As the COVID-19 pandemic continues to affect our economy, business owners are trying their best to ensure that employees returning to the workplace are safe to resume their duties, particularly when those duties involve interactions with other people. For this reason, many businesses are implementing safety procedures that often include temperature checks for employees resuming their work.
One issue that may not be top of mind for an employer with regard to temperature checks is the California Consumer Privacy Act (CCPA). How does a law that was supposed to be targeted at big tech companies who collected a consumer’s data online apply to a pandemic where an employer takes an employee’s temperature before they enter the workplace?
The answer lies in the CCPA’s existing employee exemption, which is set to expire at the end of this year.
The Employee Exemption
There are three provisions in CCPA dealing with exemptions for employee information.
• CCPA Section 1798.145(h)(A) basically states that CCPA does not apply to personal information collected by a business about an employee, job applicant, owner, director, officer, medical staff member, or contractor to the extent that the information is collected and used by the business solely within the context of the person’s role or former role as a job applicant, employee, owner, director, officer, medical staff member, or a contractor of that business.
• CCPA Section 1798.145(h)(B) generally states that CCPA does not apply to personal information that is collected by an employer that is emergency contact information of an individual, to the extent that the personal information is collected and used solely within the context of having an emergency contact on file.
• CCPA Section 1798.145(h)(C) generally states that CCPA does not apply to personal information that is necessary for the employer to retain to administer benefits a job applicant, an employee, owner, director, officer, medical staff member, or contractor of that business to the extent that the personal information is collected and used solely within the context of administering those benefits.
The Reasons Matter
Thus, whether CCPA applies to a temperature read for an employee depends on the reason for collecting the data.
If the temperature read is done for purposes of maintaining a safe workplace and used solely for that purpose, then the CCPA likely does not apply.
If the temperature is not being used solely for purposes of employment, such as sharing the information with a face mask company who can then target the employee with ads for purchasing face masks, then the CCPA will likely apply.
Because no case law or clarifications exist, the rule requires a business to analyze the specific exemptions set out in the rule to determine two things: 1) the source of the information, and 2) whether the information is collected and used in a way that is outside of the context of the employment relationship.
As noted above, the employee exemption to the CCPA referenced above will “sunset” on January 1, 2021 unless the Legislature extends the deadline.
Given it is unlikely this virus is going away and that business as normal will have to change, employee temperature checks may continue to be a desired protocol for businesses to adopt for the long term.
In order to ensure employees are protected as well as the general public, the Legislature will need to act before the employee exemption “sunsets” in the CCPA to make sure it is a practice that employers can legally maintain.
This article originally appeared as a Capitol Insider blog post.
