Data Protection Laws 101: The Recruiter’s Role in California’s New Privacy Law

Guest Post by Scale Venture Partners

What is CCPA? And what does it have to do with recruiting?

The California Consumer Privacy Act (CCPA) is a data privacy law enacted by the California legislature that went into effect on January 1 of this year. The law has wide-ranging implications for both B2C and B2B companies, but most pertinent for recruiters and people operations are what the law has to say about the employee and job applicant personal information.

Scale recently published The Startup Guide to CCPA, an overview of CCPA specifically for B2B companies and senior managers of the many departments that fall under CCPA scope, everyone from Sales and Marketing to IT and Talent/HR. Lever was kind enough to invite us to share some of the information we gathered about CCPA’s impact on people operations. 

CCPA Data Mapping for Hiring and HR Operations

Right off the bat you should know that CCPA has specific requirements for how companies manage the personal information of current and past employees as well as job applicants and new recruits. 

As we describe in the guide, one of the key actions that companies need to take is a process known as data mapping. A data map is a high-level schematic documenting all of the ways that personal data is collected, processed, stored, used, and shared. 

HR teams may need to perform their own department-level data mapping exercises to identify where they’re receiving information on employees and job applicants, where it’s housed, and how it’s used. Many HR departments store data in multiple platforms across benefits, training, and management services.

David Hollady, Corporate Counsel at Lever, shared in the guide this observation about how Lever’s HR team approached CCPA: “Start where you have the biggest risk or where you need a whole new system. We had already mapped our data on the product side and have a policy in place for sales prospects, but needed a net-new system for our HR department and the data it collects on employees and candidates, so we started there.” 

Training Employees on CCPA Compliance 

CCPA can potentially impact employees and business processes across the entire organization. The conventional wisdom that companies today need to be “data-driven” means that just about any team, group, or department is collecting data about customers and prospects. 

People teams have a key role in ensuring that CCPA compliance isn’t a one-time project but an ongoing coordinated effort. Teams in these data-collecting departments (Finance, IT, Sales, Marketing, Procurement, etc.) will likely need some form of CCPA training. This is doubly true for staff who work with consumer data.

Take for example staff involved in recruiting. Answering questions like these will help them think systematically about how they’re using the personal information that’s now protected under CCPA. And identify the many areas where they likely need the support of IT and legal. 

  • What information are you storing about current, past, and prospective employees?
  • Where does that information come from?
  • Are you storing data on multiple platforms (learning management, HR, or benefits) that could be consolidated?

In the short term, the answers to these questions help ensure a department’s data map is robust. Over the long term, awareness of CCPA’s requirements plays into decisions about operational process improvements. 

CCPA Is Just the Beginning

CCPA compliance might feel like a challenge when you’re getting up to speed on it. The silver lining is that it prepares a company for the future: with multiple new privacy laws pending in New York, Hawaii, North Dakota, and other states, the clear trend in the coming years is more and more state-specific consumer privacy legislation. Building your company’s data privacy muscles now will pay off down the line.

You can download The Startup Guide to CCPA here.