Open Season for the CCPA, Corporate Compliance Insights

Kaufman Dolowich Voluck’s Katherine S. Catlos, partner in KD San Francisco and KD Chief Diversity & Inclusion Officer, CIPP/US, CIPM and Katherine Alphonso, attorney at KD San Francisco, analyze the privacy roles of various organizations and their obligations under the California Consumer Privacy Act (CCPA) and GDPR.
Corporate Compliance Insights  l  January 31, 2020

A Case Study in Employee Health Care Benefits Enrollment

Allow us to paint a picture: Your Company (“YC”), as part of its employment package, offers health care benefits to all full-time employees. For the most part, the employees engage the health insurance company directly, providing the necessary personal data needed to obtain its services. The only part of this process that YC even involves itself in is footing the bill.

To be invoiced, however, YC transfers its employees’ contact information and date of birth, which were all collected at hire, to the health insurance company for employee verification. It’s not uncommon to see a situation such as this. Employers are more and more willing to provide fringe benefits on top of a competitive salary as an incentive for their employees to stay (or take the job). Understandably, many companies are now unsure of their responsibilities regarding data privacy protection given the current landscape.

Obligations Under the CCPA

Under the CCPA, which became effective on January 1, 2020, YC must first determine if its business is governed by the law. The CCPA applies to entities that collect personal information, do business in California and satisfy one or more of the following thresholds:

Read more at the full article.