Menu

Hiring Insights Blog

The Latest on What The California Privacy Bill Means for Job Applicant and Employee Data
Industry Trends
Wednesday, Sep 11, 2019

Due to recent developments, it appears that a California Consumer Privacy Act (“CCPA”) amendment exempting employee and job applicant data will not be as robust as once envisioned. More specifically, it appears that the proposed amendment – AB 25 – has been revised to provide that the CCPA will apply to the personal information of employees and other personnel. However, there are new nuances that employers should be aware of and prepare for now.

The Latest Version of AB 25

Previously, AB 25 would have completely exempted the personal information of employees, job applicants, and others that was used in the context of human resources and talent administration (“Employees / Applicants”) (See Section 1798.145 (g)(1) for the complete list). However, the California Senate Judiciary Committee has proposed a new version. Its version is likely to pass by mid-September 2019. Moreover, its version of AB 25 would exempt for one (1) year (i.e., until January 1, 2021) the majority of the CCPA’s requirements as they relate to the personal information of the Employee and Job Applicant Data.

Its AB 25 version, however, does not apply to (a) the requirement to provide a privacy policy to Employees / Applicants at or before the point of collection of their personal information, or (b) the private right of action breaches arising from a business’ failure to implement and maintain reasonable security measures. 

After the exemption period expires (January 1, 2021), businesses would then be subject to all of the CCPA’s requirements in the human resources and talent administration context. 

How should your company prepare now?

While AB 25 may continue to be amended by the end of September 2019, it is highly unlikely that the law will never apply to Employees / Job Applicants’ personal information. Therefore, businesses should:

  • Ensure your data mapping efforts include Employees / Job Applicants’ personal information;
  • Update your applicable privacy policy and ensure it is delivered to Employee / Job Applicant beginning January 1, 2020; and
  • Ensure your security measures apply to Employee / Job Applicant’s personal information, including in third-party systems of Service Providers (Read more about iCIMS’ security measures by clicking here).

Note: This post first appeared on ERE.

By Josh Torres, Corporate Privacy and Regulatory Counsel at iCIMS