Skip to main content

CCPA Amendment May Answer Employee Question

We’ve now presented two webinars (links will be posted ICYMI) on the scope of the California Consumer Privacy Act, and have been talking with scores of clients about preparation and planning. One of the most frequently asked questions is whether the CCPA really applies to employee personal data processed by employers for business purposes. The GDPR does apply to that information, but the focus of the CCPA did not seem to lend itself to application in all of its permutations to employee personal data.

We all know that the CCPA is in desperate need of amendment and clarification, and that it is the subject of much lobbying and discussion in Sacramento. AB 25 is one of the amendments to watch, and may help to put the employee question to rest. The revised definition of “consumer” as proposed in AB 25 would read:

(g) (1) “Consumer” means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier.

(2) “Consumer” does not include a natural person whose personal information has been collected by a business in the course of a person acting as a job applicant or as an employee, contractor, or agent, on behalf of the business, to the extent their personal information is used for purposes compatible with the context of the person’s activities for the business as a job applicant, employee, contractor, or agent of the business.

Watch this space for further tracking of AB 25 and other CCPA amendments. If the amendment fails to proceed, we are planning to present a webinar on May 8 specifically on the application of the CCPA to employee data and employer obligations under the CCPA.  

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.