Companies subject to California’s Consumer Privacy Act (CCPA) may soon need to figure out how to scale their privacy compliance programs to include employee and B2B information. The current exemptions that exist for most of the law’s requirements to this type of information are set to expire January 1, 2023.
While earlier this year, the California Assembly and Senate introduced several bills that would extend the duration of the current exemptions in CCPA, the window for those bills to pass is quickly narrowing. Two of the bills included AB2871, which proposes to extend the exemptions indefinitely and AB2891, which would extend the exemptions until 2026. According to California’s legislative calendar, May 27 was the deadline for bills to be passed out of the house of origin and August 31 is the last day for each house to pass bills. The last day for the governor to sign or veto bills passed by the legislature is September 30. According to the bills’ history on the legislative website, neither seems to have passed out of committee or the Assembly (or had any other movement since March).
Putting it into practice. With the clock ticking and no movement on either bill, companies should begin thinking about what it would mean to expand current CCPA compliance efforts to employee and B2B information. In particular, companies will want to consider how rights requests would be handled and what potential exceptions to requests could apply.