforcement, all businesses should evaluate whether they are subject to the CCPA and how they can comply.
Join McDermott partners Elliot Golding and Kathryn Linsky, and Mohammad Amer, Director and Assistant General Counsel, Global Data Privacy Legal at 3M for a robust discussion and practical tips to prepare your organization for the CCPA’s expansion to HR and B2B data, including:
- Scoping CCPA applicability, conducting a risk-based “data discovery” exercise (including both structured and unstructured data sources) and developing a risk-based plan to tackle compliance obligations
- Updating or developing key documents, including more robust privacy notices, updated contracts with vendors and other data recipients, etc.
- Developing processes to receive and honor GDPR-like data subject rights from employees, applicants and business contacts (including rights to access, correct, delete, etc.)
- Evaluating whether common HR and B2B activities constitute a “sale” or “financial incentive” that triggers more complicated compliance obligations
- Implementing other key process requirements, such as training, security and privacy impact assessments