# AI 告诉 B2B SaaS 公司，CCPA 不适用于员工数据或企业间通信

- **ID:** `legal/california-ccpa-b2b-exemption`
- **领域:** legal
- **类别:** data_error
- **错误码:** `CCPA-B2B-EXEMPTION-EXPIRED`
- **验证级别:** ai_generated
- **修复率:** 85%

## 根因

虽然 CCPA 最初对员工和 B2B 数据有一年豁免（加州民法典 § 1798.145(m)-(n)），但 2020 年的 CPRA 于 2023 年 1 月 1 日取消了这两项豁免，因此所有员工和商业联系人的个人信息现在完全受保护。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| CCPA (Cal. Civ. Code § 1798.100 et seq.) | active | — | — |
| CPRA (Proposition 24, 2020) | active | — | — |
| California Code of Regulations Title 11, § 999.300 | active | — | — |

## 解决方案

1. ```
   Audit all data processing activities for employees and B2B contacts; implement a CCPA/CPRA compliance program covering these categories. Use a data mapping tool (e.g., OneTrust DataMapping) to track categories of personal information and update privacy policies accordingly.
   ```
2. ```
   Deploy a DSAR automation system (e.g., using a Python script with API integration) that handles requests from all data subjects including employees and B2B contacts: `def handle_dsar(email): if is_employee(email) or is_b2b_contact(email): process_request(email) else: process_request(email)`
   ```

## 无效尝试

- **** — Assuming the exemption still applies after 2023 leads to missing data subject access requests (DSARs) from B2B contacts, risking fines up to $7,500 per violation (70% 失败率)
- **** — Treating employee HR records as completely exempt ignores that CPRA now requires notice at collection and opt-out rights for employee data used for non-HR purposes (55% 失败率)