Note: This article is for general information only and is not intended as legal advice. Organizations should seek out independent legal advice to comply with CCPA.
What is the California Consumer Privacy Act (CCPA)?
The CCPA is a new privacy law in California that gives consumers more rights to view, delete and opt-out of having their personal information sold by a business. The ClearCompany software platform is CCPA compliant. If you conduct business in California and you fall into one of these three categories you’ll more than likely need to comply with CCPA.
- Has $25M+ in annual revenue, or
- Derives 50%+ of its revenue from selling consumer data, or
- Annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
ClearCompany has never and will never sell our customer’s data, as defined under the CCPA.The #CCPA is a new privacy law in California that gives consumers expanded rights. @ClearCompany helps to shed light on this law and how it affects your HR department:
Exemption of HR Data From CCPA Until January 1, 2021
On October 14, 2019, the Governor of California excluded all provisions of this act for HR data.
“This bill would exempt, until January 1, 2021, from all provisions of the act, except the private civil action provision and the obligation to inform the consumer as to the categories of personal information to be collected as described above, information collected from a natural person by a business in the course of the natural person acting as a job applicant to, an employee of, owner of, director of, officer of, medical staff member of, or contractor of that business, as specified.”
If HR Data is excluded, do I need to take any action?
First, you need to determine if your company will need to comply with this new privacy law. If you’ve answered yes to this question then you should start to do the following in regards to HR data:
- Create disclosure forms for candidates and employees.
- Secure the personal information you’re collecting.
- The type of information you may be collecting on the candidate and employees.
- What rights the candidates and/or employees have.
- How long you will keep this personal information on file.
- Whether or not your business sells personal information for monetary purposes.
ClearCompany has never and will never sell our customer’s data, as defined under the CCPA.Do you need some help understanding #CCPA and how it affects your HR department? @ClearCompany has the answers for you:
Businesses will then need to build out disclosure forms for their California employees and applicants. These disclosure forms should include a list of different categories of HR data that your company is collecting and which systems you’re storing their personal information in. This should start with an exercise of mapping how applicant and employee data flows throughout all your systems. For example, it may first start with a candidate applying through ClearCompany, running a background check through one of our partners and then sending the data to your payroll system. From there, the employee’s personal information may also live in your benefits, healthcare, and LMS system, just to name a few. In your disclosure forms, you should include which categories of data are housed in these different systems.
Businesses should then also choose vendors that can give reasonable assurances of securing this data. ClearCompany has just successfully undergone a SOC 2 audit and will have this report available to all prospects and clients in February of 2020.
How ClearCompany Helps Companies Stay In Compliance
As part of ClearCompany becoming GDPR compliant in 2018, we created various tools to help our customers stay in compliance with new and existing privacy regulations. At any time, a candidate can log into the job portal section of your career site to view all of the resumes, employment applicants and other supplemental documents they’ve submitted to your company. In this portal, they also have the ability to export all of this data in a standard format for data mobility purposes.
Another feature that is available to administrators in the ClearCompany system is to securely delete all data that is associated with a candidate.
ClearCompany regularly reviews any new privacy laws and will always make the necessary changes to keep you in compliance. If you haven’t started thinking about CCPA the time to do so is now. Get started with a CCPA-compliant company like ClearCompany!
As ClearCompany's Information Security Analyst, Phil specializes in all things security and compliance. He stays up to date on the latest trends in information security to not only keep ClearCompany safe, but all of our customers as well.