G&A Partners' Team on Data Privacy and PEOS

PEO Insider: Experts offer insight on privacy act’s impact on PEOs

New privacy laws in 2023 such as the California Privacy Rights Act (CPRA) will add complexity to professional employer organization’s (PEO) data protection and privacy efforts.


In PEO Insider’s article “New Privacy Laws in 2023: Complicating Data Protection Efforts,” G&A Partners’ data governance manager Fred Penn and compliance manager Kelley Zanfardino discuss how PEOs will be impacted by the new privacy laws, specifically as the CPRA extends privacy rights to employees and the data their employers collect.

“Two priorities quickly emerge for PEOs: assessing their own systems to verify they can fulfill the CPRA’s new requirements and assisting clients in their compliance efforts,” the article states.

PEOs will need systems in place that are capable of data mapping, which provides information on what data is collected and how it’s being processed. PEOs already store data, but the new challenge will be gathering details such as where the data is coming from or who has access to it. They’ll also need to assess whether “access controls need to be modified, ensuring only employees who need to access sensitive data have the necessary permissions.”

PEOs also play a vital role in helping clients remain compliant, starting with education.

“Business owners who manage multiple aspects of their company may not be aware of the latest requirements regarding privacy and data protection, or have time to research new regulations or legislation,” the article states. “But understanding the requirements and how they impact their business is essential. Noncompliance can be costly, and, in the case of cybersecurity, a major risk.”

Read the entire article here.