Workflow
Your Work, Your Data: A Toolkit for Exercising Worker Data Rights Under the California Consumer Privacy Act
Berkeley·2024-12-05 00:53

Industry Overview - The California Consumer Privacy Act (CCPA) is a groundbreaking data privacy law that extends protections to workers in California, including employees, independent contractors, job applicants, and former employees [3][7][18] - The CCPA grants workers the right to know when their data is being collected, access their data, request corrections or deletions, and opt out of the sale or sharing of their data [5][22][25] - The law applies to large for-profit businesses in California that meet specific revenue or data handling thresholds, such as having more than $25 million in gross annual revenue or buying/selling personal information of 100,000+ consumers [10] Worker Data Rights Under CCPA - Workers have the right to know the categories of data collected, the purpose of collection, and whether the data is sold or shared [20] - Workers can request access to their data, including data sold or shared, and businesses must comply within 45 days, free of charge [22][23] - Workers can request corrections or deletions of inaccurate data, and businesses must notify third parties to comply with these requests [24] - Workers can opt out of the sale or sharing of their data and limit the use of sensitive personal information for profiling purposes [25][27][28] Data Collection and Coverage - The CCPA covers a wide range of worker data, including personal IDs, demographics, employment-related data, biometric data, health and wellness data, and social media activity [12][13][15] - Sensitive personal information, such as Social Security numbers, union membership, and health data, is also protected under the CCPA [16] - Businesses must limit data collection, use, and sharing to what is "reasonably necessary" for stated purposes and cannot retaliate against workers for exercising their rights [30] Enforcement and Compliance - The California Privacy Protection Agency (CPPA) enforces the CCPA, and workers can file complaints for violations [30][66] - Businesses must provide multiple methods for workers to submit data requests, including toll-free numbers and online webforms [46][47] - Workers can designate authorized agents, such as unions, to make data requests on their behalf, and businesses must verify the identity of the requester [35][37][53] Privacy Policy Requirements - Businesses must provide a comprehensive description of their data practices in their privacy policies, including the types of data collected, purposes, and worker rights [80][82] - Privacy policies must be updated annually, easy to read, and available in languages used by the business [87] - Workers must be informed of their rights to access, delete, correct, and opt out of the sale or sharing of their data [84][86]