While the CPRA deferred a majority of the CCPA’s employee-related substantive requirements until Jan. 1, 2023, employers are still required to provide employees with a notice at collection.[1] As a result, since Jan. 1, 2020, a notice at collection, which must be provided “at or before the point at which” the collection of information occurs,[2] was required to include the following information:
- A list of the categories of personal information that will be collected;
- The business or commercial purpose for which the information is being collected;
- Information on how to opt out of the sale of personal information (if information is being sold); and
- Information on how to find the company’s complete privacy notice.[3]
After Jan. 1, 2023, the CPRA will expand the information required to be included in a notice of collection to include the following:
- Whether that information is “sold or shared”;[4] and
- The “length of time” that the business intends to retain each category of personal information.[5]
[1] Cal. Civ. Code 1798.145(m)(3).
[2] CCPA Reg. Section 999.301(l). See also CCPA 1798.100(b) (Oct. 2020).
[3] CCPA Reg. 999.305(b)(1)-(4).
[4] Cal. Civ. Code 1798.100(a)(1).
[5] Cal. Civ. Code 1798.100(a)(3).