Businesses covered by the California Consumer Privacy Act (CCPA) will have at least one more year to prepare for the end of the Act's exemptions for personal information collected from "employees" and in the course of business-to-business (B2B) transactions. On Sept. 30, 2020, Gov. Gavin Newsom signed into law Assembly Bill 1281 (AB 1281), which will extend the exemptions until Jan. 1, 2022.
Under the CCPA's "employee" exemption, Civil Code section 1798.145(h), personal information of a consumer who is a job applicant, employee, owner, director, officer, medical staff member or contractor of a covered business will remain largely exempt from the CCPA, provided that the business collects and uses the personal information within the context of 1) the employment relationship, 2) having an emergency contact on file or 3) administration of benefits. Under section 1798.145(h)(3), however, a business must still provide such consumers with notice of what will be collected and how the personal information will be used. Employees are also eligible to seek damages under section 1798.150 for a covered data security incident.
Under the "B2B" exemption, Civil Code section 1798.145(n), personal information collected in the course of B2B communications or transactions is exempt from most parts of the CCPA, where the consumer is acting on behalf of a business, and the communications or transactions relate solely to providing or receiving a product or service to or from another business. Unlike with its employees, a covered business need not provide B2B consumers with notice, but a business does remain liable to such consumers for certain security incidents.
It is important to note that AB 1281 will only become effective if Proposition 24, the California Privacy Rights Act (CPRA), is not passed by California voters this November. If the CPRA does pass, it would extend the expiration date for the employee and B2B exemptions an additional year to Jan. 1, 2023. In either case, though, businesses have gained additional time to prepare for the provision of the CCPA rights to all types of consumers.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.