{
  "id": "legal/california-ccpa-b2b-exemption",
  "signature": "AI tells a B2B SaaS company that the CCPA does not apply to employee data or business-to-business communications",
  "signature_zh": "AI 告诉 B2B SaaS 公司，CCPA 不适用于员工数据或企业间通信",
  "regex": "CCPA.exemption|B2B.exemption|employee.data.exemption|CPRA.exemption",
  "domain": "legal",
  "category": "data_error",
  "subcategory": null,
  "root_cause": "While the CCPA originally had a one-year exemption for employee and B2B data (Cal. Civ. Code § 1798.145(m)-(n)), the California Privacy Rights Act (CPRA) of 2020 eliminated both exemptions effective January 1, 2023, so all personal information of employees and business contacts is now fully covered.",
  "root_cause_type": "generic",
  "root_cause_zh": "虽然 CCPA 最初对员工和 B2B 数据有一年豁免（加州民法典 § 1798.145(m)-(n)），但 2020 年的 CPRA 于 2023 年 1 月 1 日取消了这两项豁免，因此所有员工和商业联系人的个人信息现在完全受保护。",
  "versions": [
    {
      "version": "CCPA (Cal. Civ. Code § 1798.100 et seq.)",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "CPRA (Proposition 24, 2020)",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "California Code of Regulations Title 11, § 999.300",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Assuming the exemption still applies after 2023 leads to missing data subject access requests (DSARs) from B2B contacts, risking fines up to $7,500 per violation",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Treating employee HR records as completely exempt ignores that CPRA now requires notice at collection and opt-out rights for employee data used for non-HR purposes",
      "fail_rate": 0.55,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Audit all data processing activities for employees and B2B contacts; implement a CCPA/CPRA compliance program covering these categories. Use a data mapping tool (e.g., OneTrust DataMapping) to track categories of personal information and update privacy policies accordingly.",
      "success_rate": 0.8,
      "how": "Audit all data processing activities for employees and B2B contacts; implement a CCPA/CPRA compliance program covering these categories. Use a data mapping tool (e.g., OneTrust DataMapping) to track categories of personal information and update privacy policies accordingly.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Deploy a DSAR automation system (e.g., using a Python script with API integration) that handles requests from all data subjects including employees and B2B contacts: `def handle_dsar(email): if is_employee(email) or is_b2b_contact(email): process_request(email) else: process_request(email)`",
      "success_rate": 0.75,
      "how": "Deploy a DSAR automation system (e.g., using a Python script with API integration) that handles requests from all data subjects including employees and B2B contacts: `def handle_dsar(email): if is_employee(email) or is_b2b_contact(email): process_request(email) else: process_request(email)`",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Audit all data processing activities for employees and B2B contacts; implement a CCPA/CPRA compliance program covering these categories. Use a data mapping tool (e.g., OneTrust DataMapping) to track categories of personal information and update privacy policies accordingly.",
    "Deploy a DSAR automation system (e.g., using a Python script with API integration) that handles requests from all data subjects including employees and B2B contacts: `def handle_dsar(email): if is_employee(email) or is_b2b_contact(email): process_request(email) else: process_request(email)`"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://oag.ca.gov/privacy/ccpa",
  "official_doc_section": null,
  "error_code": "CCPA-B2B-EXEMPTION-EXPIRED",
  "verification_tier": "ai_generated",
  "confidence": 0.9,
  "fix_success_rate": 0.85,
  "resolvable": "true",
  "first_seen": "2023-01-01",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}