The COVID-19 pandemic has changed all manner of business procedures over the course of this past year, but one area you may not immediately recognize that needs to be immediately addressed relates to mandatory privacy notifications under California state law – perhaps even if you don’t have employees in the state. If you have not yet adjusted your business practices as it relates to COVID-19, you need to add this important assignment to your end-of-the-year to-do list.
On February 10, 2020, the Attorney General issued revisions to the proposed regulations to the California Consumer Privacy Act (the CCPA) which were originally published in October of last year. While the Attorney General cannot bring an enforcement action until July 1, 2020, these revisions indicate that the office is gearing up to start bringing CCPA enforcement actions in July. Further, while employers won a brief reprieve for their employee and applicant personal information due to an amendment to the CCPA, it is important to remember that this reprieve only lasts until January 1, 2021. As the law currently stands, employers have only had to comply with a small portion of the CCPA for their employees and job applicants.