BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

  • work Practice Area

    Employment and Workers Comp

Date & Time
  • event Date

    Tuesday, September 13, 2022

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00
CLE
ALL

This CLE webinar will advise employment attorneys on the potential liability and claims that may arise under the California Privacy Rights Act (CPRA) and other state privacy laws. The panel will discuss employees' rights, including access, deletion, and correction, to data that their employers retain about them. The panel will address how to mitigate the risks of such potential claims and what employers should consider regarding data retention moving forward.

Faculty

Darcey M. Groden
Attorney
Fisher & Phillips LLP

Ms. Groden is a Certified Information Privacy Professional/United States (CIPP/US) and a member of the firm’s Data Security and Workplace Privacy Group and Consumer Privacy Team. Her privacy practice includes partnering with clients to help them meet their compliance obligations with state consumer privacy laws, including the CCPA as amended by the CPRA. Ms. Groden advises clients on compliance with national and other state data protection laws, including drafting privacy policies and data protection and sharing agreements in compliance with applicable data privacy laws. She also has assisted clients in responding to data breaches. Ms. Groden regularly presents and publishes articles relating to data privacy matters, including consumer privacy laws and privacy law trends. She also regularly litigates complex single-plaintiff cases involving discrimination, retaliation, harassment, and breach of contract.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Brad Kelso
Managing Partner
Privageo, LLC

Mr. Kelso helps firms deliver data- and user-centered products and SaaS solutions that meet financial, data compliance, and risk management standards. He has earned a reputation for delivering complex data and optimized user solutions that increase revenues and reduce risk. These span marketing and sales systems (CRM and account management), consumer engagement (POS), loan processing and underwriting (LOS’s) and servicing loan risk management. Mr. Kelso has held leadership roles at CoreLogic, Bank of America, Home Savings, and Ellie Mae.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

On Jan. 1, 2023, businesses subject to the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA) will need to reconsider their privacy practices concerning their customers' personal information and their employees’ personal information.

Businesses subject to the CPRA must draft new, or update existing, personnel privacy policies that disclose the personal information they collect in the employment context, including employees, job applicants, and contractors. Privacy policies will now need to include additional disclosures regarding data retention periods or criteria used to determine such periods and more detailed disclosures regarding types of data collected, including sensitive data. Updated privacy policies will also need to offer employees certain rights that formerly only applied to other types of consumers, such as website users and customers, under the CPRA.

Businesses must consider where to display and disclose these privacy notices as they must be available at the time of collection. Thus, companies should include the privacy notices on job applications and recruiting website pages and, for existing personnel, distribute internally in addition to posting on the business intranet.

Under the CPRA, personnel can request access to data retained by the business or ask that such data be deleted, and subject to a few exceptions, companies will need to act swiftly within the mandated 45-day period (with an optional 45-day extension) to provide or delete data. Employees will acquire other rights, such as the right to correct inaccurate data about them and to restrict the use of sensitive information in employee files.

Businesses with personnel across various states should consider if they want to offer the same rights to all personnel or only California-based personnel. Other state laws differ, further complicating the landscape and considerations. Before starting to update any documents, businesses must have a clear understanding of their data collection practices.

A business must conduct detailed data mapping exercises to know where their data is stored, not only to update their policies but also to appropriately and efficiently respond to a user's request for access, deletion, or correction. Businesses will need to update their privacy and data retention policies and practices.

Listen as our expert panel discusses how the CPRA directly affects employee data collection and retention and how this law will ultimately affect employee policies and practices.

Outline

  1. California Privacy Rights Acts
    1. Employers affected
    2. Employee rights
      1. Right of access
      2. Right of deletion
      3. Right of correction
      4. Right to restrict sensitive information
      5. Right to opt-out of the sale
  2. Other state privacy laws and employment

Benefits

The panel will address these and other key topics:

  • Which employers are affected by the CPRA?
  • What rights do employees gain under the CPRA?
  • How will the CPRA affect future employee data collection and retention?