For the second year in a row, the Washington legislature failed to pass an ambitious consumer privacy protection bill into law.
California’s all-inclusive privacy law, the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, has already been cited in numerous lawsuits. Over this next year, employers are likely to see lawsuits testing the waters of the new statute. For now, the first wave of CCPA lawsuits raise several unsettled questions and serve as an important reminder to implement procedures to bring your business in compliance.
Many small or solo franchisees, subsidiaries, and affiliates of larger businesses may think the California Consumer Privacy Act (CCPA), does not apply to your separate business entity because it does not meet one of the three threshold criteria for CCPA coverage: (1) your annual revenue is under $25 million; (2) you do not annually collect the personal information of 50,000 or more California residents, households or devices; and (3) you are not in the business of selling information. But upon closer inspection, you may be disappointed to learn that California’s groundbreaking new privacy law, which became effective January 1, 2020, may yet still apply to you based on a potentially broad "control" test.
Governor Gavin Newsom just signed into law two amendments to the California Consumer Privacy Act (CCPA) that will have a direct impact on employers doing business in the state. The new amendments, signed on October 11, 2019 and taking effect on January 1, 2020, require covered businesses meeting a certain revenue threshold or other criteria to implement policies and procedures that provide consumers – which includes employees – certain privacy rights not previously available under existing law.