The California Consumer Privacy Act — gives California residents rights over their personal information, including HR data.
CCPA (California Consumer Privacy Act of 2018), as amended by the CPRA (California Privacy Rights Act of 2020), is the most comprehensive US state privacy law. It applies to for-profit businesses that meet at least one of: $25M+ annual revenue, buy/sell/share personal information of 100,000+ California consumers/households, or derive 50%+ of revenue from selling personal information.
California residents have the right to know what personal information a business collects, the right to delete it (with exceptions), the right to correct it, the right to opt out of sale or sharing, the right to limit use of sensitive personal information, and the right to non-discrimination for exercising these rights. Since January 1, 2023, employees and applicants have the same rights with respect to their HR data — the long-standing 'employment exception' has expired.
Employers must provide a privacy notice at hire, offer mechanisms to submit rights requests (toll-free number, email, or web form), respond within 45 days (extendable by 45), and maintain a 'do not sell or share my personal information' link in plain view. Failure to comply triggers fines up to $7,500 per intentional violation enforced by the California Privacy Protection Agency, plus a private right of action for data-breach claims.
Our HRIS issues a CCPA-compliant privacy notice at hire and lets California employees export, correct, or delete their HR data on request.
Peoplifi unifies HR, payroll, time tracking, and performance into one modern platform — so concepts like CCPA stay handled, not stuck in spreadsheets.
Start free 14-day trial