BCLP At Work

Main Content

The CCPA: Employee Data Requirements May Be Delayed, But Do Not Appear to be Going Away

July 12, 2019

Categories

Action is currently underway to amend the California Consumer Privacy Act (“CCPA”) to provide employers an additional year to comply with the CCPA with respect to employee data of California-based employees.

The California Senate Judiciary Committee has passed AB-25, an amendment to the CCPA that would delay most of the compliance obligations for employee data until January 1, 2021. Specifically, the amendment provides that employees are not “consumers” for most purposes of the statute until January 1, 2021.

If the legislature passes the bill, the CCPA will still apply to employers with California-based employees in the following ways, effective January 1, 2020:

  • Employees will be able to sue employers for a data breach involving their unencrypted data
  • Employers must provide a notice to employees describing the categories of employee information collected, used and disclosed by the employer.

While there have been many predictions that the CCPA would be amended to remove employee data from the requirements of the statute altogether, if the California state legislature approves the bill amending the CCPA, the effect will be to simply delay the compliance obligations for employers for a year.

For now the bill is with the Senate Appropriations Committee for hearing and another round of voting.  Assuming Appropriations votes to pass the bill, it will go to the Floor for a vote.  The Appropriations Committee has until August 30th to vote on bills.

BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols

What Employers Need to Know about New York State’s New Discrimination and Harassment Laws

In 2018, in response to the #MeToo and #TimesUp movements, New York State enacted laws to provide stronger protections against workplace sexual harassment, including mandating that New York employers have a complaint and investigation process and a sexual harassment policy, and provide their employees with training.

On June 19, 2019, the New York Legislature voted to further reform New York law and to extend protections under the New York State Human Rights Law (“NYSHRL”) to employees of all protected categories from all forms of discriminatory harassment in the workplace.  See NYS Assembly Bill No. A8421.  The bill is expected to be signed by Governor Andrew Cuomo, who supported the measure.

Once enacted, some provisions will take immediate effect while others will be phased in over the course of one year.  Here is the timeline for some of the provisions:

California Employers Have Less Than Six Months To Complete Sexual Harassment and Abusive Conduct Training

In September 2018, California passed SB 1343, which expanded the sexual harassment training requirements for California employers.  Previously, employers with 50 or more employees were required to provide at least two hours of sexual harassment training to all supervisory employees within six months of their assumption of a supervisory position and once every two years thereafter.

SB 1343 expands the training requirement in two key ways.  First, it requires employers who employ five or more employees to provide sexual harassment training.  Second, in addition to training supervisors, employers must now provide at least one hour of sexual harassment training to all nonsupervisory employees by January 1, 2020, and once every two years thereafter.  As a result, all employees will need to be retrained by January 1, 2022.

The good news for employers is that the California Department of Fair Employment and Housing (“DFEH”) is required to develop online training courses that employers can use to satisfy their obligation to provide sexual harassment training.  The bad news is that the DFEH still has not done so and there is no date certain by which the online training courses will be available.  However, the DFEH has posted a sexual harassment and abusive conduct prevention toolkit, which includes a sample sexual harassment and abusive conduct prevention training.  It is available here: https://www.dfeh.ca.gov/wp-content/uploads/sites/32/2018/12/SexualHarassmentandAbusiveConductPreventionTrainingToolkit.pdf.  However, unlike the online training courses that will be available, the toolkit is intended to be used in conjunction with a qualified trainer.

With only six months until the end

Employers Must Submit Pay Data in EEO-1 Reports for 2017 and 2018 – Additional Guidance from the EEOC is Forthcoming

As a result of recent federal litigation, the Equal Employment Opportunity Commission (“EEOC”) has announced that employers must submit pay data in their annual EEO-1 reports to the agency for calendar years 2017 and 2018 by September 30, 2019.  Although not currently active, the EEOC expects a web-based portal for the collection of the data to be open by mid-July 2019.  The portal will be available at https://eeoccomp2.norc.org.

In addition to the portal, the EEOC intends to issue guidance, including FAQs and other materials, to assist employers in mid-July 2019.  In the meantime, the Department of Justice has filed a Notice of Appeal to the federal litigation that lifted the EEOC’s stay on collecting such pay data.  Likewise, the EEOC’s helpdesk is set to become operational this week and can be contacted as follows:

Email: EEOCcompdata@norc.org

Toll Free Telephone: (877) 324-6214

Although an appeal has been filed, the EEOC is proceeding with enforcement of the regulation, so employers should not wait on the outcome of the appeal to begin compliance efforts. If they have not already done so, employers should immediately begin reviewing their collection processes to ensure that they are prepared to report the required pay data by September 30, 2019.

Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers review and comply with EEO-1 reporting obligations.  If you or your organization would like more information or assistance in preparing EEO-1 reports, please contact an attorney in the Labor

Website Accessibility Alert: Court Addresses Mootness Argument in Website Accessibility Case

As businesses continue to face lawsuits and demand letters alleging that their websites are inaccessible to blind and deaf patrons in violation of the Americans with Disabilities Act (“ADA”), courts across the country continue to weigh in on the issue.  On Tuesday, June 4, 2019, the United States District Court for the Southern District of New York issued a decision in Diaz v. The Kroger Co. – holding that the Court lacked both subject matter and personal jurisdiction over the case because the complaint had been rendered moot by modifications defendant made to the website and because the defendant did not sell goods or services in New York.  Diaz v. The Kroger Co., Case No. 18-cv-07953, Opinion and Order [Dkt. No. 35].

In Diaz, the plaintiff, a visually-impaired and legally blind individual who resides in the Bronx, New York, alleged that the website of defendant Kroger, a supermarket chain with its principal place of business in Cincinnati, Ohio, denied equal access to blind customers.  Kroger moved to dismiss the complaint on two grounds:  (1) for lack of subject matter jurisdiction because it remedied the barriers to access to its website, and (2) for lack of personal jurisdiction because it does not conduct business in New York.  The Court granted Kroger’s motion to dismiss on both grounds.

In granting Kroger’s motion to dismiss for lack of subject matter jurisdiction, the Court noted that the facts of the case were different from other cases where courts found, “on the facts of those cases, that the defendants

French Gender Equality Index

In order to fight against gender inequalities at work, French law no. 2018-771 adopted on 5 September 2018 introduces an obligation for employers to achieve the principle of equal remuneration between women and men (as opposed to a best efforts obligation). To do so, companies with 50+ employees will be required to calculate an “equal pay index”, based on gender equality indicators. They must then publish their results on their website and remedy inequalities in the event of insufficient results. They must also disclose the result to their personnel representatives and to the French labor authorities.

The gender equality indicators that must be taken into account are:

– the gender pay gap, calculated according to the average pay of women as compared to men, by age group and equivalent job category;

– the difference in the rate of individual salary increases between women and men;

– the percentage of employees who were granted an increase in the year following their return from maternity leave, if increases were granted during the period during which the leave was taken;

– the number of employees of the under-represented sex among the ten employees with the highest remuneration.

In addition, companies that have 250+ employees must take into account a fifth indicator: the gap in promotion rates between women and men.

Points will be granted for each indicator depending on the results achieved. The results are then aggregated in order to obtain an overall result ranging from 0 to 100 points. French Decree n°

Managing mental health issues at work

This week is UK Mental Health Awareness Week.

Managing mental health in the workplace is an increasing priority for employers, with a recent survey highlighting costs to business of nearly £35 billion a year due to sickness absence, reduced productivity and staff attrition.

The employment law issues associated with poor mental health are complex and include stress, personal injury, disability discrimination, bullying and harassment and unfair dismissal.

Employers can do much to manage the impact of poor mental health on their business, with a focus both on encouraging good mental health in the workplace through awareness, education and appropriate support frameworks, and on how best to manage mental health issues that do arise.

Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers manage mental health workplace issues. If you or your organization would like more information on this or any other employment issue, please contact an attorney in the Employment and Labor practice group.

Employer CCPA FAQs #9: May an employer become subject to the CCPA because of a corporate transaction?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).   Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers address their obligations under the California Consumer Privacy Act. If you or your

Employer CCPA FAQs #8: Does the CCPA apply to non-profit employers?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).   Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers address their obligations under the California Consumer Privacy Act. If you or your

Employer CCPA FAQs #7: If an employer is based in California, will the CCPA requirements apply to all employee data held by the employer?

As our series of FAQs regarding the California Consumer Privacy Act (“CCPA”) continues we are examining the scope of the law’s jurisdiction.    These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).   Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers address their obligations under the California Consumer Privacy Act. If you or your

The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.