The Latest on What That California Privacy Bill Means for Job Applicants/Employees

Due to recent developments, it appears that a California Consumer Privacy Act (which I wrote about on ERE) amendment exempting employee and job applicant data will not be as robust as once envisioned. More specifically, it appears that the proposed amendment — AB 25 — has been revised to provide that the CCPA will apply to the personal information of employees and other personnel. However, there are new nuances that employers should be aware of and prepare for now.

The Latest Version of AB 25

Previously, AB 25 would have completely exempted the personal information of employees, job applicants, and others that was used in the context of human resources and talent administration (see Section 1798.145 (g)(1) for the complete list). However, the California Senate Judiciary Committee has proposed a new version. Its version is likely to pass by mid-September 2019. Moreover, its version of AB 25 would exempt for one year (i.e., until January 1, 2021) the majority of the Act’s requirements as they relate to the personal information of the employee and job applicant data.

Its AB 25 version, however, does not apply to (a) the requirement to provide a privacy policy to employees/applicants at or before the point of collection of their personal information, or (b) the private right of action breaches arising from a business’ failure to implement and maintain reasonable security measures.

Article Continues Below

After the exemption period expires (January 1, 2021), businesses would then be subject to all of the requirements in the human resources and talent administration context.

How Your Company Should Prepare 

While AB 25 may continue to be amended by the end of September 2019, it is highly unlikely that the law will never apply to employees/job applicants’ personal information. Therefore, businesses should:

  • ensure your data mapping efforts include employees/job applicants’ personal information;
  • update your applicable privacy policy and ensure it is delivered to the employee/job applicant beginning January 1, 2020; and
  • ensure your security measures apply to employee/job applicant’s personal information, including in third-party systems of service providers

Josh Torres serves as corporate regulatory & privacy counsel at iCIMS, Inc. Torres brings more than 10 years of corporate law experience to iCIMS, including a highly regarded specialization in privacy law. Torres is one of a select few members to be named a Privacy Law Specialist by the International Association of Privacy Professionals , an exclusive designation that recognizes a select group of leaders that successfully demonstrate a knowledge of relevant privacy laws, regulation and technology; a commitment to staying ahead of new developments in the field; and substantial time devoted to practicing law related to safeguarding personal information.

Learn more about iCIMS’ efforts to assist with your workplace privacy and security efforts at