Contact Us: 844-466-7225

California Employee Privacy Notice

Effective Date: January 1, 2020

Last Reviewed on: December 29, 2019

NORCAL Mutual Insurance Company and its affiliates (“NORCAL Group”, “we” or “us”) are committed to protecting the privacy of the individuals we encounter in conducting our business. This California Employee Privacy Notice, which can be found at, supplements the information contained in NORCAL Group’s Privacy Policy, which can be found at, and applies solely to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals (“employment-related consumers” or “you”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.


We collect information that identifies, describes, or is reasonably capable of being linked with a particular person (“personal information”). Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA); and
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA).

In particular, we have collected the following categories of personal information from employment-related consumers within the last twelve (12) months:



A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

(Some personal information included in this category may overlap with other categories.)

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information.

D. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

E. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

F. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information, including audio and visual recordings of meetings.

G. Professional or employment-related information.

Current or past job history or performance evaluations.

H. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

I. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.


We may use each of the categories of personal information we collect for one or more of the following purposes:

  1. To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to apply for a position with NORCAL Group, we will use that personal information to respond to your application. If you provide your personal information to set up ACH payment of your salary or expense reimbursements, we will use that information to process your pay or reimbursement. We may also save your information to facilitate new transactions.

  2. To create, maintain, customize, and secure your NORCAL Group account. For example, your personal information may be used for user identification and authentication.

  3. To process payments and other transactions, and to prevent transactional fraud. For example, your personal information may be used for benefits and payroll administration. In order to prevent fraud, we may also use an employee’s personal information to support the accounts payable function, including to process checks, or for the company credit card program.

  4. To help maintain the safety, security, and integrity of our network, websites, databases and other technology assets, office locations, and business. For example, your personal information may be used during security penetration testing or during security awareness, education, and phishing campaigns. We may also use your personal information to support building security needs. Personal information may also be used to track certain work activities for auditing purposes (e.g., identification of person who made a change to a Claims file).

  5. To comply with applicable legal and regulatory requirements. For example, your personal information may be used to complete and submit regulatory filings. We may also use personal information to assist with employee licensing matters.

  6. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

  7. To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

  8. As otherwise described to you when collecting your personal information or as set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.


We reserve the right to amend this California Employee Privacy Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on our website and update the Notice’s effective date.


If you have any questions or comments about this Notice, the ways in which NORCAL Group collects and uses your information, or your choices and rights regarding such use, or if you would like to request access to this Notice in an alternative format, please do not hesitate to contact us at:

Phone: 844.4NORCAL (844.466.7225)

Postal Address:
Attn: Compliance & Legal Dept.
P.O. Box 2080
Mechanicsburg, PA 17055