The California Consumer Privacy Act (CCPA) went into effect this year, and it has broad, sweeping implications for both employee and consumer data privacy. Within the state of California, businesses are scrambling to conform to the demands of the new legislation. With so much focus placed on companies to beef up their online security to ensure there no data leaks occur, this act may be a precursor to others around the country.
Human resources departments need to stay ahead of the curve to allow for timely adaptation of their employee data storage systems in particular. Seven contributors to Forbes Human Resources Council explore how HR departments can remain ahead of potential changes to data privacy acts in their own states.
1. Get Your Leadership Buy-In
HR by themselves cannot implement the California Consumer Privacy Act without strong support and accountability from the leadership. CCPA implementation will result in changes to the IT ecosystem and policy and procedures. It will require investments in technology, training and compliance tracking. Get a seasoned CISO-type person on your staff and implement strong training programs for all your leaders and managers. - Srikant Chellappa, Engagedly | Mentoring Complete
2. Make Data Compliance A Priority
Common sense and good judgment should prevail -- and naturally, laws are put in place to ensure this happens. Of course, people should control their data, and know-how their data is being used, and we should not sell their data, or the data of children. This is not rocket science. If companies aren’t already ensuring compliance with the CCPA, they need to make this a priority. - Tracy Cote, Zenefits
3. Focus On Education And Preparation
Additional rights for employees go into effect on January 1, 2021, including the right to request their data be deleted and protection from retaliation for exercising these rights. Making sure that companies have a clear understanding of what data is collected, how it is used and who it is shared with will put them in a much better position to react quickly if additional states jump on board. - Rebecca Baumgartner, Ogletree Deakins
4. Audit How The Organization Collects Data
As CCPA-like compliance rules grow, HR departments can begin by first understanding what the requirements are, followed by gap analysis within the company's current state for next steps. Auditing how the organization collects, processes and stores personal employee information is key to designing a path toward compliance. Limiting collection helps reduce risk, but transparency is fundamental to success. - Dr. Timothy J. Giardino, BMC Software
5. Focus On 'Need To Know'
Protecting confidential employee data has always been top of mind for HR professionals, but the California Consumer Privacy Act took it up a level. HR departments should restrict the access to and use of employee data to only a few people in the department. Most HRIS platforms allow you to set up levels of permissions, and these should be used. - Sherrie Suski, Tricon American Homes
6. Hire An Employment Attorney
As of January 1, 2020, employers must provide a CCPA-compliant notice to all California employees disclosing how they collected and used employee information in 2019. In light of recent data and privacy breaches, HR departments should contact an employment attorney if they haven’t already done so to familiarize themselves with the process, as more states pass similar laws. - John Feldmann, Insperity
7. Identify Areas Of Opportunity
Practicing HR in CA, then relocating across the country, this is an adage proven in many areas (living wage, pregnancy, gender and identity topics). HR has been tasked with managing protected personal and health information for employees, so this is a natural focus. Lead the conversations now within your organization to identify areas of opportunity related to privacy to prepare for a shift. - Rebecca Edwards, Infinite HR of Charlotte
