How to Configure ActivTrak for CCPA and CPRA Compliance

NOTE: This article is not intended to replace official legal counsel. We are not legal experts. Please consult your lawyer. We exist to help customers improve their businesses. It’s important for us to show how you can maintain responsible control over the data collected and protect it in accordance with CCPA and CPRA requirements.

What is CCPA?

The California Consumer Privacy Act (CCPA) is a law that's been in effect since January 1, 2020 to give California residents more control over their personal information that businesses collect. It established several basic privacy rights, including:

  • The right to know what personal information businesses collect
  • The right to delete personal information
  • The right to opt out of having personal information sold
  • The right to not be discriminated against for exercising these rights

What is CPRA?

The California Privacy Rights Act (CPRA) was approved by voters in 2020 and went into effect on January 1, 2023. It's not a separate law, but rather amends and updates the CCPA by adding new privacy protections. The main additions include:

  • The right to correct inaccurate personal information
  • The right to limit how businesses use and share sensitive personal information such as social security numbers, financial information, precise location data or genetic data

The law and amendment impose limited obligations on employers with respect to employee data if they qualify as “businesses” subject to the law. CCPA and CPRA apply to the personal information of “consumers,” but defines that term so broadly that it would include employees, job applicants, officers, directors, and independent contractors.

Ensuring Compliance with CCPA and CPRA while using ActivTrak

ActivTrak respects data privacy laws in our data-driven approach to analyzing productivity. Our commitment to data privacy and security ensures businesses are compliant while achieving business productivity goals. 

In this article, we outline compliance recommendations and specific account configuration steps you can take to ensure your use of ActivTrak complies with CCPA and CPRA regulations.

5 Recommendations for CCPA and CPRA Compliance with ActivTrak Workforce Analytics Software

1. Tell employees you want to collect employee data

Under this legislation, employees will have the right to know about the personal information that your business collects about them. And while there are a few exceptions, you’ll be safer if you inform your employees that you want to gather employee data. Being transparent is a great place to start, and it opens the door to a relationship built on trust. Additionally, we recommend spelling out the data elements being captured in your particular configuration to avoid misconceptions about the information gathered. 

2. Explain why you want to collect employee data

Even though it’s not part of CCPA, it is recommended to explain why activity information is being collected. Whether it is to identify workload balance issues, burnout risks, increase efficiency or improve the work habits of employees, sharing the goals behind your workforce analytics initiative and who will benefit from them will go a long way in obtaining buy-in.

It boils down to this: Have a specific reason or reasons for using ActivTrak and ensure your team understands those reasons. And if your mission changes and your purposes for collecting data stray from your original intent, inform your team that you’ve made the change.

3. Get permission to gather employee data

For organizations gathering data on employees in California, you’ll have to provide documentation so that they understand how you plan to collect data and that they consent to it. You can do this in written form. It should be very clear in the form what the employee is agreeing to. You can’t hide the text in a paragraph of a 100-page document and then ask them to sign page 100.

Along with this, note that the employee has the right to opt-out at any point in time. When teams are informed of the steps taken to protect and maintain control over their information, it can help alleviate some concerns with using workforce analytics software.

4. Be ready to provide the collected employee data

If you’re upfront about what you capture, this shouldn’t be an issue. We’ve made it easy for employees to access their own data via features like Personal Insights or you can expose productivity data via ActivConnect and export reports to let them see their information.

5. Be ready to delete the collected data

CCPA and CPRA outline the right of employees to request the deletion or correction of their information. This means that if a person decides they want their information deleted, then in most circumstances, it needs to be erased.

ActivTrak provides a way for you to meet this need. An Administrator can delete a user’s information without losing the data from the entire team through the ActivTrak application. 

Configuring Your ActivTrak Account for CCPA and CPRA Compliance 

The table below provides a high-level overview of individual CCPA requirements as well as specific steps your organization can take to ensure your processes and procedures related to your ActivTrak usage are compliant. 

CCPA/CPRA Requirement

Recommended Actions

ActivTrak Capabilities

Right to Know

Communicate to your employees that you will be deploying ActivTrak and explain how the data will be used. Learn more→

Share with employees the list of data elements captured by ActivTrak. Learn more→

Share ActivTrak data with employees via the Personal Insights Dashboard. Learn more→

You can also leverage custom-built report templates using BI tools like Power BI, Tableau, etc. Learn more→

Right to Delete

This applies when the employee is not employed with the company or when the employer doesn’t need the employee’s data.

Establish a process to capture and process requests from employees to delete their data.

ActivTrak user delete functionality allows you to delete all data associated with a given employee. Learn more→

ActivTrak can process a request to delete your account. Learn more→

Right to Opt-Out of Sale or Sharing

Communicate to your employees that either a) None of their information is shared with third parties for advertising or sales purposes or b) Their information will be shared unless they opt-out.

Not applicable to ActivTrak.

Right to Opt-Out of Automated Decision-Making Technology

Employees can object if the data processing is not for employment reasons.

Establish a process to capture and process requests from employees to opt out if data is not used for employment reasons.

ActivTrak user delete functionality allows you to delete all data associated with a given employee Learn more→

Allow employees to install the ActivTrak Agent on their computers as a way to explicitly opt in. Learn more→

Right to Correct Inaccurate Personal Information

Provide employee access to their own data.

Establish a process where employees can file a report of incomplete or inaccurate data

Share ActivTrak data with employees via the Personal Insights Dashboard or via custom-built reports using BI tools like Power BI, Tableau, etc. so they can identify and report inaccurate information.

ActivTrak allows corrections to information like activity classification, productivity status, passive time settings, etc. via multiple administrative screens. Learn more→

Right to Limit Use and Disclosure of Sensitive Personal Information

This only applies to the use of sensitive personal information other than what would be “reasonably expected by an average” employee. 

Collection of sensitive personal information by an employer, such as racial or ethnic origin, for diversity and inclusion purposes, may therefore be permitted as an exception.

Not applicable to ActivTrak.

Being Prepared for Audits

ActivTrak has resources you can leverage in the event of a data privacy compliance audit. They include:

  • Data Retention and History: As an extra level of protection, our system does not retain data beyond an account’s set limits. Admins can also restrict date filters for user roles. Learn more here.
  • Security Alarms: Alarms can be configured to alert you in real-time of any potential data privacy or security risks such as when users export data, change access levels and more. Learn more here.
  • Security Audit Log: Our Security Audit Log provides a detailed record of changes or logins made to the account. Learn more here.

Additional Resources

Data Privacy & Compliance

Best Practices & Support

Was this article helpful?

0 out of 0 found this helpful


No comments