Careers

Experiences

Industries

Offices

Our Firm

Pages

Our People

Updates

Practices

Warner Norcross + Judd LLP is a corporate law firm with over 230 attorneys serving clients in nine offices throughout Michigan. Among the largest law firms in Michigan, Warner works in virtually all areas of business law.

Michigan Law Firm - Warner Norcross + Judd LLP

The California Consumer Privacy Act (CCPA) just went into effect on January 1, 2020. If your business has operations in California, the new law may require you to provide notices to employees, update privacy policies on websites and amend contracts with vendors who handle employee data—including data relating to your employee benefit plans.

contentpilot/introduction

Employers Subject to the CCPA

core/heading

The new law casts a wide net. It applies to any for-profit business (including entities that control or are controlled by the business and share common branding with the business) that:

core/paragraph

core/list

CCPA Requirements

The CCPA gives California residents certain rights with respect to their data. These rights will vary, depending on whether a business merely collects and processes information about California residents and households or if it also “sells” the information. 

Application of the CCPA to Employment Data

The CCPA defines “personal information” to specifically include employment-related information. However, before the California legislature adjourned for 2019, it passed an amendment to the CCPA that provides a one-year partial exemption for employment data. As amended, the CCPA during 2020 requires that a business must give employees and job applicants in California the Notice of Collection that describes the categories of data that the business collects, the purposes for the collection and the disclosures that it makes of that data. However, the business does not have to respond to individual rights requests until 2021.

Application to Employee Benefits

Employee benefit programs inevitably include personal information, such as names of employees, names of spouses, dependents and other beneficiaries, and possibly information associated with those individuals. For programs subject to ERISA, there is certainly an argument that CCPA is preempted by ERISA—but California has a history of challenging ERISA preemption claims, and until courts work through that issue, it’s an open question. Moreover, if your company provides any benefit programs that are not subject to ERISA (for example, a dependent care FSA, an HSA contribution program or a salary continuation program for those on short-term disability leave), no pre-emption argument is available.

Penalties Under the CCPA

Non-compliance with the CCPA will be costly. The California Attorney General is authorized to enforce the CCPA with penalties of up to $2,500 per violation per employee. Additionally, consumers whose data is the subject of a data breach can sue for between $100 and $750 per incident if the business failed to implement reasonable security procedures. The CCPA expressly voids any arbitration provision or class action limitation on this right.

Steps to Take Now

If your business is subject to CCPA requirements, consider the following steps with respect to your employment data and employee benefit programs:

We’re Here to Help

For assistance with CCPA compliance or questions about the CCPA generally, please contact Norbert Kugele or any member of Warner’s Employee Benefits Practice Group.

Of Counsel

Norbert F. Kugele

Cybersecurity and Privacy

Employee Benefits

Employment Data, Employee Benefits and the CCPA

Warner Norcross + Judd LLP is responsible for the contents of our advertising and this website. Please read our full <a href="/privacy-policy/" aria-label="see privacy policy">privacy policy</a> available on our website. If you have any questions or comments about our website or our Privacy Policy please contact us at <a href="mailto:info@wnj.com">info@wnj.com</a> or 616.752.2000.

Employment Data, Employee Benefits and the CCPA

professionals