Skip to content

While the CPRA deferred a majority of the CCPA’s employee-related substantive requirements until Jan. 1, 2023, employers are still required to provide employees with a notice at collection.[1] As a result, since Jan. 1, 2020, a notice at collection, which must be provided “at or before the point at which” the collection of information occurs,[2] was required to include the following information:

  • A list of the categories of personal information that will be collected;
  • The business or commercial purpose for which the information is being collected;
  • Information on how to opt out of the sale of personal information (if information is being sold); and
  • Information on how to find the company’s complete privacy notice.[3]

After Jan. 1, 2023, the CPRA will expand the information required to be included in a notice of collection to include the following:

  • Whether that information is “sold or shared”;[4] and
  • The “length of time” that the business intends to retain each category of personal information.[5]

[1] Cal. Civ. Code 1798.145(m)(3).

[2] CCPA Reg. Section 999.301(l). See also CCPA 1798.100(b) (Oct. 2020).

[3] CCPA Reg. 999.305(b)(1)-(4).

[4] Cal. Civ. Code 1798.100(a)(1).

[5] Cal. Civ. Code 1798.100(a)(3).