CalPrivacy Supports Bill Providing First-of-Its-Kind Incentives and Protections for Privacy Whistleblowers

If enacted, the bill would provide a significant expansion of CalPrivacy’s enforcement toolkit and introduce a new layer of compliance risk for businesses operating in California.

What Is the Whistleblower Protection and Privacy Act

The Whistleblower Protection and Privacy Act incentivizes whistleblowers to report privacy violations in two principal ways.

• By creating a financial award to encourage insider reporting.

• By establishing anti-retaliation provisions to protect those who come forward. 

Financial Awards

The bill would award whistleblowers between 15% and 33% of the administrative fines collected through an enforcement action or settlement resulting from the whistleblower’s complaint. In determining the precise award percentage, CalPrivacy (formerly the California Privacy Protection Agency) would be required to consider multiple factors, including the significance of the information provided, the success of the enforcement action, and the degree of assistance furnished by the whistleblower in advancing the investigation. To qualify for an award, the whistleblower would need to be represented by private counsel. Accordingly, CalPrivacy would be enabled to assess an additional administrative penalty to cover the whistleblower’s reasonable attorney’s fees.

Anti-Retaliation Protections

The bill prohibits employers from retaliating against employees, contractors, or agents who participate in whistleblower complaints or administrative enforcement actions. Covered individuals who experience discrimination in the terms and conditions of employment would be entitled to bring a civil action seeking reinstatement, back pay, compensation for special damages, reasonable attorney’s fees and costs, and, where appropriate, punitive damages. The statute of limitations for such claims would be three years from the date of discrimination. 

The bill draws on recommendations from the Joint California Policy Working Group on Frontier AI Models, which identified whistleblower protections as one of the key instruments to increase transparency by “surfacing misconduct, identifying systemic risks, and fostering accountability”. 

Practical Implications

If enacted, this bill would represent a significant evolution in privacy law, becoming a first-of-its-kind privacy enforcement mechanism. The bill is currently before the California Assembly and may be heard in committee this March. We will continue to monitor its progress.

If you have any questions, please reach out to your ArentFox Schiff contact or a member of the Privacy & Data Security team.