Does the California Consumer Privacy Act Prevent Me from Checking Employees’ Temperatures?

As the COVID-19 pandemic continues to affect our economy, business owners are trying their best to ensure that employees returning to the workplace are safe to resume their duties, particularly when those duties involve interactions with other people. For this reason, many businesses are implementing safety procedures that often include temperature checks for employees resuming their work.

One issue that may not be top of mind for an employer with regard to temperature checks is California’s Consumer Privacy Act (CCPA).  How does a law that was supposed to be targeted at big tech companies who collected a consumer’s data online apply to a pandemic where an employer takes an employee’s temperature before they enter the workplace?  The answer lies in the existing employee exemption in the CCPA, that is set to expire at the end of this year.

There are three provisions in CCPA dealing with exemptions for employee information.

CCPA §1798.145(h)(A) basically states that CCPA does not apply to personal information collected by a business about an employee, job applicant owner, director, officer, medical staff member, or contractor to the extent that the information is collected and used by the business solely within the context of the person’s role or former role as a job applicant, employee, owner, director, officer, medical staff member, or a contractor of that business.

CCPA §1798.145(h)(B) generally states that CCPA does not apply to personal information that is collected by an employer that is emergency contact information of an individual, to the extent that the personal information is collected and used solely within the context of having an emergency contact on file.

CCPA §1798.145(h)(C) generally states that CCPA does not apply to personal information that is necessary for the employer to retain to administer benefits a job applicant, an employee, owner, director, officer, medical staff member, or contractor of that business to the extent that the personal information is collected and used solely within the context of administering those benefits.

Thus, whether CCPA applies to a temperature read for an employee depends on the reason for collecting the data.  If the temperature read is done for purposes of maintaining a safe workplace and used solely for that purpose, then the CCPA likely does not apply.  If the temperature is not being used solely for purposes of employment, such as sharing the information with a face mask company who can then target the employee with ads for purchasing face masks, then the CCPA will likely apply.  Because no case law or clarifications exist, the rule requires a business to analyze the specific exemptions set out in the rule to determine two things: 1) the source of the information, and 2) whether the information is collected and used in a way that is outside of the context of the employment relationship.

As noted above, the employee exemption to the CCPA referenced above will “sunset” on January 1, 2021 unless the Legislature extends the deadline.  Given it is unlikely this virus is going away and that business as normal will have to change, employee temperature checks may continue to be a desired protocol for businesses to adopt for the long term.  In order to ensure employees are protected as well as the general public, the Legislature will need to act before the employee exemption “sunsets” in the CCPA to make sure it is a practice that employers can legally maintain.

Staff Contact: Shoeb Mohammed

Previous articleAvoid Cal-WARN Act Liabilities
Next articleFood Producer Outlines Keys to Restoring Economy After COVID-19
Shoeb Mohammed
Shoeb Mohammed joined the CalChamber in December 2019 as a policy advocate. He specializes in privacy and cybersecurity, economic development, technology, telecommunications and elections/fair political practices issues. Mohammed is an experienced litigator who advised clients on matters such as trademark; employment; business planning; proprietary software; and technology-related business cases. He came to the CalChamber from Knox Lemmon & Anapolsky, LLP, where he provided product and general counsel for various industries. Mohammed earned a B.A. in political science at California State Polytechnic University, Pomona; a J.D. from the McGeorge School of Law, University of the Pacific; and a Certificate in Disruptive Strategy from Harvard Business School Online. See full bio.