September 28, 2021

Volume XI, Number 271

Advertisement

September 27, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Temperature Checks May Add Privacy Notice Obligations for California Businesses

Companies planning to conduct pandemic-related temperature checks for California employees and visitors to their premises should consider their compliance obligations under the California Consumer Privacy Act (“the CCPA”).  If the CCPA applies, companies should review existing CCPA employee and contractor/visitor notices, or consider providing an additional notice before engaging in temperature screening resulting in the collection of personal information.  In this context, “personal information” includes recording an individual’s name and temperature, or recording any health or other symptoms along with the name.  Any additional CCPA notice should be specific to the method chosen.  As a result, if a business implements a third-party solution, a mobile solution, an electronic questionnaire, or other means of health screening in California where any personal information is collected or stored, the business needs to disclose this fact to its employees (and to visitors or contractors) at or before the point that the screening that results in the collection of personal and health data takes place.

The CCPA became effective on January 1, 2020, and its enforcement is set to begin on July 1, 2020.  As we previously discussed in our blog post and in this video, the CCPA applies to businesses if one of more of the following is true relating to any California business activities: the business obtains the personal information of at least 50,000 consumers, households, or devices per year (which on average, is equivalent to about 135 separate interactions with California residents per day over a year); and the business generates gross revenues in excess of $25 million per year globally; or the business derives 50% or more of its annual revenues from “selling” consumers’ personal information.  Stated in simple terms, all California employers should ensure compliance with the CCPA if they plan to screen employees or visitors for elevated temperatures or similar health-related screenings.  The business should supply the individual subject to that screening with a CCPA-compliant privacy notice at the time of the screening and prior to collecting any health or personal data.  Moreover, if a business has a COVID-19-related visitor policy, contact tracing policy, or health screening policy, then additional CCPA disclosures may be warranted if any steps are being taken beyond merely checking someone’s temperature, without recordation. 

Businesses should not deem themselves CCPA-compliant merely because they provided comprehensive privacy notices to their employees and contractors earlier this year.  Many pre-pandemic notices provided back in January do not cover contact tracing, COVID-19 health screenings, and on-site temperature checks.  In sum, these health-related checks may expand data collection and additional notices should be considered. 

Because the content of the CCPA notice that COVID-19 may necessitate will likely vary from business to business (depending on what is actually being collected and how), a one-size-fits-all policy can pose compliance issues. 

©1994-2021 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume X, Number 169
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Natalie Prescott, Mintz Levin Law Firm, Litigation Attorney
Practice Group Associate

Natalie’s practice focuses on a wide range of litigation matters.

Prior to joining the firm, Natalie worked as the co-founder and trial lawyer for a boutique litigation firm that focuses on state and federal litigation. She also spent many years as a litigation associate at one of the world’s largest law firms, where she received extensive consumer litigation, trial, and appellate experience.

Previously, Natalie served as a judicial law clerk for the Honorable Roger T. Benitez of the United States District Court of the...

858 -314-1534
Jennifer Rubin Employment Attorney Mintz
Member

Jen draws on 30 years of experience crafting legal solutions to employment challenges. Her clients include small and large businesses and individual representation of executives. She advises technology, financial services, publishing, retail, professional services, and health care companies seeking regulatory, litigation, and compliance advice. She divides her employment practice between wage and hour compliance and trial practice, with a focus on class actions, trade secrets and employment mobility disputes, and the defense of discrimination, retaliation and other disputes arising from...

858.314.1550
Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Advertisement
Advertisement
Advertisement