What is a CCPA?
If you are a California resident, you will be happy to know that you have more control over your personal data than ever before. The California Consumer Privacy Act (CCPA), which went into effect on the 1st of January, 2020, is designed to give you ownership of your data and prevent businesses and other third parties from sharing and selling your data without your consent.
The CCPA also states that businesses that store consumer data must take reasonable security measures to safeguard it. In the event of a breach, the consumer can sue the business for statutory damages.
CCPA apply to background checks or not! Read More
The Impact of CCPA on Employee Background Checks
The original draft of the CCPA defined the term ‘consumer’ broadly and vaguely. So, the laws on storing, sharing, and selling data applied to all business entities, including employers and background check companies, handle consumer data.
Shortly after, an amendment called AB 25 was passed to exclude employees, independent contractors, job applicants, and business agents from the definition of the term ‘consumer.’ So, as of now, most of the provisions of the CCPA do not apply to employers and background check companies.
There are, however, two key provisions of the CCPA that employers and consumer reporting agencies are required to comply with.
Notice at Collection
Firstly, the employer must tell you – the consumer – the following things at the time of collecting your personal data.
- What kind of data they are collecting – employment-related data, credit-related data, geolocation data, identifiers, and so on.
- What they are using it for.
AB 25 clearly states that an employer or a consumer reporting agency can collect, use, or share a potential employee’s data only as part of the hiring or screening process. They cannot use the data for any other purpose.
Safeguarding the Data
Employers who store the data of their employees are required to safeguard it by taking the necessary cybersecurity measures. If they fail to implement these measures, and if it results in a data breach, the employees whose data were stolen can file a lawsuit against the employer and seek statutory damages.
It should be noted that the CCPA does not specify what it means by ‘reasonable safeguards.’ So, it is the responsibility of employers to devise and implement a robust cybersecurity strategy to safeguard the data of their employees.
Many experts believe that employers can safeguard the data they collect from their employees by following the Center for Internet Security guidelines.
Responsibility of California Employers in Safeguarding Employee Data
The CCPA places a lot of responsibility on employers concerning collecting, sharing, and storing employee data. If you are an employer, you must make sure that your employee screening processes and data sharing protocols comply with the act’s provisions.
If you are an employee, you should be aware of the rights you have as a consumer and make sure that no one, including your employer, misuses your data.