Insights Search

On January 1, 2023, absent intervention from the California legislature, the nation’s first comprehensive data privacy law, the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), will not only regulate consumer data but will also regulate previously exempt human resources data as well.

Update: The UCPA was signed into law by Governor Spencer J. Cox without amendment on March 24, 2022.

Suppose a union asks their bargaining unit’s employer for a list of names of all employees who have been exposed to or tested positive for COVID-19: Must the employer provide the requested medical information?

The guiding principle for employers to follow when asking or talking about individual employees’ health concerns is “data minimization.” In other words, employers should collect and share employee health information only to the extent necessary to protect the workforce from COVID-19 exposure and should keep those records confidential.