On August 31, California's legislature ended its 2022 session without extending the California Consumer Privacy Act (CCPA) exemptions regarding B2B and employee personal information. Unless a special legislative session is called, the current exemptions will expire as of January 1, 2023, the same day the California Privacy Rights Act (CPRA) goes into effect.
Until now, the CCPA primarily applied to for-profit "businesses" that do business in California and process the personal information of California residents, excluding data governed by other privacy laws such as HIPAA.
Now, all for-profit organizations whether business-to-business (B2B) or business-to-consumer (B2C) who meet the following criteria:
A business with gross annual revenue of over $25 million per year.
A business that derives 50% or more of its annual revenue from sharing or selling California consumers’ personal information.
A business that annually buys, shares, or sells personal information to over 100,000 consumers.
must comply with CPRA
and include the data collected from their employees, applicants, owners, officers, directors, and independent contractors in the context of employment and employment applications.
The business needs to identify any third parties with whom they share this information.
Additionally, personal information
reflecting written and verbal communications or collected during transactions between businesses will be subject to the same laws as those with individual customers.
What You Can Do Now
Contact us. Your friends at Consilien can help you meet the “Reasonable Security Standards,” required by CCPA/CPRA and help you create systems to help you adhere to the regulation.
Contact an attorney who specializes in Data Privacy. If you do not have an attorney and please contact firstname.lastname@example.org
and we will send you a list of referrals.
Stay in touch. We will be having an informational webinar soon regarding the regulation. There you can ask your questions of the experts.
Krista Hollingsworth, Chief Revenue Officer for Consilien, helps to create a culture of security awareness through an
integrated approach to cybersecurity awareness training. Krista is responsible for creating and nurturing short-term and
long-term strategic marketing, branding, and sales road maps.