Last week, the California legislature passed Assembly Bill 1281 (AB-1281) which, if accepted and approved by Governor Gavin Newsom, would extend California Consumer Privacy Act (“CCPA”) exemptions for “employee” information and business-to-business (B2B) transactions from its original expiration date of Jan. 1, 2021, to Jan. 1, 2022.
Wait, There’s a CCPA Exemption for Employees?
There is, but don’t get too excited just yet (and definitely temper that excitement as the exemption will sunset shortly in the future even with AB-1281 approval). The “employee” exemption allows for personal information of consumers that have an employment relationship (think employee, contractor or job applicant) can be exempt from CCPA, with limits. Those limits are confined so that the personal information is collected and used within the context of:
1) The employment relationship;
2) Having an emergency contact on file; or
3) Administering benefits.
But (and this is a big but), businesses must still provide notice to these categories of consumers related to the information that is being collected, processed and transferred.
What is the B2B exemption?
CCPA’s business-to-business (“B2B”) exemption relates to personal information involved in B2B communications or transactions where the consumer is acting on behalf of a business, and the communications or transactions solely relate to providing or receiving a product or service to or from another business. Businesses must still provide B2B consumers the right to opt out of the sale of their information. Usage of this exemption as a defense to alleged CCPA violations is likely to draw scrutiny given the relatively strict limitation of its intended purpose.
Are There Risks Even with These Exemptions?
Yes! Even with these exemptions, all personal information collected is still subject to the CCPA’s private right of action for certain security incidents, which California consumers can exercise to sue companies and obtain compensation.
What Happens Next?
Governor Newsom has until September 30th to sign AB 1281 into law. If AB 1281 doesn’t pass, the CCPA employee and B2B exemptions will expire on January 1, 2021.
How Can Clym Help?
Clym provides a cost-effective, scalable and flexible platform to help comply with CCPA, GDPR, and other laws, with plans starting at just $10/month. Contact us today about how your startup can implement Clym to help manage your data privacy regulation compliance from a global perspective.