In a nutshell, the CCPA is California’s equivalent to the EU’s General Data Protection Regulation (GDPR), which was introduced back in 2018 to give EU citizens greater control over their personal data.
Two years later, California now has its very own version of the GDPR. (It’s important to note here that while the principle of the GDPR and CCPA are similar, the regulations that have been enforced aren’t exactly the same).
As with all new things, there are inevitably questions about what the changes mean and what they look like in reality. For instance, what do businesses have to do differently? Who does it apply to? What information does it cover?
This Q&A article is designed to provide you with a top-level overview of the CCPA. It tackles some of the general key questions that are floating around in relation to this new legislation, and more specifically, the CCPA’s impact on the world of recruitment.
A two-minute introduction to the CCPA:
What is the CCPA?
It’s a new privacy law that’s been brought in to give California consumers greater rights over the way businesses collect and store personal details about them.
Anybody who’s a resident of California, even if they’re temporarily living outside of the State, has the right to:
- Know about the personal information a business collects about them and how it’s used and shared
- Delete personal information that’s been collected about them (there are some exceptions to this – details below)
- Opt-out of the sale of personal information
- Not be discriminated against for exercising their CCPA rights
What personal information does it apply to?
Any form of details that identify, relate to or could be linked to an individual or household.
Who has to comply with the CCPA?
All for-profit businesses that are operating in California that:
- Have a gross annual revenue greater than $25 million
- Buy, receive or sell the personal information of 50,000 or more California residents, households or devices
- Generate 50% or more of their annual revenue from selling California residents’ personal information
Non-profit organizations and Government agencies are the only exception to the CCPA rules—their activity isn’t classed as falling under the CCPA.
What happens if organizations don’t comply with the CCPA?
They can wind up being fined between $2,500 (for unintentionally breaking the rules) to $7,500 (for intentionally failing to maintain CCPA compliance). These penalties are calculated on a case-by-case basis.
The CCPA’s impact on recruitment:
The CCPA applies to organizations, regardless of industry. However, while the regulations may have been in place for a few months now, some recruiters are still finding their feet with the new CCPA-focused way of doing things.
What’s the main thing recruiters need to be aware of?
Ultimately, candidates can now request information about the personal data you have about them on your systems.
They can ask you to tell them the personal information you’ve collected, used, shared or sold about them and why you’ve collected, used, shared or sold it. They’re now also perfectly within their rights to ask you to provide details about:
- The personal information you’ve collected about them
- Specific pieces of personal information
- Where you’ve collected the personal information from
- What you’ve used the information for
- Which third parties you’ve shared it with
- The information you’ve sold or disclosed to other parties
The requested information applies to the previous 12 months and must be provided free of charge within 45 days. It is possible to extend the deadline by another 45 days, providing you notify the candidate that you are doing this.
What’s a Notice at Collection?
This is something new that’s been brought in as part of the CCPA. From now on, businesses have to tell consumers they’re collecting their personal data.
They need to do this by issuing candidates with a Notice at Collection which, as the name suggests, is at the time the information’s being gathered or just before this point. These notices should:
- List the categories of personal information that’s being collected
- Explain what the details are being used for
- Right to know
- Right to delete
- Right to opt out of sale
- Right to non-discrimination
What happens if candidates aren’t happy with the information you hold about them?
Most of the time, they can ask you to delete it. The only time this can’t happen is if/when:
- You can’t verify their request
- The details relate to certain medical information, consumer credit reporting information or other types of information that’s not covered by the CCPA
- The information is required:
- To complete a transaction, provide a reasonably anticipated product or service or for certain warranty and product recall purposes
- For certain business security practices
- For some internal uses that are compatible with reasonable expectations or the context in which the information was provided
- To comply with legal obligations, exercise legal claims or rights or defend legal claims
What are the benefits of the CCPA for recruiters?
- Being CCPA-compliant shows increasingly privacy-conscious candidates that recruiters are being careful about the details they have about them and are using and storing these details responsibly.
Following the CCPA regulations is a clear indicator that you take data protection and privacy seriously. In turn, this helps build trust among candidates and encourages more people to apply for your vacancies.
Does AB25 mean recruiters are exempt from the CCPA?
It does. For now. Under the Assembly Bill 25 (AB25), any employee and job applicant data that’s being collected by employers, purely for recruitment purposes, doesn’t fall under the remit of the CCPA.
However, this grace period is only in place until January 1, 2021. After this point, full CCPA regulations will apply.
We hope you’ve found this article interesting and that you now feel fully up to speed with the CCPA. Please note – we do not provide legal advice and the contents of this article should not be taken as such. All readers are encouraged to seek their own independent legal advice.
We do, however, help our clients make sure they’re CCPA-compliant. If you have any questions about how our simple, intelligent software and unlimited support can help you achieve compliance with data privacy requirements, get in touch.
For details on how we can help you make sure you tick all of the CCPA boxes read, ‘5 Ways Pinpoint Helps With CCPA Compliance for Recruitment.’