How to Configure ActivTrak for CCPA Compliance
NOTE: This article is not intended to replace official legal counsel. We are not legal experts. Please consult your lawyer. We exist to help customers improve their businesses. It’s important for us to show how they can maintain responsible control over the data collected and protect it in accordance with CCPA requirements.
What is CCPA?
California is the first state to provide expansive data privacy rights to employees via the CCPA (California Consumer Protection Act) which has been in effect since January 1, 2020. In addition, new privacy rights will apply to personal information collected in the context of a business “providing or receiving a product or service to or from” another business. California employers must prepare to provide an array of new privacy rights to employees as of January 1, 2023, which is the effective date of the California Privacy Rights Act (CPRA) amending initial CCPA regulations.
CCPA will impose limited obligations on employers with respect to employee data if they qualify as “businesses” subject to the law. CCPA applies to the personal information of “consumers,” but defines that term so broadly that it would include employees, job applicants, officers, directors, and independent contractors.
Ensuring Compliance with CCPA while using ActivTrak
ActivTrak respects data privacy laws in our data-driven approach to analyzing productivity. Our commitment to data privacy and security ensures businesses are CCPA-compliant while achieving business productivity goals.
In this article, we outline compliance recommendations and specific account configuration steps you can take to ensure your use of ActivTrak complies with CCPA regulations.
5 Recommendations for CCPA Compliance with ActivTrak Workforce Analytics Software
1. Tell employees you want to collect employee data
Under this legislation, employees will have the right to know about the personal information that your business collects about them. And while there are a few exceptions, you’ll be safer if you inform your employees that you want to gather employee data. Being transparent is a great place to start, and it opens the door to a relationship built on trust. Additionally, we recommend spelling out the data elements being captured in your particular configuration to avoid misconceptions about the information gathered.
2. Explain why you want to collect employee data
Even though it’s not part of CCPA, it is recommended to explain why activity information is being collected. Whether it is to identify workload balance issues, burnout risks, increase efficiency or improve the work habits of employees, sharing the goals behind your workforce analytics initiative and who will benefit from them will go a long way in obtaining buy-in.
It boils down to this: Have a specific reason or reasons for using ActivTrak and ensure your team understands those reasons. And if your mission changes and your purposes for collecting data stray from your original intent, inform your team that you’ve made the change.
3. Get permission to gather employee data
For organizations gathering data on employees in California, you’ll have to provide documentation so that they understand how you plan to collect data and that they consent to it. You can do this in written form. It should be very clear in the form what the employee is agreeing to. You can’t hide the text in a paragraph of a 100-page document and then ask them to sign page 100.
Along with this, note that the employee has the right to opt-out at any point in time. When teams are informed of the steps taken to protect and maintain control over their information, it can help alleviate some concerns with using workforce analytics software.
4. Be ready to provide the collected employee data
If you’re upfront about what you capture, this shouldn’t be an issue. We’ve made it easy for employees to access their own data via features like Personal Insights or you can expose productivity data via ActivConnect and export reports to let them see their information.
5. Be ready to delete the collected data
CCPA outlines the right of employees to request the deletion of their information. This means that if a person decides they want their information deleted, then in most circumstances, it needs to be erased.
ActivTrak provides a way for you to meet this need. An Administrator can delete a user’s information without losing the data from the entire team through the ActivTrak application.
Configuring Your ActivTrak Account for CCPA Compliance
The table below provides a high-level overview of individual CCPA requirements as well as specific steps your organization can take to ensure your processes and procedures related to your ActivTrak usage are compliant.
CCPA Requirement |
Recommended Actions |
ActivTrak Capabilities |
Right to Know |
Communicate to your employees that you will be deploying ActivTrak and explain how the data will be used. Learn more→ Share with employees the list of data elements captured by ActivTrak. Learn more→ |
Share ActivTrak data with employees via the Personal Insights Dashboard. Learn more→ You can also leverage custom-built report templates using BI tools like Power BI, Tableau, etc. Learn more→ |
Right to Delete |
This applies when the employee is not employed with the company or when the employer doesn’t need the employee’s data. Establish a process to capture and process requests from employees to delete their data. |
ActivTrak user delete functionality allows you to delete all data associated with a given employee. Learn more→ ActivTrak can process a request to delete your account. Learn more→ |
Right to Opt-Out of Sale or Sharing |
Communicate to your employees that either a) None of their information is shared with third parties for advertising or sales purposes or b) Their information will be shared unless they opt-out. |
Not applicable to ActivTrak. |
Right to Opt-Out of Automated Decision-Making Technology |
Employees can object if the data processing is not for employment reasons. Establish a process to capture and process requests from employees to opt out if data is not used for employment reasons. |
ActivTrak user delete functionality allows you to delete all data associated with a given employee Learn more→ Allow employees to install the ActivTrak Agent on their computers as a way to explicitly opt in. Learn more→ |
Right to Correct Inaccurate Personal Information |
Provide employee access to their own data. Establish a process where employees can file a report of incomplete or inaccurate data |
Share ActivTrak data with employees via the Personal Insights Dashboard or via custom-built reports using BI tools like Power BI, Tableau, etc. so they can identify and report inaccurate information. ActivTrak allows corrections to information like activity classification, productivity status, passive time settings, etc. via multiple administrative screens. Learn more→ |
Right to Limit Use and Disclosure of Sensitive Personal Information |
This only applies to the use of sensitive personal information other than what would be “reasonably expected by an average” employee. Collection of sensitive personal information by an employer, such as racial or ethnic origin, for diversity and inclusion purposes, may therefore be permitted as an exception. |
Not applicable to ActivTrak. |
Being Prepared for Audits
ActivTrak has resources you can leverage in the event of a data privacy compliance audit. They include:
- Data Retention and History: As an extra level of protection, our system does not retain data beyond an account’s set limits. Admins can also restrict date filters for user roles. Learn more here.
- Security Alarms: Alarms can be configured to alert you in real-time of any potential data privacy or security risks such as when users export data, change access levels and more. Learn more here.
- Security Audit Log: Our Security Audit Log provides a detailed record of changes or logins made to the account. Learn more here.
Additional Resources
Data Privacy & Compliance
- ActivTrak's Trust Center
- Data Privacy Controls within the ActivTrak Platform
- FAQ: ActivTrak’s Data Retention Policy & Data History
- What Data Does ActivTrak Collect?
- How to Configure ActivTrak for GDPR Compliance
- How to Configure ActivTrak for HIPAA Compliance
- FAQ: ActivTrak’s SOC 2 Compliance
Best Practices & Support
Was this article helpful?
0 out of 0 found this helpful
Comments
No comments