Overview

The California Consumer Privacy Act (CCPA) was signed into law in June 2018 and first took effect on January 1, 2020. The CCPA imposed regulations on businesses that collect individual's data and was intended to give consumers the right to know what has been collected, right to request the deletion of information, right to opt-out of sales of information and the right to non-discrimination when exercising rights under the CCPA. 

What Changed?

• When originally enacted the CCPA exempted Employee Data and Business to Business Data.
• Following enactment of the California Privacy Rights Act (CPRA), these exemptions are ending January 1st, 2023.
• Employers will need to prepare to comply with privacy regulations that previously did not apply to the employer-employee relationship. 

Note: To provide additional time to make necessary adjustments, enforcement of CPRA will not begin until July 1, 2023 and will only apply to violations on or after July 1, 2023

Who are Covered Businesses?

To qualify as Covered, a business must be:

A for-profit entity that collects and controls a California consumers’ personal information and at least one of these:

• As of January 1 of a calendar year had worldwide annual gross revenues over $25,000,000.00 in the preceding calendar year.
• Alone or in combination, annually buys, sells, or shares, personal information of 100,000 or more California consumers or households; or
• Derives 50% or more of annual revenues from selling or sharing California consumers’ personal information.

High-Level Requirements

As of January 1, 2023, covered employers must prepare to:

• Provide California Residents with a specific privacy disclosure notice
• Respond to California Resident privacy requests
  • CA residents can request a list of their information that has been collected
  • CA residents can also request that data be corrected or deleted
    • If the data serves a required business purpose, it is acceptable to deny the request of deletion

What Are Paycor's Responsibilities?

Paycor is a service provider as defined by the CPRA. This means Paycor can assist with certain requirements, but it is the employer's responsibility to comply with the CPRA.

Employers should consult their legal advisor to confirm if the law applies to their organization, evaluate current data collection practices and establish a process for handling privacy requests & disclosure notices. 

As of January 1, 2023, customers can contact Paycor to assist with requests for data collected, data amendment and data deletion.

• All California employee CCPA requests must be sent by a customer contact listed on the account. 
  • Paycor will not handle CCPA requests directly from employees
• If you receive a CCPA request from an employee, contact the Paycor Support team
• After initial contact, you will receive an email requesting the CCPA Request Type and Employee Name & Number
  • CCPA Request Types include Data Deletion, Data Amendment, and Data Report
• After the request type and employee name and number are provided, the support team will manage the request with a support case. 

Note:

• Employers have 45 days from date of request to complete any necessary action.
• Paycor will make every effort to turn around responses as soon as possible.

Agency Resource

See the California CCPA Overview & Frequently Asked Questions.