Privacy & Cybersecurity Law Blog

As reported in the Hunton Employment & Labor Perspectives Blog:

Assembly Bill 1651, or the Workplace Technology Accountability Act, a new bill proposed by California Assembly Member Ash Kalra, would regulate employers and their vendors regarding the use of employee data. Under the bill, data is defined as “any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular worker, regardless of how the information is collected, inferred, or obtained.”  Examples of data include personal identity information; biometric information; health, medical, lifestyle, and wellness information; any data related to workplace activities; and online information. The bill confers certain data rights on employees, including the right to access and correct their data. 

Specifically, employers that control the collection of employee data would be required to inform employees of how the employer plans to collect and use employee data at or before the point of collection. There are multiple explicit requirements; for instance, employers would have to notify employees as to (1) the specific categories of employee data to be collected, the purpose for which the specific categories of employee data are collected or used and whether and how the data is related to the employee’s essential job functions; (2) whether and how the data will be used to make or assist an employment-related decision, including any associated benchmarks; (3) whether the information is being disclosed or otherwise transferred to a vendor or other third party, the name of the vendor or third party and for what purpose; and (4) the employee’s right to access and correct their data, among other things.

The bill also obligates an employer that collects or uses employee data to provide, upon request of an employee, the specific data that the employer retains about the employee’s work, the sources of data and the purpose for collecting the employee data. Additionally, under the bill, an employee has the right to request that an employer correct any inaccurate employee data about the employee that the employer maintains. After receiving such a request to correct inaccurate employee data, the employer must initiate an investigation and correct the data if it determines the at-issue data to be inaccurate. 

The elements of the bill mentioned above are only a few of the obligations and requirements that would be realized upon its passage. If passed, the bill likely would control over the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act (“CPRA”)) with respect to employees’ privacy rights. Until at least January 1, 2023, the CCPA/CPRA exempts certain HR data from most of the law’s requirements.