BCLP At Work

Main Content

Employer CCPA FAQs #5: Does an employer have to be “established” in the United States for U.S. data privacy and security laws, and particularly the CCPA, to apply?

In this Series of our FAQs examining the California Consumer Privacy Act (“CCPA”), we are examining the scope of the law’s jurisdiction.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. As a reminder, the CCPA is a new privacy law that applies to data collected about California-based employees.   The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now. For US employers who have not had to comply with the GDPR, the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and implementation of updated or new data policies.  For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).  Employers in compliance with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP offers a complete compliance program to employers that includes a formal gap assessment as well as policies, procedures, and protocols to close identified gaps.  BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols to close identified gaps. Bryan Cave Leighton Paisner LLP has

Employers Have Until September 30, 2019 to Submit Pay Data to the EEOC

Update to our April 11 article:

Earlier today, Judge Tanya S. Chutkan of the U.S. District Court for the District of Columbia ordered employers to submit worker pay data to the Equal Employment Opportunity Commission (“EEOC”) by September 30, 2019. In so ruling, the Court rejected arguments from worker advocate groups who had sought to require the collection of pay data by May 31, 2019.

Pursuant to the Court’s Order, employers must submit two years’ worth of pay data to the EEOC.  While data for 2018 must be included in an employer’s September 30th submission, the EEOC is free to choose whether the second year of data will come from 2017 or 2019.   If the EEOC elects to collect data from 2017, employers will be required to submit the 2017 pay data by September 30, 2019 as well.  If the agency elects to collect data from 2019, employers will be required to submit the 2019 pay data in the spring of 2020.  The EEOC has until May 3, 2019 to decide whether it will collect 2017 pay data or 2019 pay data.

If not already done, employers should immediately begin reviewing their collection processes to ensure that they are prepared to report the required pay data by September 30, 2019.

Bryan Cave Leighton Paisner LLP has a team of knowledgeable lawyers and other professionals prepared to help employers review and comply with EEO-1 reporting obligations.  If you or your organization would like more information or assistance in preparing EEO-1

Employer CCPA FAQs #4: What information is not “Personal Information” under the CCPA?

This post is part of our series of FAQs examining the California Consumer Privacy Act (“CCPA”)  that should help employers with operations in California to determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, the CCPA is a new privacy law that will go into effect in early 2020. Because the CCPA refers to “consumers” many HR professionals do not realize that the CCPA, as currently enacted, also applies to data collected about California-based employees. Please see our recent blog post for a summary of which employers will be subject to the CCPA and the key requirements of the law. Although the law will not be in effect until next year, employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply with the European Union’s General Data Protection Regulation (“GDPR”), the requirements of the CCPA will likely require a new analysis of the treatment of employee-data and updated or new data policies. Employers who are required to comply with the GDPR will likely already be familiar with many of the requirements of the CCPA, and a key area of interest is the degree to which the CCPA aligns with GDPR for purposes of implementing CCPA compliant practices for their California-based employees. BCLP offers a complete compliance program for employers that includes a formal gap assessment and tailored policies, procedures, and protocols

Employer CCPA FAQs #3: As used in the CCPA, do the terms “personal data,” and “personal information” mean the same thing?

In the coming weeks we will be releasing a series of FAQs examining the California Consumer Privacy Act (“CCPA”)  of particular importance to employers.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, employers with operations in California should be aware of the CCPA, a new privacy law that applies to data collected about California-based employees.   Because the CCPA refers to “consumers” many HR professionals don’t realize that the Act, as currently drafted, applies to data collected about California-based employees. Please see our recent blog post summarizing the CCPA for employers. The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply with the GDPR, the requirements of the CCPA for California-based employees will likely require a new analysis of the treatment of employee-data and updated or new data policies. For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).  Employers who are complying with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP also offers a complete compliance

Employer CCPA FAQs #2: What is “personal information” under the CCPA?

In the coming weeks we will be releasing a series of FAQs examining the California Consumer Privacy Act (“CCPA”)  of particular importance to employers.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, employers with operations in California should be aware of the CCPA, a new privacy law that applies to data collected about California-based employees.   Because the CCPA refers to “consumers” many HR professionals don’t realize that the Act, as currently drafted, applies to data collected about California-based employees. Please see our recent blog post summarizing the CCPA for employers. The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.  For U.S. employers who have not had to comply with the GDPR, the requirements of the CCPA for California-based employees will likely require a new analysis of the treatment of employee-data and updated or new data policies. For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”).  Employers who are complying with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP also offers a complete

Employer CCPA FAQs #1: Does the CCPA apply to employee data?

In the coming weeks we will be releasing a series of FAQs examining the California Consumer Privacy Act (“CCPA”)  of particular importance to employers.  These FAQs should help employers determine if they are required to comply with the CCPA and if so, what steps their HR professionals and IT departments should take to be in compliance. By way of background, employers with operations in California should be aware of the California Consumer Privacy Act (“CCPA”), a new privacy law that applies to data collected about California-based employees.   Because the CCPA refers to “consumers” many HR professionals don’t realize that the Act, as currently drafted, applies to data collected about California-based employees.  See our recent blog summarizing the CCPA for employers: [https://bclpatwork.com/meet-the-ccpa-new-privacy-rules-for-california-employees/] The CCPA will go into effect in early 2020, and employers who must comply should be addressing compliance obligations now.  For US employers who have not had to comply with the GDPR, the requirements of the CCPA for California-based employees will likely require a new analysis of the treatment of employee-data and updated or new data policies. For employers with European operations, one key area of interest is the degree to which the CCPA aligns with the European General Data Protection Regulation (“GDPR”). Employers who are complying with the GDPR will likely already be familiar with many of the requirements of the CCPA – and with some assistance, should be able to bring their operations and policies into compliance with respect to California-based employees. BCLP also offers

EEOC Proposes September 30, 2019 Deadline for Employers to Submit Pay Data

In court documents filed on April 3, 2019, the Equal Employment Opportunity Commission (“EEOC”) announced that employers may be required to submit pay data to the agency by September 30, 2019.

The filing was made after Judge Tanya S. Chutkan of the U.S. District Court for the District of Columbia ordered the EEOC to describe when and how it will comply with the Court’s March 4th Order lifting the White House’s Office of Management and Budget’s August 2017 stay on the EEOC’s collection of pay data.

Pay data has received much attention from employers and advocates alike since the Court’s March 4th Order, but the EEOC has largely remained silent until this recent filing.  For example, on March 18, 2019, when the EEOC opened its online portal for filing EEO-1 reports for 2018 (which are due by May 31, 2019), the portal did not include any request for pay data.  Instead, the agency issued a statement that same day noting that it was “working diligently on next steps” regarding the collection of pay data.

In addition to identifying a date by when employers may need to submit pay data, the EEOC’s April 3rd filing also proposes that employers only be required to submit pay data for 2018 (rather than 2017 and 2018) and describes the agency’s plan to use a data and analytics contractor to develop a new reporting program to collect the data.

The September 30, 2019 deadline, however, is not set in stone.  Worker advocates objected to the

Unconscious Bias in the Workplace

April 11, 2019

Categories

In 2019, discrimination is rarely overt or deliberate.  As a society we have come a long way from the ‘No Blacks, No Dogs, No Irish’ signs of decades past.  But conscious intent is not necessary for unlawful discrimination to occur.  We all have unconscious biases based on stereotypes and prejudices.  We may not always realise our biases, but we do need to be aware that biases related to protected characteristics such as age, sex and gender can give rise to unlawful treatment.

In the UK, under the Equality Act 2010, direct discrimination occurs where “because of a protected characteristic, A treats B less favourably than A treats or would treat others”.  In a discrimination claim, it falls to the Tribunal to consider the reason why the claimant was treated less favourably.  In other words, what was the conscious or subconscious reason for the treatment?  This requires the Tribunal to undertake an enquiry into the mental processes of the alleged discriminator.

As a reminder, the burden of proof lies initially with the claimant, and then shifts to the employer where the claimant shows a ‘prima facie’ case of discrimination.  If the claimant can establish a sufficient difference in treatment then there is likely to be a prima facie case of discrimination.  The alleged discriminator will then need to show a cogent reason for its actions.  Where there is no overt evidence of discrimination, the Employment Tribunal is entitled to draw inferences from the surrounding facts in order to conclude that unlawful

Caught Between a Rock and a Hard Place: #MeToo Movement Creates Challenges for Directors

The #MeToo movement continues to make headlines across the globe, toppling more than 200 powerful U.S. company leaders in entertainment, media, sports and a variety of other industries.  According to EEOC reports, sexual harassment charges have increased by 14% and EEOC-filed lawsuits asserting harassment have increased by 50%.  Larger amounts of cash are being paid to settle harassment suits, and those amounts may be minor compared to the reputational damage of being tried in the court of public opinion.

Directors have long grappled with how to oversee company “culture” and employee behaviors.  Now many boards find themselves wedged between a rock and a hard place, as they struggle to balance the need for swift action when a complaint is made versus the need for appropriate due process rights for the accused.

Boards increasingly are expected to investigate stale and non-actionable claims and off-duty conduct.  They are also expected to treat wrongdoers swiftly and severely.  Employees and stockholders push for transparency in investigations, as boards temper the need for transparency with the risks of defamation, tort or other claims that may be brought by the accused, as well as personal privacy rights when dealing with controversial, off-duty conduct.

The potential unintended consequence of polarizing genders also must be monitored by the board.  Recent research found that two-thirds of male executives hesitate to hold one-on-one meetings with women in more junior positions for fear they could be misconstrued.  This behavior effectively deprives one gender of valuable mentorship and opportunities to interact with

Meet the CCPA: New Privacy Rules for California Employees

Employers with operations in California should be aware of the California Consumer Privacy Act (“CCPA”), a new privacy law that applies to data collected about California-based employees.   HR professionals should be aware that, although the CCPA refers to “consumers,” as currently drafted the CCPA’s definition of a “consumer” will apply to California-based employees.

Which employers will have to comply with the CCPA?

Employers with employees in California will need to comply with the CCPA if their business falls into one of the following three categories:

  • Their business buys, sells, or shares the “personal information” of 50,000 “consumers” or “devices”;
  • Their business has gross revenue greater than $25 million; or
  • Their business derives 50% or more of its annual revenue from sharing personal information.
  • What are the key implications of having to comply with the CCPA?

    The Employers who have to comply with the CCPA will be subject to the CCPA’s:

  • Expansive definition of “personal information”;
  • New notice requirements for California-based employees, which notices describe the employer’s collection of and use and disclosure of personal information
  • New data privacy rights for California-based employees, including the right to access, delete, and opt out of the “sale” of personal information;
  • Special rules for the collection and use of personal information of minors;
  • Requirement to implement appropriate and reasonable security practices and procedures;
  • Enforcement provisions, including a statutory damages framework; and
  • Private right of action for employees.
  • The CCPA will go into effect in early 2020, and employers who must comply should be

    The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.