On December 27, 2020, President Donald Trump signed into law a $900 billion pandemic relief bill that provides extended relief for qualified student loan borrowers. Known as the “Heroes Act,” the stimulus package is a win for borrowers seeking student loan repayment from their employers.

The initial $2.2 trillion stimulus package that Congress passed in March 2020 – the “Cares Act” –temporarily expanded Section 127 of the Internal Revenue Code (the “IRC”) to permit employers to make tax-free payments of up to $5,250 during calendar year 2020 towards employees’ qualified federal and private student loans. Prior to the Cares Act, employers were permitted under IRC Section 127 to make tax-free payments of up to $5,250 per year under an education assistance program towards an employee’s qualified educational expenses, which included, for example, tuition and books, but not student loan repayments.

The Heroes Act extends student loan assistance under IRC Section 127 for five years. Accordingly, employers may now pay employees up to $5,250 per year towards qualified educational expenses, student loan repayments (both principal and interest), or a combination of both –tax free – until December 31, 2025.

The Heroes Act further stipulates:

  • Payments must be for a qualified education loan incurred for the education of the employee (i.e., payments cannot be for the education of an employee’s spouse or children); and
  • The provisions for education-assistance programs under IRC Section 127 remain in full force. For example, employers must adopt and implement a written plan describing the tuition assistance benefit and must communicate the terms of the program to eligible employees. Additionally, no more than 5% of the amounts paid can go to shareholders and owners who own more than 5% of the company’s stock or capital.

Employers that currently provide student loan assistance with post-tax dollars, or that do not currently offer student loan assistance at all, may wish to consider taking advantage of this temporary extension as it provides a valuable, tax-advantageous benefit that will help attract, retain, and incentivize a modern workforce. Please contact Gretchen Harders or Cynthia J. Park* for assistance with implementing or adjusting current educational assistance programs.

*Law Clerk – Admission Pending

On October 1, 2020, numerous laws in Maryland providing expanded protections for both existing employees and job applicants addressing race and sex discrimination, pay equity, and wage transparency went into effect.  As we begin a new year, employers should review these new laws to ensure compliance.

Expansion of Employers’ Notification and Reporting Obligations for Workforce Layoffs

Maryland has instituted its own version of the federal Worker Adjustment and Retraining Notification (“WARN”) Act with the passage of H.B. 1018/S.B. 780. This “mini” WARN Act revises the Economic Stabilization Act (Md. Code Ann., Lab. & Empl. §§ 11-301, 11-302) (“Act”) to require private employers with 50 or more employees to provide advance written notice of a “reduction in operations” to all impacted employees, any union representatives, the Maryland Department of Labor’s Dislocated Worker Unit, and all elected officials representing impacted jurisdictions.  Covered employers must provide such notice at least 60 days before the start of any “reduction in operations,” which includes a decrease in the workforce by “at least 25% or 15 employees, whichever is greater,” over any 3-month period, as well as relocation of part of an employer’s operations to another site.

This new notice requirement is particularly relevant during the COVID-19 pandemic, when many employers have been forced to furlough or layoff portions of their workforce.  Notably, unlike the federal law, the Maryland mini-WARN Act does not include exceptions for unforeseeable business circumstances, natural disaster, or a faltering company.  The mini-WARN Act, however, does not apply to reductions in operations that result solely from labor disputes; occur in a commercial, industrial, or agricultural enterprise operated by the State; occur at construction sites or other temporary workplaces; result from seasonal factors that are determined by the Maryland Department of Labor to be customary in the industry; or result when an employer files for bankruptcy under federal bankruptcy laws.

Expansion of Maryland’s Equal Pay Law

H.B. 123 expands upon Maryland’s preexisting “equal pay for equal work” law to include a retaliation provision that bans employers from taking adverse employment action against an employee who inquires about their wages.  Specifically, an employer may not:

  • Prohibit an employee from, or retaliate against them for, inquiring about, discussing, or disclosing their own wages to another employee;
  • Prohibit an employee from, or retaliate against them for, asking about or discussing the wages of another employee;
  • Prohibit an employee from asking the employer to provide a reason for their wages;
  • Require an employee to sign a waiver or any other document that purports to deny the employee the right to disclose or discuss that employee’s wages;
  • Retaliate against an employee for discussing another employee’s wages, if those wages have been disclosed voluntarily; or
  • Retaliate against an employee for aiding or encouraging another employee’s exercise of rights under the Equal Pay for Equal Work law.

New Wage Ranges and Wage History Requirements, and Salary History Ban

The General Assembly passed H.B. 123 with the public policy aim of closing the gender and racial wage gap among employment applicants.  Upon request, employers are now required to provide job applicants with the wage range associated with the position for which the applicant has applied.  Furthermore, employers are prohibited from refusing to interview, hire, or employ an applicant because they did not provide a wage history or because they requested the wage range associated with the desired position.  Employers are also barred from seeking an applicant’s wage history from a current or former employer and from relying on an applicant’s wage history in considering the applicant for employment or setting compensation for the applicant.

Only after an employer makes an offer of employment that includes an offer of compensation may an employer rely on the wage history voluntarily given by the applicant to support a higher wage than already offered, or seek to confirm the wage history voluntarily offered by the applicant.  Moreover, the employer may rely on wage history to increase an offer of compensation only if the higher wage does not create an unlawful pay differential based on protected characteristics under Maryland’s pay equity law.

New Protections for Hairstyles and Traits Associated with Race

The passage of H.B. 1444/S.B. 531 expands the definition of “race” in Maryland’s Human Relations Title to include “traits associated with race,” specifically encompassing hair texture and “protective hairstyles.”  The law defines a “protective hairstyle” as including “braids, twists, and locks.”

In enacting this law, Maryland joins five other states that have also passed so-called “CROWN” Acts including, California, New York, New Jersey, Colorado, and Virginia.  Twenty-five additional states are in the process of enacting similar legislation.  Driving this movement is the “Crown Coalition,” an alliance of organizations that works to end hair discrimination in the workplace by promoting anti-hair discrimination laws across the United States.

Employers should update their employee handbook’s grooming and personal appearance policies to conform to these new guidelines.

Limits on Using Facial Recognition in the Hiring Process

As we previously reported, under H.B. 1202, Maryland employers are prohibited from using facial recognition services during the hiring process without the applicant’s consent.  The statute vaguely defines “facial recognition service” as “technology that analyzes facial features and is used for recognition or persistent tracking of individuals in still or video images.”  The legislation is specifically concerned with the use of a facial recognition service to create a “facial template,” which is described as a “machine-interpretable pattern of facial features that is extracted from one or more images of an individual.”

Under the law, employers cannot use facial recognition services for the purpose of creating a facial template during an applicant’s interview, unless the applicant consents.  For applicant consent to be valid, employers must obtain a signed waiver, written in “plain language,” that includes the applicant’s name, the date of the interview, a declaration of consent to the use of facial recognition during the interview, and a statement that the applicant read the consent waiver.

This law is particularly relevant to Maryland employers intending to use artificial intelligence (“AI”) powered video interview systems as part of their hiring process.  Maryland employers that intend to use facial recognition technology in job interviews should be prepared to provide adequate notice and obtain written consent from applicants.

*          *          *

Please contact Nathaniel Glasser, Anastasia Regne, Eric Emanuelson, or Jenna Russell* for assistance with questions regarding compliance with these new Maryland employment discrimination laws.

*Law Clerk – Admission Pending

As featured in #WorkforceWednesday:  With President-Elect Biden’s inauguration next week, and the Democrats taking a narrow majority in both houses of Congress, we’re likely to see shifts in policy at the agencies that regulate employment. Attorney Robert O’Hara discusses what we’re likely to see coming out of the EEOC in the near term, and how the change in party control could affect the agency moving forward.

Video: YouTubeVimeo.

The California Privacy Rights Act (“CPRA”) leaps forward on cybersecurity by amending the California Consumer Privacy Act (“CCPA”) to impose enhanced protections. The CPRA enhancements apply to “for profit” companies and other organizations: (a) with more than $25 million in gross revenues in the preceding calendar year, or (b) that annually buy, sell or share the personal information of 100,000 or more consumers or households, or (c) that derive at least 50 percent of their annual revenue from selling or sharing consumer personal information (“businesses”).[1] Those businesses must:

  • provide reasonable cybersecurity safeguards for all categories of personal information;
  • conduct annual cybersecurity audits and make regulatory filings of risk assessments with the newly created California Privacy Protection Agency if the processing of personal information presents a significant risk to consumers’ privacy or security; and
  • require contractual clauses and other safeguards to address supply chain security and privacy risks when they transfer, share or otherwise disclose personal information to their vendors and other third parties.

The CPRA also:

  • imposes breach liability subject to a private right of action and statutory damages for failures to reasonably protect an individual’s email in combination with a password or security question and answer permitting access to an online account (i.e., login credentials); and
  • removes 30 day safe harbors for organizations attempting to insulate themselves after the fact from statutory damages or fines by implementing cybersecurity safeguards following a data breach or following a notice of noncompliance.

The CPRA becomes effective on January 1, 2023, except for requests by consumers to access their data, which will “look back” to data collected by the business on or after an earlier January 1, 2022 effective date.[2] Businesses should plan now to address these enhanced requirements because the effective implementation of operational and contractual processes will require significant lead time (just as with the ramp up to the May 25, 2018 effective date of the requirements of the European Union’s General Data Protection Regulation (“GDPR”)). One important consideration for businesses is how they will meet these new safeguards requirements in connection with internal and third party systems, services, and applications collecting or processing categories of personal data of California residents beyond social security numbers, credit/debit card numbers and similar private data. The amendments will impact the duties of the workforce responsible for developing customer products, technologies and services, or who otherwise handle individually identifiable customer information, as well as information technology professionals and auditors responsible for cybersecurity. Retail, hospitality, online and other businesses that broadly collect personal information of their California customers will be among the businesses impacted by the new cybersecurity requirements.

Reasonable Safeguards Requirement For All Categories Of Personal Information: The obligation to implement reasonable cybersecurity safeguards is expressly extended under the CPRA beyond the current obligation to protect social security numbers and other private information (such as drivers’ license numbers, other government identifiers, and medical, biometric and other information defined under Cal. Civ. Code §1798.81.5) to include all categories of personal information. The CPRA mandates that it is a “responsibility” of businesses to “take reasonable precautions to protect consumers’ personal information from a security breach.” CPRA §B(6). The CPRA further expressly requires as an affirmative “obligation” that a business that “collects a consumer’s personal information shall implement reasonable security procedures and practices appropriate to the nature of the personal information to protect the personal information from unauthorized or illegal access, destruction, use, modification or disclosure in accordance with Section 1798.81.5.” CPRA §1798.100(e). Businesses will need to consider how to reasonably protect any and all individually identifiable information that under the CCPA’s broad definition identifies, relates to, describes or is reasonably capable of being associated with, or could be linked, directly or indirectly, with a particular individual or household. Cal. Civ. Code §1798.140(o)(1). The CPRA’s inclusion of all categories of personal information under an express affirmative obligation to implement reasonable cybersecurity safeguards brings California in lockstep with the EU’s GDPR requirement mandating appropriate risk based safeguards for all personal data. The expanded coverage will require businesses to identify all categories of personal information collected or processed for their customers, the information systems that collect or process this wider scope of data, the staff that handles those processes, and a risk based determination of the reasonable safeguards needed to protect the information from unauthorized access and other security threats.

Risk Assessments and Cybersecurity Audits Required For Businesses Whose Data Practices Present A “Significant Risk” To Consumers’ Privacy or Security: The CPRA provides for the issuance of regulations requiring the performance of an annual cybersecurity audit (upon the effective date) by those businesses whose processing present a “significant risk” to privacy or security “including defining the scope of the audit and establishing a process to ensure that audits are thorough and independent.” CPRA §1798.185(a)(15)(A) (emphasis added). The CPRA provides for the regulations to list those “factors to be considered in determining when processing may result in significant risk to the security of personal information [and] shall include the size and complexity of the business and the nature and scope of processing activities.” At a minimum, businesses that collect “sensitive personal information” under the CPRA’s new definition are likely to fall within the audit requirement because of the foreseeable adverse consequences of a breach. “‘Sensitive personal information’ means: . . . (A) a consumer’s social security, driver’s license, state identification card, or passport number; (B) a consumer’s account log-In, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) a consumer’s precise geolocation; (D) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication; (F) a consumer’s genetic data; and (2)(A) the processing of biometric information for the purpose of uniquely identifying a consumer; (B) personal information collected and analyzed concerning a consumer’s health; or (C) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.” CPRA §1798.140(ae). The requirement of an “independent” and “thorough” audit is a significant safeguard. Whatever the particulars flushed out by future regulations, the requirement of an audit function that must be independent and thorough will require robust corporate processes for auditing cybersecurity safeguards as to systems, applications and workers that collect or process “significant risk” data supported by policies and procedures.

The CPRA also requires that business engaged in this “significant risk” processing be subject to regulations requiring the filing with the California Privacy Protection Agency “on a regular basis a risk assessment with respect to their processing of personal information, including whether the processing involves sensitive personal information, and identifying and weighing the benefits resulting from the processing to the business, the consumer, other stakeholders, and the public, against the potential risks to the rights of the consumer associated with such processing, with the goal of restricting or prohibiting such processing if the risks to privacy of the consumer outweigh the benefits resulting from processing to the consumer, the business, other stakeholders, and the public.” CPRA §1798.185(a)(15)(B). Risk assessments are a foundational best practice for an effective information security program that are required under certain statutory schemes, including the NY SHIELD Act and HIPAA. The requirement, however, that the actual risk assessment be subject to regularized governmental filing and regulatory oversight is a significant development. Organizations should begin now to identify their higher risk processing activities and consider the sufficiency of their risk assessments of these practices using a defensible risk assessment framework (e.g., NIST).

Contractual and Other Safeguards Required For Sharing Personal Information With Third Parties: A business must include, inter alia, in its contracts with third parties, service providers or contractors with whom it shares personal information that the receiving party (i) comply with “applicable obligations under this title” (including reasonable safeguards), (ii) “obligate those persons to provide the same level of privacy protection as is required by this title,” and (iii) grant the business the right to take reasonable steps to stop and remediate unauthorized use. CPRA §1798.100(d). In addition, the contract must include a requirement that the third party, service provider, or contractor notify the business if it makes a determination that it “can no longer meet its obligations” to comply with the privacy and cybersecurity obligations. This last requirement mirrors recent guidance under the GDPR in connection with cross-border data transfers including use of contractual safeguards for the data importer to provide prompt advance notice to the data exporter of its inability to comply with its contractual commitments and meet an “essentially equivalent level of data protection.” Businesses that disclose or transfer personal information to other organizations should begin to look now at those contractual agreements and consider modifications or addendums. These agreements, for example, may renew in advance of the January 1, 2023 effective date but apply to data collected or processed on or after the effective date, or govern data practices after January 1, 2022 that may be subject to a future consumer access request.

Expanded Breach Liability And Elimination Of 30-Day Cure Periods: The CPRA now provides for a private right of action and statutory minimum damages for the unauthorized access and exfiltration, theft or disclosure of consumer log-in information as a result of the business’s violation of the duty to implement and maintain reasonable cybersecurity practices. CPRA §1798.150(a)(1).[3] Moreover, for any breach subject to the private right of action, the CPRA provides that “the implementation and maintenance of reasonable security procedures and practices pursuant to Section 1798.81.5 in the 30 day period following notice of a breach does not constitute a cure with respect to that breach.” CPRA §1798.150(b) (emphasis added). Violations that did not result in a breach remain curable within the 30-day notice period. CPRA §1798.150(b). Similarly, the CCPA’s provision providing that a business may avoid a violation and administrative fines if it cures any alleged violation within 30 days after being notified of any alleged noncompliance has been eliminated. CPRA §1798.155. Future litigation and administrative enforcement actions will include a focus on the CPRA’s affirmative obligation to provide preventative reasonable safeguards for all categories of personal information in advance of a breach or alleged violation. CPRA §1798.100(e). Administrative fines under the CPRA remain significant — $2,500 for each violation and $7,500 for each intentional violation. CPRA §1798.155.

Businesses should plan now for compliance while watching for regulatory clarification in advance of the effective date. Planning for compliance should include an analysis of supply chain, internal system and workforce risks to all categories of personal information. Organizations should consider the need for contractual safeguards, as well as determine the cybersecurity safeguards and risk assessment and audit processes that may need to be adopted in light of the CPRA’s enhancements to the CCPA. Any questions regarding the CPRA or CCPA may be directed to Brian G. Cesaratto or another member of EBG’s Privacy, Cybersecurity, and Data Asset Management Group.

[1] The CPRA increased coverage thresholds result in reduced applicability of the law to more small and midsize businesses from the CCPA.

[2] The CPRA extends the moratorium on applicability of certain CCPA provisions to employee data and business to business (B2B) communications from January 1, 2022 (AB1281) to January 1, 2023.

[3] California law (Cal. Civ. Code §1798.81.5) contains an existing obligation to use reasonable safeguards for consumer login credentials, i.e., an “email address in combination with a password or security question and answer that would permit access to an online account.”

As of December 29, 2020, Michigan employers are no longer required to permit employees to self-quarantine for up to 14 days due to alleged close contact with an individual displaying COVID-19 symptoms. Recent amendments to Michigan’s Anti-Retaliation COVID-19 law reflect updated CDC guidance reducing the recommended length of quarantine for individuals who suspect exposure to COVID-19. Previous CDC guidance recommended that individuals quarantine for up to 14 days following close contact with an individual displaying COVID-19 symptoms. Now, the CDC recommends a 10-day quarantine, without testing or symptoms, and a 7-day quarantine with a negative diagnostic test and no symptoms, following close contact with an individual who tested positive for COVID-19. The law still prohibits employers from taking adverse action against employees who are absent from work due to COVID-19.

In addition, the amendments add energy industry workers, who perform essential energy services to the list of exempted employees, which initially included health care workers, first responders, caregivers, and correctional employees. Employers may require exempted employees to participate in onsite operations when necessary, provided the individuals are not experiencing symptoms and have not tested positive for COVID-19. The law also permits the Michigan Department of Health and Human Services to exempt workers identified as “necessary to ensure the continuation of essential public health services, or to avoid serious harm or danger to public health or public safety.”

On October 30, 2020, the Department of Labor (DOL) adopted the Final Rule amending the Investment Duties DOL Regulation, §2550.404a-1, which governs the obligations of ERISA fiduciaries when selecting investments for ERISA plans.  The Final Rule made several changes to the June 2020 Proposed Rule, which proposed to define the duties of fiduciaries when considering investments that promote environmental, social, and corporate governance goals (ESG investments).  As reported here, DOL received extensive and largely negative comments to the Proposed Rule and most of the objections concerned the treatment of ESG investments.

DOL responded by eliminating references to ESG and ESG investing from the text of the Final Rule.  However, DOL’s News Release stated that it issued the Final Rule “to provide clear regulatory guideposts” for ERISA fiduciaries to address recent trends in involving ESG investing.  Further, DOL’s explanatory comments, which accompanied the Final Rule, remind fiduciaries that “plan assets may never be enlisted in pursuit of other social or environmental objectives at the expense of ERISA’s fundamental purpose of providing secure and valuable retirement benefits.”  85 Fed. Reg. at 72848.  Thus, although the Final Rule does not mention ESG investing, it is clearly intended to govern the use of ESG investments in ERISA plans.

A. The Final Rule Expressly Reflects ERISA’s Duty of Loyalty

The Final Rule clarifies that ERISA’s duty of loyalty, which requires a fiduciary to act solely in the interest of plan participants and beneficiaries for the exclusive purpose of providing benefits and defraying expenses, applies to the evaluation of investments and investment courses of action.  The Final Rule therefore states that the duty of loyalty forbids ERISA fiduciaries from sacrificing investment returns or taking additional risks to promote non-pecuniary goals.  Thus, ERISA fiduciaries may not select ESG investments to promote any goal other than ensuring financial benefits for plan participants.

B. Fiduciaries Must Rely on Pecuniary Factors to Evaluate Investment and Investment Courses of Action

The Final Rule requires fiduciaries to evaluate investments and investment courses of action based only on “pecuniary factors,” except when two investment alternatives are indistinguishable based on pecuniary factors.  The Final Rule defines a pecuniary factor as a factor that a fiduciary prudently determines is expected to have a “material effect on the risk and/or return of an investment.”

In the unlikely event that fiduciaries cannot distinguish between investments based upon their pecuniary characteristics, the Final Rule permits fiduciaries to consider ESG factors as “tie-breakers,” provided they perform and document an analysis, which is similar to the “tie-breaker” analysis required by DOL’s prior guidance.  Fiduciaries who rely on “non-pecuniary” factors as tie-breakers between indistinguishable investments must document:  (i) why they were unable to choose an investment based on pecuniary factors alone; (ii) how the selected investment compares to alternative investments with respect to:  (a) considerations of portfolio diversification, (b) the liquidity and rate of return relative to cash flow requirements, and (c) the rate of return relative to funding objectives; and (iii) how the non-pecuniary factor is consistent with plan participants’ interest in retirement income or other financial benefits.  Thus, fiduciaries must explain how the ESG factor serves the financial interest of the plan, and should avoid any justification based on the societal benefits of ESG.

However, DOL’s Comments also acknowledge that ESG factors may be pecuniary factors and the Final Rule does not require documentation of the decision to rely on pecuniary ESG factors when selecting investments.  New York’s comptroller recently provided an example of treating ESG factors as pecuniary when he explained that New York intended to drop fossil fuel stocks from its pension fund to ensure long-term investment returns.  Although DOL’s Comments caution fiduciaries against hastily treating ESG factors as pecuniary factors, they also emphasize that the Final Rule does not single out ESG investing.  According to DOL, the Final Rule should not “inappropriately chill” fiduciaries from considering ESG investments when the ESG factors “can be shown to be pecuniary.”

In sum, ERISA fiduciaries should proceed with caution when selecting ESG investments and document how such investments serve the financial interests of participants and beneficiaries.  Regardless of whether fiduciaries view ESG characteristics as pecuniary factors or “tie-breakers,” they should document their analysis and their reasons for choosing ESG investments.  Given the prevalence of ERISA litigation, fiduciaries should consider consulting both their counsel and investment advisor because poor documentation may bolster breach of fiduciary duty claims.

C. Special Considerations for Participant-Directed Individual Account Plans

The Final Rule also requires fiduciaries to act solely in the interest of plan participants and to rely on pecuniary factors when selecting or retaining investment options for participant-directed individual account plans.  Thus, the Final Rule permits plan fiduciaries to include investment options that produce “socially desirable” goals, but only if the investment can be justified solely based on pecuniary factors.  Although participant preference for ESG investments is not a pecuniary factor, fiduciaries may consider preferences as part of a tie-breaker analysis.

DOL’s Comments advise fiduciaries to “carefully review” any prospectus or investment disclosure for ESG statements and to “be particularly cautious in exercising their due diligence obligation” when such disclosures refer to non-pecuniary factors in the statement of fund objectives or investment strategies.  However, these obligations do not apply to investment options available through to “brokerage windows,” “self-directed brokerage accounts,” or other arrangements that allow participants to select investments beyond those designated by the plan.

D. Special Considerations for Qualified Default Investment Alternatives (QDIAs)

 Finally, the Final Rule prohibits fiduciaries from designating as a QDIA any investment that has a “non-pecuniary” objective or investment strategy.  Specifically, fiduciaries may not identify an investment as a QDIA if its objective or principal investment strategy includes a non-financial goal.  The Final Rule also prohibits identifying as QDIAs, any fund that uses “screening strategies,” which prohibit investing in sectors such as fossil fuels, weapons or gaming.  DOL provided special treatment for QDIAs because they help ensure the retirement savings of plan participants who do not make affirmative investment election and fiduciaries are shielded from liability for investment outcomes when the fiduciary invests a participant’s assets in a QDIA.

E. Effective Dates and Conclusion

The Final Rule becomes effective January 13, 2021, and governs only investments made and investment courses of action taken after that date.  Further, it gives plans until April 30, 2022 to make any changes to QDIAs.  Given the popularity of ESG investing, the resources of the relevant stakeholders, and the upcoming change in administration, the future of the Final Rule is unclear.  Indeed, as reported here, and here, Congressman Andy Levin (D-Michigan) has  announced his intention to draft legislation that requires plan fiduciaries to consider ESG criteria in their plan investment policies.  Further, if large pension funds follow New York’s example, it will be easier to justify ESG factors as pecuniary factors. Thus, fiduciaries should monitor legislative developments, court proceedings, and investing trends that may affect the permissibility of ESG investing.

 

As many employers approach their one-year anniversary of working from home, it is obvious that the COVID-19 pandemic has permanently changed both how and where we work. By 2025, an estimated 36.2 million Americans will be working remotely—a staggering 87% increase from pre-pandemic levels.  Moreover, surveys reveal that company leaders plan to permit employees to work from home at least part of the time upon reopening their offices. However, a remote workforce poses a challenge for employers that must display certain notices and posters in their workplaces to advise employees of their rights under federal, state, and local employment laws.

In response to this widespread shift to remote work, on December 29, 2020, the U.S. Department of Labor issued Field Assistance Bulletin No. 2020-7 (the “DOL Guidance”), which clarifies how employers may comply with federal notice and posting requirements in a remote environment.

Employers should keep three core issues in mind:

“Post and Keep Posted” vs. Individual Notices

The DOL Guidance distinguishes between notices that must be continually posted (“Postings”) from those that have to be provided once to each employee individually (“Notices”). For federal laws requiring employers to post Postings “at all times,” (e.g., the Fair Labor Standards Act and Family and Medical Leave Act), employers will not fulfill their notice obligations by simply issuing a one-time direct mailing or other single notice to employees. Rather, the DOL Guidance states that an electronic posting constitutes a sufficient substitute for a Posting requirement only where:

  1. ALL employees work exclusively from home;
  2. ALL employees customarily receive information from the employer electronically; and
  3. ALL employees have readily available access to the electronic posting at all times.

If an employer has some employees on-site and others working remotely on a full-time basis, the employer may supplement a hard-copy Posting with an electronic Posting. The DOL encourages both forms of Posting under such circumstances.

Conversely, for federal statutes or regulations requiring individual Notices, employers may satisfy the Notice requirement by email or other electronic delivery, so long as employees customarily receive such information from the employer by such method.  This is consistent with existing DOL regulations, which allow electronic delivery of required Notices only where employees already regularly use such electronic communications.

Electronic Postings Must be as Effective as Hard-Copy Posting

With regard to federal worksite Posting requirements, the DOL Guidance offers a clear rule: an electronic Posting, whether by intranet site, shared network drive, or file system Posting, must be as effective as a hard-copy Posting. A number of federal laws require employers to display Postings where they can be readily seen by employees and applicants. Such rules remain in full effect with respect to electronic Postings.

As the DOL Guidance explains, employers must take reasonable steps to ensure employees are capable of accessing the electronic Posting without having to specifically request permission to view the Posting or access a computer. Posting a notice on a company website or intranet is not sufficient unless the employer already posts similar Postings in such a manner on a regular basis. As the DOL provides in the Guidance, posting on an unknown or little-known website is the equivalent of posting a hard-copy Posting in an inconspicuous location and fails to meet the federal requirements.

Finally, the DOL reminds employers to take reasonable steps to inform employees of where and how to access the required Postings to remain in compliance. Employees should be capable of easily determining which electronic Posting is applicable to them and their worksite.

Do Not Forget State and Local Notice and Posting Requirements

Although the DOL Guidance applies only to federal notice and posting requirements, employers should remember that many states and cities have additional notice and posting requirements with which they must also comply. For example, New York’s Department of Labor requires certain posters for minimum wage information, job safety and health protection, and the like. California requires employers to post information related to medical leave and pregnancy disability leave, minimum wage, and workplace discrimination and harassment. Should a state or local agency provide conflicting instructions regarding electronic notices and posting, employers should follow such guidance with regard to the state and local notices and posters.

Please contact Susan Gross Sholinsky, Eric I. Emanuelson, Jr., or Cynthia J. Park* for assistance with questions regarding the DOL Guidance or compliance with state and/or local Notice or Posting requirements.

*Law Clerk – Admission Pending

As featured in #WorkforceWednesday:  The past year tested our resilience, and COVID-19 forced everyone to think creatively and adapt quickly. Nowhere was that seen more clearly than in the workplace. See our video featuring attorneys Brian Cesaratto, Denise Dadika, Nathaniel Glasser, RyAnn McKay Hooper, Shawndra Jones, Cassandra Labbees, Robert O’Hara, and George Carroll Whipple.

Video: YouTubeVimeo.

On November 16, 2020, the Russian government approved new rules increasing the rates of remuneration employers must pay employees for their inventions, utility models and industrial designs (the “Rules”).  The Rules will be effective from January 1, 2021 until January 1, 2027.

Employers’ Rights to Their Employees’ Patentable Objects and Employees’ Entitlement to Remuneration

In Russia, the exclusive rights to patentable objects (e.g., inventions, utility models and industrial designs) that employees create as part of their employment duties or as a specific task for their employer generally belong to employers.  To obtain exclusive rights to an employee’s patentable objects, the employee’s duties must first be sufficiently formalized (e.g., in the employee’s employment contract or job description).  Then, after being notified of the employee’s invention or other patentable object, the employer must (i) file a patent application for the employee’s patentable object, or (ii) transfer the right to obtain the patent to a third party or (iii) within four months of the date of notification, inform the employee that the patentable object is considered a secret.  Once the employer has satisfied one of the above three actions, the employee will be entitled to remuneration from the employer.  The remuneration may not be included in the employee’s salary and must be paid separately.

Remuneration Increases Under the Rules

In 2014, the Russian government established procedures, rates and terms of payment of the remuneration payment for employees’ inventions and other patentable objects.  The Rules increase the rates of the remuneration as follows:

  • For inventions: remuneration has increased to three months’ average salary (from one month); and
  • For utility models and industrial designs: remuneration has increased to two months’ average salary (from one month).

After each year in which the employer has used an employee’s invention, such remuneration must be paid within one month.  If employers and employees have not already established the remuneration payment amount, conditions and procedure in a formal agreement, the new Rules will apply to employers and employees’ relationship.

Best Practices

In light of the new Rules, employers doing business in Russia should review their existing employment agreements and job descriptions to confirm employees’ responsibilities for the creation of inventions.  Employers that do not already have such documentation should formalize employment agreements and job descriptions to ensure that exclusive rights provisions are included.  In addition, employers should establish a system and procedure for tracking employee inventions and other patentable objects, which, among other things, documents the date employee(s) created the patentable object, the date the employer was informed of the patentable object’s creation, the date the employer completed one of the above three required actions with respect to newly created patentable objects, the deadline for when remuneration payments must be made to employees, and the date such payments were made.

In addition, employers must ensure that the remuneration is paid separately from employees’ salary, for example by showing the payment on a separate line on the employee’s pay slips.  To avoid disputes, employers also should formalize the amount of remuneration due in an agreement with the employee.

We continue to monitor developments that affect the employer-employee relationship across jurisdictions outside the United States.