What Is The CCPA & Does CCPA Apply To Background Checks?
If you are a resident of California, you will be happy to know that you have more control over your personal data than ever before. The California Consumer Privacy Act (CCPA), which went into effect on the 1st of January, 2020, is designed to give you ownership of your data and prevent businesses and other third-parties from sharing and selling your data without your consent.
The CCPA also states that businesses that store consumer data must take reasonable security measures to safeguard it. In the event of a breach, the consumer can sue the business for statutory damages.
The Impact of CCPA on Employee Background Checks
The original draft of the CCPA defined the term ‘consumer’ in a broad and vague manner. So, the laws on storing, sharing, and selling data were applicable to all business entities – including employers and background check companies – that handle consumer data.
Shortly after, an amendment called AB 25 was passed to exclude employees, independent contractors, job applicants, and business agents from the definition of the term ‘consumer’. So, as of now, most of the provisions of the CCPA are not applicable to employers and background check companies.
There are, however, two key provisions of the CCPA that employers and consumer reporting agencies are required to comply with.
1 – Notice at Collection
Firstly, the employer is required to tell you – the consumer – the following things at the time of collecting your personal data.
- What kind of data they are collecting – employment-related data, credit-related data, geolocation data, identifiers, and so on.
- What they are using it for.
AB 25 clearly states that an employer or a consumer reporting agency can collect, use, or share a potential employee’s data only as part of the hiring or screening process. They cannot use the data for any other purpose.
2 – Safeguarding the Data
Employers who store the data of their employees are required to safeguard it by taking the necessary cybersecurity measures. If they fail to implement these measures, and if it results in a data breach, the employees whose data were stolen can file a lawsuit against the employer and seek statutory damages.
It should be noted that the CCPA does not specify what it means by ‘reasonable safeguards’. So, it is the responsibility of the employers to devise and implement a robust cybersecurity strategy to safeguard the data of their employees.
Many experts believe that employers can safeguard the data they collect from their employees by following the guidelines issued by the Center for Internet Security.
Responsibility of California Employers in Safeguarding Employee Data
The CCPA places a lot of responsibility on employers with respect to the collection, sharing, and storing employee data. If you are an employer, you must make sure that your employee screening processes and data sharing protocols are in compliance with the provisions of the act.
If you are an employee, you should be aware of the rights you have as a consumer and make sure that your data is not misused by anyone – including and especially your employer.
See what will a landlord, investor, potential employer, or any government organization learn when they run a background check on you? See what others can know about you.