Policy Briefing — California extends CCPA employee and B2B exemptions via AB 1281

Executive briefing: AB 1281 amends Civil Code Sections 1798.145(m)–(n) to continue the narrow exemptions for workforce and B2B personal information through January 1, 2022, while keeping notice, access, and breach duties in scope.^{AB 1281 §§2–3}

Programme steps

• Confirm exemption coverage. Update data inventories to flag employee and B2B records that remain subject only to limited notice and breach obligations until the exemption sunset.
• Maintain privacy notices. Preserve CCPA-compliant workforce and applicant notices and confirm breach response procedures remain aligned with the statute.
• Plan for sunset. Build a roadmap to expand full CCPA workflows to employee and B2B data ahead of the January 1, 2022 expiration (or the CPRA timetable if superseded).

Sources

• Assembly Bill No. 1281 (Chapter 268, Statutes of 2020)
• Assembly Floor Analysis of AB 1281

Related briefings

Curated signals from the same pillar or overlapping topics.

Policy · Credibility 88/100 · November 3, 2020

Policy Briefing — California Privacy Rights Act Approved

Detailed implementation playbook for the California Privacy Rights Act, covering new rights, contracting duties, governance models, automated decision-making, and program management through 2023 enforcement.

Policy · Credibility 92/100 · August 14, 2020

Policy Briefing — California OAL approves final CCPA regulations effective immediately

The California Office of Administrative Law approved the Attorney General’s CCPA regulations on August 14, 2020, filing them with immediate effect and clarifying notices, request handling, and verification standards.

Policy · Credibility 91/100 · July 1, 2020

Policy Briefing — California begins CCPA enforcement on July 1, 2020

The California Department of Justice started enforcing the California Consumer Privacy Act on July 1, requiring businesses to honor access, deletion, opt-out, and notice obligations despite pending regulation approvals.

Policy · Credibility 40/100 · October 1, 2020

Policy Briefing — OFAC issues advisory on ransomware payments and sanctions risk

The U.S. Treasury’s OFAC published an advisory on 1 October 2020 warning that facilitating ransomware payments to sanctioned actors could trigger civil penalties and urging stronger prevention and reporting practices.

Policy · Credibility 92/100 · September 23, 2020

Compliance Briefing — September 23, 2020

Guidance for navigating the SEC's 2020 Rule 14a-8 amendments, covering eligibility verification, engagement protocols, proxy process updates, and board oversight.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Semiconductor Industrial Strategy Policy Guide — Zeph Tech

  Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.

• Digital Markets Compliance Guide — Zeph Tech

  Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…

• Export Controls and Sanctions Policy Guide — Zeph Tech

  Integrate U.S. Export Control Reform Act, International Emergency Economic Powers Act, and EU Dual-Use Regulation requirements into trade compliance, engineering, and supplier…