©2024 Seyfarth Shaw LLP www.seyfarth.com 2024 Cal-Peculiarities | 73 4.15 Subcutaneous Identification Devices Subverting the aspirations of intrusive employers (as well as certain concerned parents of wayward teenagers), the California Freedom from Subcutaneous Identification Device Act (our unofficial title only) forbids any person from requiring any individual to undergo the subcutaneous implanting of an identification device.122 An identification device is anything that can transmit personal information, such as a person’s name, address, telephone number, email address, date of birth, driver’s license number, religion, ethnicity or nationality, photographic, social security number, bank or credit card account number, etc.123 4.16 Email Usage California employers can minimize employee expectations of privacy by issuing clear written policies. Some employees might expect to have privacy in their electronic communications, even when enabled by the employer’s technology,124 but the Court of Appeal has held that an employee’s communications to her attorney on her work computer, via work email, were not confidential and thus were not protected by the attorney-client privilege, even though the employee had used her company-issued private password and had deleted the email messages.125 The employee had no reasonable expectation of privacy, because her employer had a written policy, which she had signed, stating that company technology resources should be used only for company business, that employees must not use company resources to send or receive personal emails, and that the company would monitor its computers for compliance with the policy. 4.17 California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) The CCPA is highly detailed legislation intended to further California’s constitutional right to privacy by giving “consumers”126 concrete ways to control how their personal information is used by covered businesses.127 The CCPA regulations provide guidance on implementation.128 Employers’ obligations under this legislation must be considered holistically with other obligations (e.g., the duty to protect personal information outlined in § 4.8.2). Effective on January 1, 2023, the California Privacy Rights Act (CPRA) amended the CCPA to eliminate the CCPA’s exemption for employee personal information. Under the CPRA amendments, businesses both within and outside California that are covered129 by the legislation are now required to treat job applicants, employees, directors, officers, independent contractors, and other members of the workforce as "consumers" as defined in the CCPA.130 This legislation requires employers to (1) provide comprehensive information to employees and others about personal information handling practices; (2) facilitate the exercise of rights by such individuals to request certain specifics about the employer’s practices; (3) delete personal information; and (4) limit the use of certain types of information and for certain purposes (all of which will implicate the employer’s legitimate uses of such information for purposes outlined elsewhere in this book). Under the amended law, California consumers, including applicants, employees, and independent contractors, have the right to (1) be provided notice prior to their data being collected; (2) ask a business to disclose what personal information it has collected; (3) know what personal information is being sold or disclosed and to whom131; (4) request and receive a copy of all of the above information in a readily useable format; (5) correct inaccurate personal information132; (6) request that the company delete their personal information (the right to be forgotten)133; (7) opt out of the sale of their personal information; (8) restrict the use of their “sensitive personal information” (if the purpose of the collection is to infer characteristics from the data);134 and (9) be free from retaliation for exercising any CCPA rights. These rights are addressed in more detail below.
RkJQdWJsaXNoZXIy OTkwMTQ4