The California Office of the Attorney General has turned its attention to the practices of large companies regarding the protection of the personal information of employees and job applicants as part of its latest investigative sweep under the California Consumer Privacy Act (CCPA).

Attorney General Rob Bonta announced in a press release Friday that large California employers will receive letters seeking details on their CCPA compliance efforts. Changes under the data protection law that took effect Jan. 1 enhanced certain employee data protections.

“The California Consumer Privacy Act is the first-in-the-nation landmark privacy law, and starting this year, the personal information of employees, job applicants, and independent contractors received greater data privacy protections because of it,” said Bonta in the release. “We are sending inquiry letters to learn how employers are complying with their legal obligations. We look forward to their timely response.”

Further specific details requested in the letters, along with a list of recipients, were not disclosed.

Bonta announced previous sweeps under the CCPA, including regarding mobile app opt-out requests and the practices of online retailers.

To date, the only public enforcement action brought under the CCPA remains a $1.2 million fine announced against Sephora in August 2022 for allegedly failing to comply with customer opt-out requests.

Earlier this year, the California Privacy Rights Act (CPRA) passed by voters in 2020 amended the CCPA to include greater protections for residents. The law led to the formation of the California Privacy Protection Agency, which now oversees enforcement of the CCPA.

A court ruling last month stayed certain provisions of the CPRA until March 2024 after they were introduced later than intended.