Workforce Bulletin

On October 30, 2023, President Joe Biden signed his Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI EO), which addresses artificial intelligence issues, including safety, security, privacy, civil rights, immigration, and health care.  The White House also released a companion Fact Sheet summarizing the AI EO (the “Fact Sheet”).  Later in the week, on November 1, 2023, the White House announced that the Office of Management and Budget will release for comment a new draft policy on Advancing Governance, Innovation, and ...

On July 13, 2023, the White House issued the first iteration of its National Cybersecurity Strategy Implementation Plan (the “Implementation Plan”), which will be updated annually. The two overarching goals of the Implementation Plan are to address the need for more capable actors in cyberspace to bear more of the responsibility for cybersecurity and to increase incentives to make investments in long-term resilience. The Implementation Plan is structured around the five pillars laid out in the White House’s National Cybersecurity Strategy earlier this year, namely: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. The Implementation Plan identifies strategic objectives and high-impact cybersecurity initiatives under each pillar and designates the federal agency responsible for leading the initiative to meet each objective. The following summarizes some of the key initiatives included in the Implementation Plan that will directly impact critical infrastructure organizations, including healthcare, energy, manufacturing, information technology and financial services.

As reported in a June 3, 2022 press release from the House Committee on Energy and Commerce, U.S. Representatives Frank Pallone, Cathy McMorris Rodgers, and Senator Roger Wicker released a “discussion draft” of a federal data privacy bill entitled the “American Data Privacy and Protection Act” (the “Draft Bill”), which would impact the data privacy and cybersecurity practices of virtually every business and not-for-profit organization in the United States.

As further described below, the Draft Bill’s highlights include: (i) a comprehensive nationwide data privacy framework; (ii) preemption of state data privacy laws, with some exceptions; (iii) a private right of action after four (4) years, subject to the individual’s prior notice to the Federal Trade Commission (“FTC”) and applicable state attorney general before commencement of lawsuit; (iv) exemptions for covered entities that are in compliance with other federal privacy regimes such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Gramm-Leach Bliley Act (“GLBA”) solely with respect to data covered by those statutes; (v) exclusions from Act’s requirements for certain “employee data”; and (vi) a requirement for implementation of reasonable administrative, technical and physical safeguards to protect covered data. The Draft Bill would be enforced by the FTC, and violations treated as unfair or deceptive trade practices under the Federal Trade Commission Act, as well as by state attorneys general.

Recent data thefts and systems intrusions, particularly with respect to ransomware, have assured that cybersecurity is top of mind for corporate executives and compliance officials. We at EBG have tried to keep you up to date with respect to legislative, regulatory and litigation developments and recommended best practices and procedures.

As we close out the year, we all should remain mindful that cyber criminals, especially those who are supported or protected by foreign adversaries, have little incentive to rest up during the holidays.

Our Employee Benefits and Executive Compensation practice now offers on-demand “crash courses” on diverse topics. You can access these courses on your own schedule. Keep up to date with the latest trends in benefits and compensation, or obtain an overview of an important topic addressing your programs.

In each compact, 15-minute installment, a member of our team will guide you through a topic. This on-demand series should be of interest to all employers that sponsor benefits and compensation programs.

In our newest installment, Tzvia Feiertag, Member of the ...

The recently proposed amendment to the California Consumer Privacy Act (CCPA) should be a wake up call to those employers who are not already actively planning for the January 1, 2020 compliance deadline.

The amendment reaffirms that employers must (i) provide employees with notice of the categories of personal information collected and the purposes for which the information shall be used at or before collection; and (ii) implement reasonable cybersecurity safeguards to protect certain employee personal information or risk employee lawsuits, including class actions seeking ...

Increasingly companies are using third-party digital hiring platforms to recruit and select job applicants.  These products, explicitly or implicitly, promise to reduce or eliminate the bias of hiring managers in making selection decisions.  Instead, the platforms grade applicants based on a variety of purportedly objective factors.  For example, a platform may scan thousands of resumes and select applicants based on education level, work experience, or interests, or rank applicants based on their performance on an aptitude test – whatever data point(s) the platform has been ...

Our colleague Michelle Capezza of Epstein Becker Green authored an article in Confero, titled “Managing Employee Benefits in the Face of Technological Change.”

Following is an excerpt - click here to download the full article in PDF format:

There are many employee benefits challenges facing employers today, from determining the scope and scale of traditional benefits programs to offer that will attract, motivate and retain multigenerational employees, to embracing new models for defining and providing benefits, while simultaneously managing costs. In the midst of ...

Howard Gerver is a self-proclaimed human capital data geek.  His “day job” specializes in finding innovative and practical ways to save money by identifying “golden nuggets” mined from Big HR Data sets, such as claims and human capital data.  A lot of this work includes analytics, claim auditing and eligibility auditing.  His “nights and weekend” job focuses on helping clients leverage their HR, Benefits, Leave and Time & Attendance data to help improve compliance with the Affordable Care Act (Obamacare).   Throughout his career, he has focused on improving the ...

Virginia has now joined the chorus of jurisdictions that ban social media snooping by employers.  As we previously reported here and here, in a growing trend a number of states prohibit employers from requiring prospective or current employees to provide access to their social media accounts during the hiring process.  On March 7, 2015, the Virginia legislature passed H. 2081, a law prohibiting employers from asking or requiring employees or applicants (1) to disclose the username and password to their social media accounts, and (2) to add an employer to the list of contacts ...

By Steven C. Sheinberg, General Counsel of the Anti-Defamation League & Guest TMT blogger.*

A recent McKinsey report on twelve “disruptive” technologies included four that will fundamentally transform how employers relate to their employees: mobile Internet, automation of knowledge work, the Internet of things and cloud computing. I would add to the list three results of these technologies: big-data, cybercrime and privacy.

From an employment law perspective, the common element here is data – data that flows to, is stored by, and is used (or misused) by employers, third ...

By Anna A. Cohen and Nancy L. Gunzenhauser

As an increasing number of employers use social media to screen prospective employees and to monitor the activities of current employees, several states have enacted social media privacy laws, including Arkansas, California, Colorado, Illinois, Maryland, Michigan, Nevada, New Jersey, New Mexico, Utah and Washington.  Oregon joins those states in 2014. 

Oregon’s new law is highly protective of employee and applicant privacy.  Employers in Oregon are prohibited from requesting that an employee or applicant disclose a username or ...