Essential Business Acronyms Explained: NLRA, FCPA, CCPA, and More
May 13, 2024 at 8:00 PM
by JPS Global Advisors and Consultant
Brainstorming over paper

As a businessperson, regardless of the size or industry your business operates in, it’s essential to understand the key terms and acronyms used in the business world today. With that in mind, we’ve taken the opportunity to define and explain some of the most common business acronyms that often come up in our discussions of various challenges and regulations affecting businesses. We hope that this guide will be useful in helping to clarify these terms and their relevance to the issues we’ve discussed above, ensuring that you can navigate these complexities with confidence.

The NLRA – Defined and explained

The National Labor Relations Act (NLRA), passed in 1935, is a foundational law in the United States that governs labor relations between employers and employees. The primary goal of the NLRA is to protect the rights of employees to organize, form unions, engage in collective bargaining, and participate in concerted activities for mutual aid or protection. Here’s a breakdown of the key aspects of the NLRA:

1. Employee Rights

The NLRA guarantees certain rights for employees, including:

  • Forming or joining a union: Employees have the right to organize themselves into unions or join an existing one.
  • Collective bargaining: Unions can negotiate with employers on behalf of employees for better wages, working conditions, and other terms of employment.
  • Engaging in protected concerted activities: Employees can act together to improve their working conditions, even if they are not in a union. This includes strikes, protests, or other actions aimed at improving workplace conditions.
  • Protection from retaliation: Employers are prohibited from retaliating against employees for engaging in union activities or collective action.

2. Unfair Labor Practices

The NLRA outlines specific actions that are considered unfair labor practices for both employers and unions:

  • For Employers: Employers cannot interfere with employees' rights to organize, discriminate against employees based on union involvement, or refuse to bargain in good faith with a union that represents employees.
  • For Unions: Unions are also prohibited from coercing employees into joining or engaging in union activities, and they must represent employees fairly during negotiations and grievances.

3. National Labor Relations Board (NLRB)

The National Labor Relations Board (NLRB) is the federal agency responsible for enforcing the NLRA. The NLRB has two key functions:

  • Conducting Elections: The NLRB oversees union representation elections, allowing employees to vote on whether they want to be represented by a union.
  • Investigating Complaints: The NLRB investigates and resolves complaints of unfair labor practices by either employers or unions.

4. Collective Bargaining

Under the NLRA, unions that are certified as the bargaining representative for a group of employees are entitled to negotiate with the employer on behalf of all the employees in that bargaining unit. This process is known as collective bargaining and covers areas such as wages, benefits, hours, and working conditions.

5. Strikes and Picketing

The NLRA protects the right of employees to strike and engage in picketing in support of their demands, with certain limitations:

  • Economic Strikes: These are strikes over wage or benefit issues. Workers who strike for economic reasons can be permanently replaced by their employer, though they retain the right to return to work if there are job openings.
  • Unfair Labor Practice Strikes: These occur when workers strike due to employer violations of the NLRA. Workers cannot be permanently replaced during these types of strikes and must be reinstated after the strike ends.

6. Limitations

The NLRA does not apply to all workers. It specifically excludes:

  • Public-sector employees (government workers)
  • Agricultural laborers
  • Independent contractors
  • Supervisory employees

In Summary:

The NLRA plays a crucial role in shaping the relationship between employers and employees in the private sector. It provides employees with the legal framework to organize, bargain collectively, and engage in other union-related activities, while offering protection against unfair labor practices. For employers, understanding and complying with the NLRA is essential to maintaining positive labor relations and avoiding legal disputes.

The FCPA – Defined and explained

The Foreign Corrupt Practices Act (FCPA) is a U.S. law enacted in 1977 aimed at preventing bribery of foreign government officials to obtain or retain business. It also includes provisions regarding accurate financial record-keeping by companies. The FCPA is a critical part of U.S. efforts to promote ethical business practices internationally and ensure corporate accountability. Here’s a breakdown of its key aspects:

1. Anti-Bribery Provisions

The FCPA makes it illegal for U.S. companies and their employees, as well as foreign firms listed on U.S. stock exchanges, to offer, pay, promise, or authorize a payment of money or anything of value to foreign officials with the purpose of:

  • Influencing the official to act in a way that benefits the company’s business interests.
  • Securing an improper advantage to obtain or retain business.

The definition of "foreign official" is broad and includes:

  • Any officer or employee of a foreign government.
  • Individuals working for government-owned or controlled entities.
  • Public international organizations, such as the United Nations or World Bank.

Bribes can include cash payments, gifts, travel, entertainment, or other favors, provided they are given with corrupt intent to influence a decision.

2. Accounting Provisions

The FCPA requires companies registered with the U.S. Securities and Exchange Commission (SEC) to:

  • Maintain accurate books and records: Companies must keep detailed records that reflect all transactions accurately, ensuring there’s no off-the-books accounting used to hide improper payments.
  • Implement internal controls: Companies must develop and maintain adequate internal accounting controls to prevent and detect bribery and other illegal payments.

These provisions aim to ensure transparency and accountability in financial reporting and prevent fraud or concealment of bribes.

3. Who is Subject to the FCPA?

The FCPA applies to:

  • U.S. citizens, residents, and companies: This includes any business entity organized under U.S. law or having its principal place of business in the U.S.
  • Foreign companies listed on U.S. stock exchanges: These companies are also required to comply with both the anti-bribery and accounting provisions of the FCPA.
  • Individuals and companies operating internationally: Even non-U.S. businesses can fall under the jurisdiction of the FCPA if they engage in bribery while conducting business within the U.S. or while using U.S. financial institutions.

4. Exceptions and Defenses

The FCPA provides certain exceptions and defenses to the anti-bribery provisions:

  • Facilitating payments: These are small payments made to expedite routine governmental actions, such as processing permits or clearing goods through customs. However, these must not involve the misuse of official power.
  • Local law defense: A payment that is legal under the written laws of the foreign country may be a defense, though this is rarely applicable since most countries have laws prohibiting bribery.
  • Reasonable and bona fide expenditures: Payments for legitimate business expenses (such as travel or lodging for foreign officials) related to the promotion, demonstration, or explanation of products or services may be permissible if they are not intended to influence an official decision improperly.

5. Enforcement and Penalties

The FCPA is enforced by two U.S. government agencies:

  • The Department of Justice (DOJ) is responsible for enforcing the anti-bribery provisions and bringing criminal charges.
  • The Securities and Exchange Commission (SEC) enforces the accounting provisions and can bring civil charges against companies.

Penalties for violating the FCPA are severe and include:

  • Criminal fines: Up to $2 million per violation for companies and up to $250,000 and/or imprisonment for individuals.
  • Civil penalties: Significant fines for both individuals and companies.
  • Disgorgement of profits: Companies may be required to forfeit any profits obtained through corrupt practices.
  • Reputational damage: Being found guilty of FCPA violations can severely harm a company’s reputation and relationships with international business partners.

6. Global Impact and Cooperation

The FCPA has inspired similar anti-corruption laws worldwide, including the UK Bribery Act. U.S. authorities often cooperate with other countries' law enforcement agencies to investigate and prosecute cases of international corruption.

In Summary:

The FCPA is a powerful tool in combating corporate bribery and corruption in international business. It places significant responsibilities on U.S. companies and foreign entities operating in U.S. markets to maintain ethical business practices. Failure to comply can result in severe financial penalties, legal consequences, and damage to a company’s reputation.

The CCPA – Defined and explained

The California Consumer Privacy Act (CCPA) is a state law enacted in California in 2018 that enhances privacy rights and consumer protection for residents of California. It is one of the most comprehensive data privacy laws in the United States and sets important standards for how businesses handle personal information. Here’s a detailed breakdown of the CCPA:

1. What is the CCPA?

The CCPA is a law designed to give California residents more control over their personal information. It grants consumers the right to know what data is being collected about them, how it’s being used, and with whom it’s being shared. The law applies to businesses that collect and process personal information about California residents, even if the business is located outside the state.

2. Who Does the CCPA Apply To?

The CCPA applies to for-profit businesses that meet any of the following criteria:

  • Annual gross revenue of more than $25 million.
  • Buys, sells, or shares the personal information of 50,000 or more California consumers, households, or devices.
  • Derives 50% or more of its annual revenue from selling California consumers’ personal information.

Non-profit organizations and smaller businesses that do not meet these thresholds are generally not subject to the CCPA.

3. What Is Personal Information Under CCPA?

The CCPA defines "personal information" broadly. It includes any information that identifies, relates to, describes, or can be linked to a particular consumer or household. Examples include:

  • Names, addresses, phone numbers.
  • Email addresses, IP addresses.
  • Browsing history, purchase history.
  • Geolocation data, biometric data.
  • Any unique identifiers, like social security numbers or passport numbers.

4. Consumer Rights Under the CCPA

The CCPA grants consumers several important rights over their personal data:

  • Right to Know: Consumers have the right to request a business disclose what personal data is collected, used, shared, or sold, both in general and with specific details upon request.
  • Right to Delete: Consumers have the right to request the deletion of their personal information that a business holds, subject to certain exceptions (e.g., if the data is necessary for completing a transaction, for security purposes, or to comply with a legal obligation).
  • Right to Opt-Out: Consumers can opt out of the sale of their personal information. Businesses must provide a clear and conspicuous “Do Not Sell My Personal Information” link on their website for consumers to easily opt-out.
  • Right to Non-Discrimination: Businesses cannot discriminate against consumers for exercising their rights under the CCPA. This means businesses cannot deny services, charge different prices, or provide a lower level of service if a consumer opts out of data sales.
  • Right to Data Portability: When consumers request their personal data, businesses must provide it in a readily usable format that allows them to transmit the information to another entity easily.

5. Business Obligations Under CCPA

Businesses covered by the CCPA must comply with several key obligations:

  • Notice and Transparency: Companies must inform consumers at or before the point of data collection about what personal information they are collecting, the purpose for collecting it, and whether it will be sold or shared.
  • Provide Mechanisms for Exercising Rights: Businesses must create and maintain processes for consumers to submit requests to exercise their CCPA rights, such as requesting their data or opting out of sales. This often involves providing a toll-free phone number or a web-based form.
  • Honor Opt-Out Requests: If a consumer opts out of having their information sold, businesses must honor this request and stop selling the data.

6. Enforcement and Penalties

The CCPA is enforced by the California Attorney General, and businesses that violate the law can face substantial penalties:

  • Civil penalties: For intentional violations, fines can be as high as $7,500 per violation. For unintentional violations, fines may be up to $2,500 per violation.
  • Private Right of Action: Consumers also have the right to sue a business if their non-encrypted or non-redacted personal information is subject to unauthorized access, theft, or disclosure due to the business’s failure to implement reasonable security measures. Consumers can seek damages ranging from $100 to $750 per incident or actual damages, whichever is greater.

7. Impact of CCPA on Businesses

The CCPA has significantly impacted how businesses handle personal data. Companies that meet the criteria for compliance must implement new processes to manage consumer data requests, update privacy policies, and ensure that opt-out mechanisms are functional. Many businesses have adopted more robust data management practices to avoid penalties and maintain consumer trust.

8. Amendments: The California Privacy Rights Act (CPRA)

In November 2020, California voters passed the California Privacy Rights Act (CPRA), which expands the CCPA. The CPRA adds new rights for consumers, such as the right to correct inaccurate personal data and the right to limit the use of sensitive personal information (e.g., health data, racial or ethnic origin, etc.). It also creates a new regulatory agency, the California Privacy Protection Agency (CPPA), to enforce privacy laws in the state. The CPRA will take effect on January 1, 2023, giving businesses time to adapt to the enhanced privacy framework.

Conclusion:

The CCPA represents a significant step forward in consumer privacy protection in the U.S. and has set a precedent for other states and countries to follow. It provides California residents with greater control over their personal data while requiring businesses to be more transparent and accountable. As data privacy concerns grow, businesses across the country are watching closely to see how the CCPA and similar laws will shape the future of privacy regulations.

For businesses operating in California or handling data of California residents, compliance with the CCPA is not optional—understanding and implementing the law is crucial to avoid penalties and maintain consumer trust.

The CPRA – Defined and explained

The California Privacy Rights Act (CPRA) is an amendment to the California Consumer Privacy Act (CCPA), designed to enhance and expand consumer privacy rights in California. It was approved by California voters in November 2020 and is set to take full effect on January 1, 2023. The CPRA builds on the foundation of the CCPA, introducing new protections for consumers and additional requirements for businesses that collect and use personal data.

Here’s a detailed breakdown of the CPRA:

    1. What Does the CPRA Do?

The CPRA strengthens the CCPA in several key areas:

  • New Consumer Rights: The CPRA introduces new rights for consumers, such as the right to correct inaccurate information and the right to limit the use of sensitive personal data.
  • Expanded Scope for Businesses: It imposes stricter requirements on businesses, especially those that collect or process large amounts of sensitive information.
  • Establishes a New Privacy Enforcement Agency: The CPRA creates the California Privacy Protection Agency (CPPA), which will be responsible for enforcing the law and holding businesses accountable for non-compliance.

2. Key Consumer Rights Under the CPRA

The CPRA grants consumers several expanded rights over their personal data:

  • Right to Correct: Consumers can request that businesses correct any inaccurate personal information they have collected.
  • Right to Limit Use of Sensitive Personal Information: The CPRA allows consumers to limit the use and disclosure of sensitive personal data, which includes information like social security numbers, race, health information, sexual orientation, and precise geolocation.
  • Enhanced Right to Opt-Out of Data Sharing: Consumers can opt out of the sharing of personal information for cross-context behavioral advertising, expanding the protections previously offered by the CCPA.

3. Sensitive Personal Information

One of the most significant changes brought by the CPRA is the concept of sensitive personal information. This type of data includes:

  • Social security numbers.
  • Driver’s license or passport numbers.
  • Financial account and login information.
  • Precise geolocation data.
  • Racial or ethnic origin, religious beliefs, and sexual orientation.
  • Health information. Consumers have the right to limit how businesses use and share sensitive personal information, which provides them with more control over highly private data.

4. New Obligations for Businesses

The CPRA expands businesses’ obligations concerning data collection and processing:

  • Data Minimization: Businesses must limit the collection and use of personal information to what is necessary for their stated purposes. Collecting excessive or unnecessary data is prohibited.
  • Data Retention Limits: Businesses must disclose how long they will retain personal data and cannot store information for longer than necessary.
  • Stricter Security Requirements: The CPRA requires businesses to implement stronger data security measures to protect personal data from breaches or unauthorized access.
  • Contract Requirements for Service Providers: Companies must update their contracts with service providers and contractors to ensure they comply with CPRA rules, including specific terms on data processing and security.

5. California Privacy Protection Agency (CPPA)

The CPRA creates a new state agency, the California Privacy Protection Agency (CPPA), which will:

  • Enforce the CPRA: The CPPA will have the authority to investigate potential violations and impose fines on businesses that do not comply.
  • Issue Regulations: The CPPA will create additional regulations to clarify and enforce the law.
  • Conduct Audits: The agency will be able to conduct audits to ensure companies are adhering to the law’s requirements.

6. Expanded Definition of “Sharing”

The CPRA expands the definition of “sharing” personal information to include cross-context behavioral advertising, which refers to tracking individuals across websites and services to build consumer profiles. Under the CPRA, consumers can opt-out of the sharing of their personal data for these purposes.

7. Fines for Violating Children’s Privacy

The CPRA imposes higher fines for violations involving the personal information of children under 16:

  • For violations involving children, fines can be up to $7,500 per violation, regardless of whether the violation was intentional or unintentional.

8. Timeline and Compliance

The CPRA became enforceable on January 1, 2023, but its provisions apply to data collected from January 1, 2022, onward. This gives businesses time to prepare by updating their privacy policies, data management practices, and compliance processes.

9. Differences Between the CPRA and CCPA

While the CPRA builds on the foundation laid by the CCPA, it introduces several new elements:

  • Broader Consumer Rights: The right to correct data and the right to limit the use of sensitive personal information are new under the CPRA.
  • Creation of CPPA: The CPRA establishes a dedicated agency for privacy enforcement, whereas the CCPA was enforced by the California Attorney General.
  • Stronger Data Protection Requirements: The CPRA imposes stricter requirements for data minimization and storage, aiming to limit businesses from collecting and keeping unnecessary personal information.

10. Impact on Businesses

The CPRA has raised the bar for businesses handling personal data in California. Companies that already comply with the CCPA will need to revisit their data practices to meet the new CPRA requirements, particularly regarding sensitive personal data and expanded consumer rights. Compliance will require:

  • Updating privacy policies.
  • Implementing or refining opt-out mechanisms.
  • Ensuring that service providers also adhere to CPRA rules.
  • Strengthening data security and management practices.

Conclusion:

The California Privacy Rights Act (CPRA) represents a significant step forward in data privacy protection, not just for California residents but also as a model that other states may follow. It expands consumer rights, establishes stricter obligations for businesses, and creates a dedicated enforcement agency, the CPPA, to oversee compliance. For businesses operating in California or processing data of California residents, preparing for CPRA compliance is crucial to avoid fines, legal action, and reputational damage.

As privacy laws continue to evolve, staying ahead of regulatory changes is essential for businesses. Understanding the CPRA’s impact will help ensure continued compliance in an increasingly privacy-conscious world.