Conkle Firm Attorneys Attend Cosmoprof Bologna to Assist Clients

Posted by:

Conkle, Kremer & Engel attorneys John Conkle and Kelly Peterson have returned to Cosmoprof Worldwide Bologna to continue the firm’s longstanding practice assisting the growth and protection of personal care products businesses in U.S. and international markets.  Last year, Cosmoprof Bologna had nearly 3,000 exhibitors and 250,000 visitors in exhibition space totaling more than 160,000 square meters.  For over 50 years, Cosmoprof has been the benchmark event for companies and professionals in all sectors of the cosmetics industry, from supply chain to branding, marketing, distribution and sale of finished products.

Cosmoprof’s B2B format is well suited to connect businesses all over the world, and CK&E attorneys are experienced with what businesses in this sector need to succeed. CK&E lawyers have more than 40 years of experience with the legal issues affecting all stages of growth of personal care products businesses, from startup through acquisition. Issues such as domestic and international brand protection, regulatory compliance, contractual relations with distributors and vendors, customer relations, employment matters, partnership issues, sales representative issues, and insurance can be vexing to a growing business without the guidance of lawyers who have “been there and seen that” for decades.

On the first day of Cosmoprof Bologna, John and Kelly have already begun engaging with clients and prospective clients to help them navigate toward international growth. If you are a vendor there and have not talked with them yet, you can use the email addresses on their attorney pages to reach out to them for a consultation.

Print Friendly, PDF & Email
0

Are You Ready for the New California Employment Privacy Regulations?

Posted by:

 

You may recall that the California Privacy Rights Act (CPRA) amendments (Cal. Civ. Code § 1798.100 et seq.) went into effect January 1, 2023, but enforcement was delayed until March 29, 2024. Employers with the requisite contacts with California consumers (which is defined in an extremely broad manner) will be required to provide employees with extensive privacy notices, respond to requests to exercise new data rights, limit uses and disclosures of HR data, and obtain contractual commitments from third-party recipients of personal information.

The CPRA amendments apply to any business with worldwide gross annual revenue of $25 million or more that collects personal information from any California consumer, which includes a service provider, an employee, a job applicant or an investor, for example.  All entities that share common branding will be subject to the CPRA requirements if even one of those entities meet the requisite standards.

Generally, when the employer is subject to CPRA, its employees (and service providers, job applicants, investors, etc.) have six data rights:
1. The Right to Delete
2. The Right to Correct
3. The Right to Know
4. The Right to Restrict the Use of Sensitive Personal Information
5. The Right to Opt-Out of the Sale or Sharing of their Personal Information
6. The Right to Not Be Retaliated for Exercising these Rights

Each of these general rights are subject to detailed requirements and exceptions that must be carefully considered and addressed by employers, who must give appropriate notification to employees.  Employers’ data subject to the CPRA includes only information collected on or after January 1, 2022.  Given the suspended enforcement, it is presently uncertain whether employers will be expected to be in compliance through a “look back” period that could apply as early as the enactment date of January 1, 2023, or whether employers will be given a pass on compliance until the enforcement stay expires on March 29, 2024. In any event, employers who may be subject to the amended CPRA would be well advised to start their compliance efforts as soon as possible, and should contact qualified counsel to guide their efforts.

Print Friendly, PDF & Email
0

If Your Cosmetics Use Fragrance or Flavor, this New California Legislation May Affect You

Posted by:

California cemented its status as the nation’s leader of cosmetics legislation when it passed the Cosmetic, Fragrance and Flavor Ingredient Right to Know Act of 2020 (“CFFIRKA”). Effective January 1, 2022, California’s newest cosmetic reporting law requires cosmetic companies to publicly disclose all fragrance and flavor ingredients in their products that are found on one of 22 “designated lists”. CFFIRKA supplements the state’s Safe Cosmetics Act (SCA), which for more than a decade has required companies to report to the California Department of Public Health (CDPH) Safe Cosmetics Program whether any of their cosmetic products contain chemicals known or suspected to cause cancer or reproductive toxicity. Now, the reporting requirements extend to fragrances and flavor ingredients that may pose health hazards.

Many cosmetic products contain fragrances or ingredients that give products flavor. In enacting CFFIRKA – a first-of-its-kind consumer “right-to-know law”, the state was concerned that some fragrance and flavor ingredients may have negative health effects, especially to those who are frequently exposed, such as salon workers. Thus, the new law is intended to provide the public with knowledge about the use of such fragrances and flavor ingredients in both retail and professional-use cosmetics, so consumers and workers can determine whether and how to mitigate their exposure.

Each entity whose name appears on the label of a cosmetic product must comply with CFFIRKA, which means companies such as distributors and importers may also have reporting obligations. CFFIRKA requires disclosure if a cosmetic product sold in California contains fragrance and/or flavor ingredients included on one or more of the 22 designated lists identified in California Health and Safety Code Section 111792.6. Among others, the lists include those chemicals on California’s Proposition 65 list as well as chemicals classified by other federal and state agencies and international bodies. The ingredients on the 22 designated lists are subject to change as each list is revised, requiring companies to pay special attention to such changes. All cosmetic products with reportable ingredients sold in California after January 1, 2022, regardless of date of manufacture, must be reported under this mandate. However, there is no requirement under CFFIRKA to make changes to product labels.

Additionally, cosmetic companies must disclose specific “fragrance allergens” if the allergens are present at or above 0.01 percent (100 parts per million) in rinse-off cosmetic products, or at or above 0.001 percent (10 parts per million) in leave-on cosmetics products. The subset of CFFIRKA reportable ingredients called “fragrance allergens” have distinct reporting requirements, and must be reported regardless of their intended purpose in the product (i.e. they must be reported even if they are not used to impart scent or counteract odor). In addition to disclosing the reportable fragrance, flavor, or allergen ingredients, businesses must also disclose each ingredient’s Chemical Abstracts Services (CAS) number, the Universal Product Code (UPC) of the cosmetic product that includes the ingredient, and whether the cosmetic product is intended for professional or retail cosmetic use.

Information reported by companies under CFFIRKA (as well as under the SCA) is made publicly available through the CDPH’s Safe Cosmetics Database, which is available at https://cscpsearch.cdph.ca.gov/search/publicsearch. To date, more than 90,000 cosmetic products have been reported to the CDPH.

Conkle Kremer & Engel attorneys stay current on regulatory and legal developments that affect the cosmetics business.

Print Friendly, PDF & Email
0

CCPA Metrics Disclosure Requirement Takes Effect July 1, 2021

Posted by:

Effective July 1, 2021, annual public disclosure requirements will start to apply to every business that is required to comply with the California Consumer Privacy Act (“CCPA”), and which knows or should know that (alone or in combination) it  buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes the personal information of 10 million or more California residents in a calendar year. This requires these businesses to compile the following metrics for the previous calendar year (January 1, 2020 through December 31, 2020):

  1. The number of requests to know that the business received, complied with in whole or in part, and denied;
  2. The number of requests to delete that the business received, complied with in whole or in part, and denied;
  3. The number of requests to opt-out that the business received, complied with in whole or in part, and denied; and
  4. The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.

This information must be disclosed in the business’s privacy policy or posted on its website and accessible from a link included in the privacy policy.  The metrics must be updated annually by July 1. In the disclosure, a business may choose to disclose the number of requests that were denied in whole or in part because the request was not verifiable, was not made by a consumer, called for information exempt from disclosure, or was denied on other grounds.

To review, the CCPA, which became effective on January 1, 2020, grants California consumers the right to control the personal information that businesses collect about them. Through the CCPA, California residents have the right to know what personal information is being collected, whether their personal information was sold or disclosed (and to whom), and may request that businesses delete their personal information.  Currently, only for-profit businesses that collect consumers’ personal information and meet one or more of these criteria must comply: (1) the business has an annual gross revenue in excess of $25 million; (2) the business collects, buys, receives, sells, or shares the personal information of 50,000 or more California-resident consumers, household, or devices; or (3) the business derives 50% or more of its annual revenue from selling consumers’ personal information. For more information about the rights afforded to California residents, and businesses’ obligations under the CCPA, see below for some of our previous CCPA blog posts.

Among other requirements, all businesses that are required to comply with the CCPA must maintain records of CCPA consumer requests and how the business responded to the requests for at least 24 months. These businesses are required to implement and maintain reasonable security procedures and practices in maintaining these records. Such records may be maintained in a ticket or log format, provided that the ticket or log includes the date of request, nature of request, manner in which the request was made, the date of the business’s response, the nature of the response, and the basis for the denial of the request if the request is denied in whole or in part.

In addition, the businesses must establish, document, and comply with a training policy to ensure that all individuals responsible for handling consumer requests made under the CCPA or the business’s compliance with the CCPA are informed of all the requirements in these regulations and the CCPA.

Attorneys at Conkle, Kremer & Engel are staying current with the CCPA and to guide their clients through compliance with this sweeping data privacy law.

Print Friendly, PDF & Email
0

Annual PCPC Virtual Summit Features Conkle Firm Attorneys

Posted by:

Attorneys John Conkle, Zachary Page and Kim Sim helped lead off the first day of the Personal Care Product Council (PCPC)’s Virtual Summit on May 11, 2021 with a dynamic and timely presentation on the changing federal and state regulatory landscape for cosmetic and personal care products.  Consistent with the theme of the Virtual Summit – “Embracing the Future of Beauty” – they covered litigation trends in California and across the country in connection with product advertising and marketing claims, from the use of natural and clean/green claims such as “botanical” and “plant-based” to the use of “oil-free” and claims related to the “nourishment” and “revival” of hair.  They also spoke about other areas of the law uniquely affecting businesses as they navigated doing business during a global pandemic and preparing for a post-pandemic future, from privacy concerns to website accessibility, and issues related to product subscriptions and cause marketing.  These are areas that have taken on vital importance as businesses transition to e-commerce and consumers  increasingly focus their shopping online.

Conkle, Kremer & Engel’s presentation was featured in HBW Insight Informa Pharma Intelligence on May 13, 2021.  CK&E has been a frequent participant in other PCPC industry summits, but this year the three-day Virtual Summit was a seamless combination of the PCPC’s Annual Meeting and Legal & Regulatory Conference and marked the first time both events were combined into one and held entirely online.

Print Friendly, PDF & Email
0

ADA Lawsuits Attacking Website Accessibility Mount

Posted by:

Over the past few months, we have seen an increase in pre-litigation letters and lawsuits charging Americans with Disabilities Act (“ADA”) violations against commercial websites. These notice and demand letters and lawsuits allege that businesses’ websites violate the federal ADA and similar state laws because they do not give full and equal access to individuals who have disabilities (including blindness, visual impairment and hearing impairment). ADA lawsuits have been filed in federal and state courts throughout the country. No state is immune from such suits, and no business is too small to receive such ADA demands and claims.

One of the factors undoubtedly is the rise of law firms, and consortiums of firms, that specialize in filing such suits. The law firms often work with repeat-plaintiffs with disabilities, much like law firms that specialize in Proposition 65 private enforcement claims in California who work with repeat plaintiffs who purchase products that are then made the subject of notices of violations and lawsuits. The subjects of ADA and Prop 65 laws differ greatly, but the common element is that liability can be fairly easy to establish under both ADA and Prop 65, and both statutes allow awards of attorneys’ fees to the law firms that can far exceed the damages awarded. Some of the law firms that commonly send ADA letters making demands and file lawsuits about website accessibility problems include Pacific Trial Attorneys (Newport Beach, CA), Nye, Stirling, Hale & Miller (Santa Barbara, CA), The Sweet Law Firm (Pittsburgh, PA), Block & Leviton, LLP (Boston, MA), and Carlson Lynch (Chicago, IL).

While there is no universally mandated standard, many large businesses and state and federal agencies follow WCAG 2.1, Level AA standards, which were created by the Web Accessibility Initiative, an internationally recognized organization. Generally, WCAG 2.1 Level AA compliance requires that websites have text components for all images and videos such that assisted technology software may read this content to users. Among other requirements, the standards also require that websites have proper contrast between background images and overlapping font so that visually impaired individuals can use assisting software to be able to read and navigate the website.

To minimize the risk of receiving an ADA violation letter or being sued, we recommend you take at least the following steps:

  1. Request that your digital team ensure and confirm that your website conforms with WCAG standards and, if so, what version/level as there were several earlier WCAG standards prior to the current WCAG version 2.1. To reduce the chances of such claims being made against your company, request your digital team to make your website WCAG 2.1 Level AA compliant and keep it that way until a more updated standard comes into general use.
  2. Add a footer entitled “Accessibility” or “Accessibility Statement” to your website. The footer should preferably appear on the homepage and each webpage, preferably near your “Privacy Policy” and “Terms of Service” footers.
  3. Add a webpage that is linked to the Accessibility Statement footer (e.g. https://www.conklelaw.com/accessibility-statement). This webpage should include an Accessibility Statement discussing your commitment to ensuring accessibility to all and providing contact information to report accessibility barriers and assistance with purchasing products or navigating the website. If you want help formulating your Accessibility Statement, seek qualified counsel to assist you.
  4. Instruct your digital team to periodically review the website as it is updated to ensure there are no access barriers, that all newly uploaded content (including temporary pop-up offers, sale announcements, discount codes, rebates, etc.) complies with WCAG standards, and that all customer service representatives are trained to handle website accessibility inquiries. This training should include advising a responsible person in your digital team of any reported accessibility barriers, and being specifically trained to help disabled customers place orders.

Even if you have not taken these steps before receiving a demand letter or lawsuit from one of the ADA plaintiffs’ lawyers, it’s possible to reduce liability by taking prompt steps. If you received such a website accessibility notice of violation or legal complaint, contact qualified counsel promptly to assist in minimizing the impact and avoid similar future claims. All of the ADA violation matters that Conkle, Kremer & Engel attorneys have defended have been resolved fairly quickly with modest settlements. Others accused of website ADA violations have not been so fortunate, with some reporting having paid tens of thousands of dollars. CK&E attorneys are well qualified to help with all types of ADA and accessibility compliance concerns, whether for websites or physical facilities.

Print Friendly, PDF & Email
0

2019 Was Another Lucrative Year For Prop 65 Bountyhunters

Posted by:

As recently featured in the Los Angeles Times, Proposition 65 continues to be big business for a handful of plaintiffs’ lawyers and their select group of clients, but it’s highly questionable how much benefit California residents and consumers receive.

According to settlement data released by the California Office of the Attorney General, in 2019, 909 businesses paid close to $30 million to settle Proposition 65 claims asserted against them. The average settlement payment was nearly $33,000. Of this staggering sum, almost $24 million, or 80%, went directly into the pockets of plaintiffs’ lawyers. In sharp contrast, the California Office of Environmental Health Hazard Assessment (OEHHA), which implements Proposition 65, received only about 11% of the settlement payments, or $3.3 million. The plaintiffs – so-called “private enforcers” – took a share of more than $2.7 million.

Proposition 65, otherwise known as California’s Safe Drinking Water and Toxic Enforcement Act of 1986, is a “right to know” law. Prop 65 requires businesses to provide “clear and reasonable” warnings for exposures to any one of the more than 900 chemicals on the Proposition 65 list that are known to cause cancer, reproductive harm or birth defects, before they can be sold in California. The obligation to warn can fall on all parties in the supply chain – manufacturers, producers, packagers, importers, suppliers, distributors and retailers. Businesses that fail to provide such warnings risk receiving a written “Notice of Violation”, a precursor to a Proposition 65 enforcement lawsuit.

Violations of Proposition 65 can cost businesses tens of thousands of dollars in civil penalties, the noticing party’s attorneys’ fees, and defense costs. The deck is stacked against the business alleged to be in violation: In general, all the noticing party has to show is an exposure to a listed chemical. The burden of proof then shifts to the business to show that no actionable exposure has occurred, which is a difficult burden to meet under the law and can require costly expert witnesses. Accordingly, most Proposition 65 cases settle either out-of-court in a private settlement agreement, or in court through a court-approved consent judgment.

One chemical, di(2-ethylhexyl phthalate) or DEHP, accounted for more than half of the 2019 settlements. DEHP, a phthalate, is on the Proposition 65 list as a chemical known to cause cancer and reproductive harm. DEHP is commonly used in plastics to make them flexible. According to OEHHA, DEHP can be found in various types of plastic consumer products, including some shower curtains, furniture and automobile upholstery, garden hoses, floor tiles, coverings on wires and cables, rainwear shoes, lunchboxes, binders, backpacks, plastic food packaging materials, and medical devices and equipment. In 2019, businesses settled claims over DEHP exposure from such products as cosmetic cases, goggles, gloves, erasers, hangers and bedding storage cases. The phthalate diisonoyl phthalate (DINP) and lead are two other chemicals that were the frequent subjects of 2019 settlements.

Proposition 65 claims in 2019 were again dominated by a small group of plaintiffs’ lawyers whose practices consist of sending out Notices of Violation and extracting settlements from businesses.

The private enforcers that have sent Notices of Violation this year include:

• APS&EE (represented by Law Offices of Lucas T. Novak)
• Anthony Ferreiro (represented by Brodsky & Smith, LLC)
• As You Sow (represented by Danielle Fugere and Chelsea Linsley of As You Sow)
• Audrey Donaldson (represented by Voorhees & Bailey, LLP)
• Berj Parseghian (represented by KJT Law Group PLC)
• Brad Van Patten (represented by Law Offices of George Rikos)
• CA Citizen Protection Group, LLC (represented by Khansari Law Corporation and Blackstone Law)
• Center for Environmental Health (represented by Lexington Law Group)
• Clean Label Project (represented by Davitt, Lalley, Dey & McHale, PC)
• Consumer Advocacy Group, Inc. (represented by Yeroulshalmi & Yeroulshalmi)
• Consumer Protection Group, LLC (represented by Blackstone Law)
• Dennis Johnson (represented by Voorhees & Bailey, LLP)
• Ecological Alliance, LLC (represented by Custodio & Dubey LLP)
• Ecological Rights Foundation (represented by Law Offices of Brian Gaffney)
• Ema Bell (represented by Brodsky & Smith, LLC)
• Environmental Health Advocates, Inc. (represented by Nicholas & Tomasevic LLP and Glick Law Group)
• Environmental Research Center, Inc. (represented by Michael Freund & Associates, Law Office of Richard M. Franco and Aqua Terra Aeris Law Group)
• EnviroProtect, LLC (represented by Kawahito Law Group APC)
• Erika McCartney (represented by Environmental Law Foundation)
• Evelyn Wimberley (represented by Law Offices of Stephen Ure, PC)
• Gabriel Espinoza (or Gabriel Espinosa) (represented by Brodsky & Smith, LLC)
• Keep America Safe and Beautiful (represented by Custodio & Dubey LLP and Sy & Smith, PC)
• Key Sciences, LLC (represented by Kyle Wallace and Davitt, Lalley, Dey & McHale)
• Kim Embry (represented by Nicholas & Tomasevic LLP and Glick Law Group)
• Kimberly Ann Harrison (represented by Law Office of Rick Morin, PC)
• Laurence Vinocur (represented by The Chanler Group)
• Mary Elizabeth Romero (represented by Agency D&L)
• Maureen Parker (represented by Law Offices of Stephen Ure, PC)
• My Nguyen (represented by Seven Hills LLP)
• Paul Wozniak (represented by The Chanler Group)
• Precila Balabbo (represented by Brodsky & Smith, LLC)
• Public Health and Safety Advocates, LLC (represented by Law Offices of Danialpour & Associates)
• Ryan Acton (represented by O’Neil Dennis)
• Sara Hammond (represented by Joseph D. Agliozzo, Law Corporation)
• Shefa LMV, Inc. (represented by Law Office of Daniel N. Greenbaum)
• Susan Davia (represented by Sheffer Law Firm)
• Tamar Kaloustian (represented by KJT Law Group PLC)
• The Chemical Toxin Working Group, Inc. (represented by Khansari Law Corporation)
• Zachary Stein (represented by KJC Law Group APC)

Businesses should be aware of and ensure compliance with Proposition 65’s requirements if their products are sold in California. In the event a Notice of Violation is received, businesses should contact qualified legal counsel. Conkle, Kremer & Engel attorneys are highly experienced in defending businesses against Proposition 65 claims as well as counseling businesses on compliance, in order to minimize the risk of enforcement actions.

2019 Prop 65 By the Numbers:

• 1,000: Notices of Violation Served
• 909: Number of Settlements/Consent Judgments
• $29.7 Million: Paid by Businesses to Resolve Claims
• $23.7 Million: Attorneys’ Fees & Costs Collected by Noticing Parties’ Attorneys
• $2.7 Million: Payments Collected by Noticing Parties
• $3.3 Million: Payments to OEHHA
• $32,706: Average Settlement/Judgment Amount

The number of enforcement actions in 2019 was not a fluke. Similar numbers have been accumulated in prior years. Just in the first few months of 2020, a considerable number of new enforcement actions have been pursued. 2020 Prop 65 enforcement actions will be reviewed in an upcoming blog post.

Print Friendly, PDF & Email
0

New SDS Multi-Language Website Posting Required for Some Disinfectants and Cosmetics

Posted by:

To protect workers in the professional salon industry from risks of frequent exposure to what may be considered hazardous chemicals, starting July 1, 2020, California Assembly Bill No. 647 (“AB 647”) will require product manufacturers or importers of commercial products including a “hazardous substance” that constitutes a “cosmetic” or a “disinfectant” to post on their websites Safety Data Sheets (“SDS”) translated into multiple languages considered to be commonly used in the beauty industry.

AB 647 enacts California Labor Code Section 6390.2, which applies to businesses that manufacture or import a “hazardous substance or mixture of substances” that constitutes a cosmetic or is used as a disinfectant, and that are required under existing law to create a SDS for the product. The new law requires businesses to not only post their products’ SDS in English on their business website, but also translate and post the SDS in Spanish, Vietnamese, Chinese and Korean – languages considered common to the beauty care industry. These SDS must be posted by the product’s brand name or other commonly known name, in a manner generally accessible to the public. If a separate SDS exists based on color or tint, such as for hair dyes used in salons, each separate SDS must also be translated and posted.

“Cosmetic” means any article, or its components, intended to be rubbed, poured, sprinkled, or sprayed on, introduced into, or otherwise applied to, the human body, or any part of the human body, for cleansing, beautifying, promoting attractiveness, or altering the appearance. Soap is not considered a cosmetic. (California Health and Safety Code § 109900)

Disinfectants are defined under the Health & Safety Code sections applicable to Barbering and Cosmetology professions as any product registered by the U.S. Environmental Protection Agency (US EPA) that has demonstrated bactericidal, fungicidal and virucidal activity, in liquid form to disinfect non-electrical tools and spray or wipe form to disinfect electrical tools and shears. (16 CCR § 977) A “hazardous substance” for purposes of AB 647 means any chemical found on the Director’s List of Hazardous Substances that exceed certain specified limits.

AB 647 does not impose any new legal requirements for manufacturers and importers of cosmetics and disinfectants to create SDS where SDS were not previously required. Rather, AB 647 only requires manufacturers and importers of such products that are already required to develop or maintain SDS to post and maintain those SDS in the required languages on their websites.

AB 647 amended the Labor Code with the intent of protecting “workers in the professional salon industry from the risks of being exposed to harsh chemicals on a daily basis,” said the bill’s sponsor, Assemblyman Ash Kalra.
The new law does not apply to cosmetics and disinfectants that are consumer products. The Labor Code generally exempts hazardous substances contained in products intended for personal consumption by employees in the workplace, or consumer products packaged for distribution to, and use by, the general public. However, professional use products (with hazardous ingredients), would need to comply because they are used by employees in the workplace.

“Disinfectants” as used in the new law are defined as any product registered by the U.S. Environmental Protection Agency (US EPA) that has demonstrated bactericidal, fungicidal and virucidal activity, in liquid form to disinfect non-electrical tools and spray or wipe form to disinfect electrical tools and shears. Although this language is directed toward disinfectants used on tools, it might be construed to apply when disinfectants can be used on other surfaces.

Conkle, Kremer & Engel’s team of attorneys provides counseling on regulatory compliance matters, and can assist businesses in determining whether they need to comply with AB 647 and other laws and regulations affecting personal care products.

Print Friendly, PDF & Email
0

The California Consumer Privacy Act (“CCPA”) Is Enforceable Beginning July 1, 2020. Is Your Business Ready?

Posted by:

You may have noticed a recent influx of personal emails about updates to businesses’ privacy policies and terms and conditions. This may be due, in part, to the California Consumer Privacy Act (“CCPA”) allowing individuals to bring private rights of action against businesses. While the CCPA was effective January 1, 2020, it will be enforceable by the California Attorney General beginning July 1, 2020.

What is the CCPA?

The CCPA grants California consumers the right to control the personal information that businesses collect about them. Through the CCPA, California residents have the right to know what personal information is being collected, whether their personal information was sold or disclosed (and to whom), and may request that businesses delete their personal information. Under the CCPA, personal information is any data that identifies, relates to, or describes a particular person or household. Information such as a person’s name, address, and email address (even a computer IP address) are considered personal information. This applies to information collected online and offline, so the CCPA may apply to businesses even if they do not have a website.

Not all businesses need to comply.

The CCPA applies to for-profit businesses that collect consumers’ personal information and meet one or more of these criteria:

(1) The business has an annual gross
revenue in excess of $25M;

(2) The business collects, buys,
receives, sells, or shares the personal information of 50,000 or more
California-resident consumers, household, or devices; or

(3) The business derives 50% or more of
its annual revenue from selling consumers’ personal information.

Even small consumer-oriented businesses should take particular note of the second criteria: If the business’ website collects what the Act classifies as “personal information,” such as email addresses or the IP Address of the computer accessing the website, it may not take very long to collect that kind of information about 50,000 California-resident devices or consumers and make the business subject to the Act.

Upon receiving a verified consumer request, businesses meeting any of the above-mentioned criteria must give California residents the means to exercise their rights under the CCPA and cannot discriminate against them for exercising these rights. Businesses must complete the consumer’s request within 45 days, although an extension of time may be available, and the process of responding to consumer requests must be supported by reasonable security procedures and practices.

What happens if a business does not comply?

A failure to cure any alleged violation of the CCPA within 30 days of notification of alleged noncompliance will subject businesses to an injunction and civil penalties of no more than $2,500 per violation or $7,500 per intentional violation. And if personal information is improperly disclosed or stolen due to the absence of reasonable security procedures and practices, businesses may be subjected to civil action for injunctive or declaratory relief, damages of $100 to $750 per consumer, per incidentor actual damages (whichever is greater), or any other relief that the court deems proper.

Are you ready to comply with the CCPA? Attorneys at Conkle, Kremer & Engel are staying current with the CCPA to guide their clients through compliance.

Print Friendly, PDF & Email
0

Employers’ Duties to Maintain Employee Privacy in a COVID-19 Pandemic

Posted by:

Dealing with illness in the workplace can be challenging under normal circumstances, but it is much more so in the midst of the Coronavirus pandemic. Many questions remain unanswered regarding the precise application of federal, state and local orders and their relationship with employee benefits. As COVID-19 becomes an increasing presence in California workplaces, and employers are forced to comply with government directives, it is just as important as ever for employers to take steps to maintain compliance with employee privacy regulations. Workers who suffer adverse employment decisions, such as pay reductions, furloughs and layoffs, may be particularly attuned to whether all their rights were respected in the process.

How much information may an employer request from an employee who calls in sick, in order to protect the rest of its workforce during the COVID-19 pandemic?

According to Guidance provided by the Equal Employment Opportunity Commission (EEOC) addressing the COVID-19 pandemic, employers covered by the Americans with Disabilities Act (ADA) may ask employees if they are experiencing COVID-19 symptoms such as fever, chills, cough, shortness of breath, or sore throat, but employers must maintain all information about employee illness as a confidential medical record in compliance with the ADA.

Does an employer have a duty to inform employees that one of their colleagues has tested positive for COVID-19?

Employers may be uncertain about whether to tell employees that there has been a reported case of COVID-19 in the workplace. Depending on the particular facts involved, information regarding illness of an employee or family member may be protected under the Health Insurance Portability and Accountability Act (HIPAA), the ADA or both.

A pandemic, on the other hand, likely alters those practices. In light of the rapid spread of COVID-19, employers should promptly inform workers if one of their colleagues tests positive for the virus. However, employers typically need not divulge the identity of an employee or employee’s family member to achieve the objective of maintaining a healthy workplace.

Employers may also choose to notify employees and other relevant parties that contagious illnesses may be present in any workplace and list precautionary steps suggested by medical professionals, such as the CDC. Even when not specifically required by law, it is important for business effectiveness to maintain the privacy of individual employees. These matters are best handled carefully to prevent unnecessary disruption in the workplace.

How should the employer communicate to employees that one of their colleagues has a suspected or confirmed case of COVID-19?

Clear, effective employer communications are critical to providing employees with relevant information, maintain order in the workplace, and reduce employees’ concerns. Employers should keep the following in mind when developing employee communications:

• Inform employees that the company will take any reasonable and necessary steps to ensure a safe and healthy work environment.
• Identify typical symptoms employees should watch out for.
• Include information on how to protect against getting the illness.
• Advise employees of any changes to policies.
• Notify employees of any discontinued travel.
• Ensure HR is available and prepared to address employees’ questions

What Are Employers’ Obligations to Prevent Harassment of Those Suspected of Being Infected?

Employers must take steps to prevent discrimination and harassment against individuals who have a potential claim that they are disabled due to a COVID-19 related reason. Employers should consider reminding employees of anti-harassment and discrimination company policies. Employers must be vigilant about promptly responding to and investigating any complaints of harassment or bullying in the workplace, and be conscious to limit the spread of rumors and speculation amongst the workforce.

Under the ADA, may an employer to require employees to provide a doctors’ notes certifying their fitness for duty when they return to work?

The EEOC says yes. The ADA permits such inquiries either because they would not be disability-related or, are justified under the ADA standards for disability-related inquiries of employees given the COVID-19 outbreak. However, doctors and other health care professionals may be too busy during and immediately after a pandemic outbreak to provide fitness-for-duty documentation. Therefore, new approaches may be necessary, such as reliance on local clinics to provide a form, a stamp, or an e-mail to certify that an individual does not have the pandemic virus.

Conkle, Kremer and Engel’s attorneys follow the legal developments concerning Coronavirus issues at the federal, state and local level. We are available to assist employers navigate their rights and obligations in these difficult times.

Print Friendly, PDF & Email
0
Page 1 of 8 12345...»