What the CCPA Legislation Means for Staffing Firms
Note: this blog is for informational purposes only and not for the purpose of providing legal advice. You should contact your legal counsel with respect to any questions or issues regarding the CCPA. For official CCPA guidelines, see here.
You may be familiar with the General Data Protection Regulation (GDPR) legislation that went into effect in the EU in May 2018. GDPR ensures organizations are protecting the personal data that they hold on individuals and calls for a more meticulous process on how data is collected and accessed.
What you may not be familiar with is the forthcoming California Consumer Privacy Act (CCPA), which will go into effect January 1, 2020. In short, CCPA establishes enhanced consumer protection and privacy rights for those living in California.
So, what specifically does this mean for staffing firms who do business in California or with candidates who live in the state?
Read on for a breakdown of what the legislation is and what it means for your business. It is important to note that there are still some regulations/amendments in review that could change the way the CCPA is interpreted, so subscribe to the Bullhorn Compliance Digest to stay on top of future updates.
What is the CCPA?
According to the CCPA website, this legislation “grants consumers new rights with respect to the collection of their personal information,” including the right to know (and ask for the removal of) all pieces of data that are collected by businesses and the right to refuse the sale of their personal data.
Essentially, the CCPA is a collection of guidelines that gives individuals in California the right to know how and why their information is being collected and puts the onus on businesses to collect, use, and disclose personal data with increased visibility and enhanced corporate responsibility.
Who does it apply to?
While the CCPA covers all residents of California with regards to personal data, the CCPA regulations must be followed by any entity that does business in California and satisfies one or more of the following:
- Annual gross revenue in excess of $25 million;
- Interaction with (including buying, sharing, receiving, or selling) the personal information of 50,000 or more CA consumers or households; and/or
- 50 percent or more of its annual revenue is derived from selling CA consumers’ personal information.
The law is largely trying to reach businesses with significant amounts of data, but small businesses may still need to follow the CCPA regulations. For example, if a business does not meet the minimum revenue criteria but manages 100,000 records of CA residents in their ATS, they must comply with the CCPA regulations.
What does it mean for staffing firms?
Under the CCPA, businesses will need to promptly provide details to individuals about the types of personal information collected by the business and how it is used. Firms must also be prepared to field inquiries from individuals about their data and be able to share further information and/or delete the data if requested.
Therefore, when interacting with any candidates who reside in California, staffing firms must ensure they are following the correct protocol as disclosed in the CCPA legislation as of Jan. 1, 2020. This involves ensuring the appropriate collection of data, fielding questions about data collection and usage, and removing data.
Craig Sherwood, Partner at Shambliss Security, adds: “CCPA requires transparency, collaboration, and human judgment. Adhering to privacy laws is a collaborative effort among data privacy officers, information technology teams, and business leaders. To make decisions you must understand the context of data collection, processing, and use. Staffing firms can mitigate cybersecurity risks by implementing data retention and destruction policies.”
What are the next steps?
To start, staffing firms should evaluate their current practices of collecting personal information and develop internal strategies to ensure compliance of the CCPA. This could include (but is not limited to) evaluating how information is collected, where it is stored, and who else internally has access to the data. Additionally, staffing firms also need to ensure there are guidelines in place for removing personal data should this be requested by any individual.
While the exact implications of the CCPA are still in flux, the best thing you can do now to prepare is to stay up-to-date with the legislation. To help you better prepare for when the CCPA goes into effect, Bullhorn will continue to provide resources and guidelines around how your team and business can effectively comply.
The action of taking inventory of current practices and determining which, if any, need to be updated to comply with the CCPA should happen well in advance of January 1, 2020. Starting the evaluation process early will help your staffing firm be prepared for when the legislation officially goes into effect.
As mentioned, for more information, we encourage you to visit the CCPA website and subscribe to the Bullhorn Compliance Digest.