Alston & Bird Privacy Blog

California Mandates COVID Exposure and Outbreak Reporting to Employees, Government Agencies

By and

On Thursday, September 17, 2020, California Governor Gavin Newsom signed Assembly Bill 685 (“AB685”) into law.  AB685 amends a number of portions of California’s Labor Code to address the COVID-19 pandemic.  In addition to provisions that regulate reopening activities at California worksites, AB685 introduces two new COVID-related notification obligations for California employers: (1) a requirement to notify  employees in the event of a potential COVID exposure at a worksite, and (2) mandatory reporting to local California public health departments when COVID cases amount to a regulator-defined “outbreak.”  These obligations will go into effect on January 1, 2020.  Each is summarized below:

1. COVID Exposure Notice to Employees

  • Whenever a California employer receives notice of a “potential exposure to COVID-19” at one of its worksites, AB685 will now obligate the employer to notify all other employees who were at the “same worksite” as the COVID-positive employee “during the infectious period.”
  • The “potential exposure” triggering these new employee notifications can be triggered when an employee self-reports a COVID diagnosis; when the company’s testing program reports a COVID case to the company; or when a public health department or staffing agency informs the employer that a COVID-positive employee was at the worksite.
  • Companies will likely be relieved to learn that AB685 does not obligate them to disclose any more personal information about COVID-positive individuals than they currently do. AB685 instead merely requires companies to inform fellow employees “that they may have been exposed to COVID-19,” which is consistent with many companies’ existing practice.
  • However, these new AB685 notifications to fellow employees must be made in writing, i.e. “in a manner the employer normally uses to communicate employment-related information” – including email or text message if appropriate. Additionally, written notifications must be made within one business day of when the employer learned of the potential COVID exposure, and retained for at least 3 years.

2. COVID Reporting to Local Public Health Departments

  • AB685 also introduces a new obligation to report a COVID “outbreak” to California public health departments. If a California employer receives notice of enough COVID cases to constitute “COVID-19 outbreak,” it must report the ‘outbreak’ to the local California public health department.
  • Per guidance released by Cal/OSHA in connection with AB685, a “COVID outbreak” is currently defined as “three or more laboratory-confirmed cases of COVID-19 among employees who live in different households within a two-week period.” Thus, receiving notice of these types of laboratory testing results would presumably trigger AB685’s new reporting requirements.   The initial report must be made within 48 hours of when the employer is “notified” of “the number of cases that meet the definition of a COVID-19 outbreak.”
  • The company’s report to the local public health department must include the “names, number, occupation, and worksite” of employees. Note that more employees may need to be included in the report than the 3+ employees whose positive lab tests triggered the reporting requirement.  Potentially, all employees who constitute “qualifying individuals” under AB685 must be included.  This can include additional employees who a) have a positive COVID laboratory test, b) have a positive COVID diagnosis from a healthcare provider (with or without a supporting lab test), c) are subject to a COVID isolation order from a public health department, or d) have died from COVID (as determined by appropriate officials).
  • After making this initial report to the public health department, the employer must supplement it on an ongoing basis if it receives additional, laboratory-confirmed COVID cases.
  • Employers should know that information reported in this manner will be made available to the public on the California Department of Public Health’s website. While no PII of employees will be published, the information made public will “allow[] the public to track … the number and frequency of COVID-19 cases and outbreaks by industry reported by any workplace.”

Alston & Bird is closely following AB685 and COVID-reporting requirements across the United States.  For further information please contact your attorney on the Alston & Bird Privacy & Cybersecurity Team.

 

Aaron Wasser

About Aaron Wasser

Aaron Wasser is an associate in Alston & Bird’s Privacy & Data Security Team. Aaron focuses his practice on helping clients develop tailored solutions to complex privacy and cybersecurity problems.

Daniel Felz

About Daniel Felz

Daniel Felz is a senior associate with Alston & Bird’s Privacy & Data Security Group. Dan leverages his extensive international experience to advise clients on global privacy, cybersecurity, technology, and adversarial matters.

[Read Bio]