How to plan ahead for compliance and privacy projections
As general counsel at Checkr, one of the most interesting challenges I face is staying on top of the ever-changing laws and regulations in the background check industry and communicating these changes back to our customers.
I regularly meet with regulators and government entities, and I advise general and senior counsels to do the same. Together, we can all go beyond meeting the minimum requirements of the law to better protect our businesses, customers and clients.
Each year heralds a dizzying amount of new legislation, the neglect of which can put clients at risk for litigation. This year is no different, but there are two new laws that are worth spending some time on: The first is California’s Assembly Bill 5 (AB 5), which codifies the “ABC” test—a three-part test to prove workers are independent contractors rather than employees—from a California Supreme Court case, Dynamex Operations West, Inc. v. Superior Court of Los Angeles. The second law worth noting is the California Consumer Privacy Act (CCPA).
Now, you may not be in California, but bear with me. These are still developments that should be on your radar for several reasons. As California goes, so goes the nation, and other states are currently considering similar laws. The California laws will likely continue to serve as models for future legislation, possibly at the federal level. Advising your clients on current privacy laws as well as likely future privacy regulation can, at the very least, keep them from scrambling to keep up and, at the most ideal, help them avoid hefty fines and negative optics.
Additionally, AB 5 in particular, is a good example of why employers should be proactive about getting involved in policy initiatives before final legislation is passed.
Assembly Bill 5 (AB 5)
AB 5 went into effect on Jan. 1 and establishes a new and highly stringent test for independent contractor status. The law does not automatically classify any category of workers as employees and shifts the burden to employers to prove that workers are not employees.
California employers are, obviously, looking to find compliance solutions as well as workarounds—particularly those that use a lot of gig workers. And some of these companies are banding together on policy initiatives.
For example, Lyft, Uber and DoorDash have launched the Protect App-Based Drivers & Services Act, a November 2020, California ballot measure that would enable app-based rideshare and delivery drivers to work as independent contractors while also providing new earnings guarantees. The measure also calls for a healthcare stipend, health, and auto insurance, and protection from discrimination and harassment.
California Consumer Privacy Act (CCPA)
There is a growing movement toward consumer privacy and consumer transparency. Consumers are increasingly wanting, not only ownership of their data, but also power over it. This trend will not recede in the future; it will only increase with new privacy legislation.
CCPA is similar in spirit to the European General Data Protection Regulation (GDPR) that went into effect in 2018. CCPA gives consumers new rights relating to reviewing, obtaining and deleting their personal data. The law is being viewed as a model by other states looking to enact similar protections.
While most companies genuinely want to comply with CCPA and other consumer data protection laws, the lack of uniformity makes this difficult. To help remedy this, many companies are working with their policy teams to support federal privacy legislation and encourage uniformity among state laws while facilitating compliance efforts.
What Can You Do?
Looking at both CCPA and AB 5 with the benefit of hindsight, it seems that companies could have come together to proactively plan and offer compromises that would have satisfied both industry and individuals alike way before final legislation was passed.
It’s never too late to act, however, and there are important lessons to be learned from the passage of these laws. The most crucial thing to keep in mind is that employers must be proactive rather than reactive when it comes to laws that directly affect how they do business.
Here are some action steps to consider, no matter the industry you’re in:
- Work together. Collaborate to build compliance, privacy and security into your products. Regardless of whether you’re directly affected by CCPA or GDPR, your customers are increasingly seeking and demanding ownership and control of their data.
- Become a policy advocate. Partner with your policy team and policymakers across different jurisdictions to work on initiatives that help create more consistent standards across states.
- Aim for consistency. Many companies’ policy teams are working to try to create model language for uniformity in laws, and others, including Microsoft, are applying CCPA standards throughout the United States. Even when you are faced with a patchwork of different laws, you can strive to create uniform policies and practices that are broadly compliant.
- Join a collaborative. If AB 5 affects your business, join one of the collaboratives or trade associations working on these issues so that you can have your voice heard to influence policy. You can also seek to be included in one or more exemptions to the law.
- Go to court. This is, obviously, a bold last step that is not warranted in all situations. But sometimes it may be worthwhile to be the test case.
The impact and application of AB 5 and CCPA will continue to evolve with time. AB 5, in particular, is still very much up in the air. California Governor Gavin Newsom signed it into law but has indicated that he would prefer a better solution, so more legislation to modify or clarify it is likely forthcoming.
In addition to keeping up on new developments, you should never hesitate to talk to—and learn from—other companies who are dealing with these and other issues that affect your business. Companies sometimes have a tendency to hunker down and turn inward when faced with regulatory challenges, but that’s the wrong approach. Look outward and proactively use all the resources available to you.
As general counsel, Irene Liu leads Checkr’s legal, compliance and government relations teams. She has broad legal, compliance and consumer protection expertise after working at the FTC, the U.S. Department of Justice and high-tech companies, including BlackBerry and Lookout. Liu received her JD from the University of California at Berkeley School of Law.
ABAJournal.com is accepting queries for original, thoughtful, nonpromotional articles and commentary by unpaid contributors to run in the Your Voice section. Details and submission guidelines are posted at “Your Submissions, Your Voice.”