California on the Verge of Enacting Bill to Exempt HR Data from Consumer Data Law

September 13, 2019

The California state Senate passed a bill that would exempt HR data from most provisions of the California Consumer Privacy Act, giving the State Assembly 24 hours to approve the measure before the end of the legislative session.

AB 25 would exempt:  "Personal information that is collected by a business about a natural person in the course of the natural person acting as a job applicant to, an employee of, owner of, director of, officer of, medical staff member of, or contractor of that business to the extent that the natural person’s personal information is collected and used by the business solely within the context of the natural person’s role or former role" as such.

However, the California Senate altered the bill in a few key ways:

  • Employers would be required to inform employees about what information they are collecting and why they are collecting it, and

  • The law’s private right of action in cases of a security breach would apply to HR data.

A one-year sunset provision was also added, potentially setting the stage for a significant effort to regulate the use of HR data (such as monitoring performance) in California.

Why it matters:  While AB 25 represents a step in the right direction, the one-year sunset provision may signal the beginning of an effort in California to regulate HR data specifically.  Meanwhile, the drum beats on at the federal level, with the Business Roundtable publishing a letter signed by 51 CEOs urging Congressional action on a national, preemptive consumer data privacy bill.