Employee data collection is a longstanding practice. In light of the trends in privacy law, employers may want to reassess what they are collecting and how long the information should be retained.
When the California Privacy Rights Act (CPRA) takes effect and replaces the California Consumer Privacy Act (CCPA) on January 1, 2023, businesses will have new privacy obligations with respect to personal information of employees, applicants for employment, independent contractors, owners, directors, officers, and their beneficiaries and emergency contacts who are California residents.
Retailer WH Smith suffered a cyber attack that leaked employee data, including names, dates of birth, and National Insurance Numbers. The incident leaked the data of current and former employees, but customer data was unaffected.
