What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@gusto.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacy@gusto.com requesting deletion of your personal data held by Gusto. Specify that you are requesting deletion under CCPA/CPRA if you are a California resident, or state your applicable jurisdiction.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces GLBA Safeguards Rule compliance and FTC Act Section 5 unfair/deceptive practices for companies handling sensitive financial data like SSNs and bank account numbers.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'CFPB', 'reason': 'The CFPB has supervisory and enforcement authority over financial data practices related to payroll, banking, and consumer financial information.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}

What is the severity of this clause?

ConductAtlas classifies this Collection of Sensitive Financial and Payroll Data clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Collection of Sensitive Financial and Payroll Data — Gusto

Share 𝕏 Share in Share 🔒 PDF

What it is

Gusto collects your most sensitive personal information — including your Social Security number, bank account details, salary, and tax records — as part of running payroll and HR services for your employer.

Clause Stability Highly Volatile

Change

Month Monitored

Apr 28, 2026

First Seen

Apr 28, 2026

Last Seen

This clause has changed once in 1 month of monitoring.

Change history

added Apr 29, 2026

This provision consolidates multiple high-risk data categories (SSN, financial accounts, tax records) into a single high-severity provision with specific enumeration of sensitive data types.

View full change record →

Consumer impact (what this means for users)

Employees who use Gusto through their employer have their SSN, bank account numbers, salary, and health information held by Gusto — data categories that carry the highest risk of harm if disclosed to unauthorized parties.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Email privacy@gusto.com requesting deletion of your personal data held by Gusto. Specify that you are requesting deletion under CCPA/CPRA if you are a California resident, or state your applicable jurisdiction.

Cross-platform context

See how other platforms handle Collection of Sensitive Financial and Payroll Data and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This data is among the most sensitive that exists; if misused, disclosed, or breached, it can result in identity theft, financial fraud, and tax fraud directly affecting individual employees.

View original clause language

Gusto collects personal information including Social Security numbers, bank account information, payroll data, tax records, and health benefits information in the course of providing its HR and payroll services to employers and their employees.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Collection and processing of SSNs, bank account data, and payroll records engages the Gramm-Leach-Bliley Act (GLBA, 15 U.S.C. §6801 et seq.) enforced by the FTC, requiring privacy notices and safeguards. Health benefits data may trigger HIPAA (45 CFR Parts 160, 164) if Gusto qualifies as a business associate. CCPA/CPRA (Cal. Civ. Code §1798.140) classifies SSNs and financial account numbers as 'sensitive personal information' subject to enhanced disclosure, opt-out, and use limitation rights, enforced by the CPPA. FTC Act Section 5 prohibits unfair or deceptive data security practices. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC enforces GLBA Safeguards Rule compliance and FTC Act Section 5 unfair/deceptive practices for companies handling sensitive financial data like SSNs and bank account numbers.
File a complaint →
CFPB

The CFPB has supervisory and enforcement authority over financial data practices related to payroll, banking, and consumer financial information.
File a complaint →

Provision details

Document information

Document

Gusto Privacy Policy

Entity

Gusto

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003666

Document ID

CA-D-00294

Evidence Provenance

Source URL

https://gusto.com/about/privacy

Wayback Machine

View archived versions →

SHA-256

d6e7cfbbde265012f8586fe6121a9e92a0ebc041ed4ea1611b6f921b07b3be2a

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Gusto | Document: Gusto Privacy Policy | Record: CA-P-003666
Captured: 2026-04-28 04:53:53 UTC | SHA-256: d6e7cfbbde265012…
URL: https://conductatlas.com/platform/gusto/gusto-privacy-policy/collection-of-sensitive-financial-and-payroll-data/
Accessed: May 2, 2026

Classification

Severity

High

Collection of Sensitive Financial and Payroll Data