<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

    California Legislature Passes Extension to CCPA’s Employment and Business-to-Business Exemption, Awaits Governor Approval

    by Michael Williams
    3 min read
    photo of California State Capitol Museum

    Last week, the California legislature passed Assembly Bill 1281 (AB-1281) which, if accepted and approved by Governor Gavin Newsom, would extend California Consumer Privacy Act (“CCPA”) exemptions for “employee” information and business-to-business (B2B) transactions from its original expiration date of Jan. 1, 2021, to Jan. 1, 2022.

     

    Wait, There’s a CCPA Exemption for Employees?

    There is, but don’t get too excited just yet (and definitely temper that excitement as the exemption will sunset shortly in the future even with AB-1281 approval). The “employee” exemption allows for personal information of consumers that have an employment relationship (think employee, contractor or job applicant) can be exempt from CCPA, with limits. Those limits are confined so that the personal information is collected and used within the context of:

    1. The employment relationship;
    2. Having an emergency contact on file; or
    3. Administering benefits.

    But (and this is a big but), businesses must still provide notice to these categories of consumers related to the information that is being collected, processed and transferred.

     

    What is the B2B exemption?

    CCPA’s business-to-business (“B2B”) exemption relates to personal information involved in B2B communications or transactions where the consumer is acting on behalf of a business, and the communications or transactions solely relate to providing or receiving a product or service to or from another business. Businesses must still provide B2B consumers the right to opt out of the sale of their information. Usage of this exemption as a defense to alleged CCPA violations is likely to draw scrutiny given the relatively strict limitation of its intended purpose.

     

    Are There Risks Even with These Exemptions?

    Yes! Even with these exemptions, all personal information collected is still subject to the CCPA’s private right of action for certain security incidents, which California consumers can exercise to sue companies and obtain compensation.

     

    What Happens Next?

    Governor Newsom has until September 30th to sign AB 1281 into law. If AB 1281 doesn’t pass, the CCPA employee and B2B exemptions will expire on January 1, 2021.

     

    How can Clym help with CCPA compliance?

    Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:

    • All-in-one platform: One interface combining Privacy and Accessibility compliance with global regulations, at an affordable price;
    • Seamless integration into your website;
    • Adaptability to your users’ location and applicable regulation;
    • Customizable branding;
    • ReadyCompliance™: Covering 30+ data privacy regulations;
    • Six preconfigured accessibility profiles, as well as 25+ display adjustments that allow visitors to customise their individual experience.

    You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.