As 2017 comes to a close, recent headlines have underscored the importance of compliance and training. In this Take 5, we review major workforce management issues in 2017, and their impact, and offer critical actions that employers should consider to minimize exposure:
- Addressing Workplace Sexual Harassment in the Wake of #MeToo
- A Busy 2017 Sets the Stage for Further Wage-Hour Developments
- Your “Top Ten” Cybersecurity Vulnerabilities
- 2017: The Year of the Comprehensive Paid Leave Laws
- Efforts Continue to Strengthen Equal Pay Laws in 2017
Revelations of the Harvey Weinstein scandal, and those that have followed, have ignited sexual harassment complaints against employers across all industries. Recent news more than confirms that the issue of sexual harassment is not limited to Hollywood. As U.S. Equal Employment Opportunity Commission (“EEOC”) Acting Chair Victoria Lipnic recently said in an interview with Law360, “We see this everywhere. This happens to women in workplaces all over the place.”
With the outpouring of support for victims of sexual harassment, the creation of the #MeToo movement in the last quarter of 2017, and Time magazine’s “Silence Breaker” person of the year, it is clear that this is an issue that employers will need to proactively address in 2018. A study by theBoardlist and Qualtrics, based on a survey conducted this summer, reported that 77 percent of corporate boards “had not discussed accusations of sexually inappropriate behavior and/or sexism in the workplace.” Less than 20 percent of the 400+ people surveyed had reevaluated their company’s risks regarding sexual harassment or sexist behavior, even in light of the recent revelations in the media. Plainly, those numbers are expected to, and no doubt will, increase in the coming year.
Failure to take affirmative steps to prevent harassing behavior and adequately respond to allegations of sexual harassment can have serious consequences. While sexual harassment claims may originate as internal complaints, which must be promptly addressed, they may also result in a discrimination charge filed with the EEOC or the corresponding state or local agency. Since fiscal year 2010, roughly 30 percent of the approximately 90,000 charges of discrimination received by the EEOC each year have alleged sex-based discrimination, and the number of charges alleging sex-based harassment has gradually increased from just below 13 percent to just above 14 percent. Next year, this number is expected to increase because employees are becoming more comfortable reporting and publicizing incidences of sexual harassment in light of recent news, and due to the EEOC’s digital upgrade that allows employees to file EEOC complaints online.
Sexual harassment claims may also lead to litigation, which can be expensive and time-consuming and can create negative publicity. For instance, Mr. Weinstein’s former company, The Weinstein Co. (“TWC”), has been named in a $5 million civil suit alleging that executives of the company did nothing to protect women who did business with Mr. Weinstein, despite being aware of his inappropriate behavior. On December 6, 2017, TWC was one of the named defendants in a proposed class-action racketeering lawsuit alleging that TWC helped facilitate Mr. Weinstein’s organized pattern of predatory behavior. Additionally, the New York attorney general’s office is investigating TWC for potential civil rights violations in its handling of claims of sexual harassment.
There may also be unseen consequences of sexual harassment on the makeup of a workforce. Various studies have reported that harassment may lead to the departure of women from the workforce or the transition into lower-paying jobs. Further, women in jobs with a higher risk of sexual harassment often earn a premium over employees in positions with a lower risk of sexual harassment. Sexual harassment, therefore, may have real impact on compensation and implicate the pay gap and pay equity.
For these reasons, many employers are looking to implement and also supplement sexual harassment training seminars provided for their employees in order to combat sexual harassment in the workplace.
Employers should also consider whether their current practices include the following:
- A robust complaint procedure. Sexual harassment at work often goes unreported. According to the EEOC, as many as three-quarters of harassment victims do not file workplace complaints against their alleged harassers. Make sure that you have reporting mechanisms in place to receive complaints and consider allowing employees to complain directly to human resources, to a supervisor, or to an anonymous hotline.
- A prompt investigation of complaints. Upon receiving a complaint, promptly and thoroughly investigate the allegations, and make sure that your employees do not retaliate against the alleged victim or any person who cooperates in the investigation.
- Independent investigations. Ensure impartiality in the process. In certain cases, that may mean hiring an outside consultant or outside legal counsel to conduct the investigation.
- Thorough communication practices. A common objection asserted by complainants is that they are not informed about the status of an investigation. While complainants need not (and should not) be notified about the details or even given regular status reports, inform the complainant that an investigation will occur and be sure to provide closure—regardless of the outcome of the investigation.
- A proactive approach. Consider conducting employee engagement or climate surveys (with or without a consultant) to better understand the work atmosphere, rather than simply reacting to workplace complaints. Before doing so, consult with counsel to determine whether and how such a survey may be conducted (potentially under the self-critical analysis privilege, depending on the jurisdiction) to avoid it unwittingly becoming evidence in a proceeding.
- An atmosphere of inclusiveness. Foster an atmosphere of inclusiveness to help prevent sexual harassment. Make sure that your top-level management is involved in setting the tone, modeling appropriate behavior, and effecting positive change. Some organizations should consider creating a task force to root out and address inappropriate conduct—again with the oversight of legal counsel.
- Effective training. While most employers conduct some form of anti-harassment training (and those that don’t offer training, should), make certain that your training is designed to effectively combat sexual harassment. Tailor the training to your specific workplace and audience. Use real-world examples of what is, and is not, harassment, and make sure that managers know how to spot potential issues and respond to any and all complaints.
Recently, we wrote about the significant wage-hour developments of 2017. Those developments set the stage for some rather substantial issues to be addressed.
Arbitration Agreements with Class Action Waivers
With briefing and oral argument complete, it now is only a matter of time before the U.S. Supreme Court issues its ruling in three cases involving the enforceability of arbitration agreements with class action waivers. That ruling, whenever it issues, will have a significant impact on wage-hour litigation, at least in the federal courts.
The Court is likely to rule in one of three ways:
- hold that arbitration agreements with class action waivers are unenforceable, opening the floodgates to more employee class and collective actions;
- hold that arbitration agreements with class action waivers are enforceable, leading more employers to use them; or
- hold that such agreements are enforceable so long as certain conditions are met, such as making entry into the agreement voluntary and assuring employees that failure to sign the agreement will not result in adverse consequences.
When the Court rules, we will promptly address the decision on our Wage and Hour Defense Blog: www.wagehourblog.com.
Will Other States Implement Statutes Like California’s Private Attorneys General Act?
Employers with operations in California are likely familiar with California’s Private Attorneys General Act (“PAGA”). Some are perhaps too familiar with it.
PAGA allows an employee to step into the shoes of the state’s Attorney General and file suit on behalf of all other “aggrieved employees” for a variety of alleged violations of California’s Labor Code. The potential exposure in these cases can be huge.
PAGA lawsuits are attractive to employees and their attorneys because they are not technically “class actions.” Instead, they are “representative actions.” The difference is more than semantic.
As PAGA actions are not class actions, they usually cannot be removed to federal court under the Class Action Fairness Act. And, as employees are filing suit on behalf of others, not themselves, courts have held that PAGA claims are not subject to arbitration agreements signed by plaintiff employees.
Having seen their counterparts in California use PAGA to avoid federal court and arbitration—and to obtain large settlements—there are rumblings that plaintiffs’ attorneys in other states will push for similar legislation. No such legislation is currently pending, but it may just be a matter of time. And that time may come in 2018— particularly if the Supreme Court rules to uphold class action waivers in arbitration agreements. Indeed, the Center for Popular Democracy has already announced that it plans to campaign for PAGA-like statutes in several states, including New York, in the upcoming year.
A New Proposed Salary Level for White-Collar Exemptions
In 2017, the U.S. Department of Labor (“DOL”) abandoned its 2016 “Final Rule,” which would have more than doubled the minimum salary for the executive, administrative, and professional overtime exemptions from $455 per week ($23,660 per year) to $913 per week ($47,476 per year). The DOL secured a stay from the U.S. Court of Appeals for the Fifth Circuit of the lower court decision invalidating the 2016 Final Rule, to allow the DOL time to issue a new rule.
In July, the DOL issued a Request for Information (“RFI”) soliciting public comment on 11 questions seeking input on what requirements and thresholds an appropriate replacement rule should contain.
We expect to see a Notice of Proposed Rulemaking in 2018. Based on Secretary of Labor Alexander Acosta’s statements to date and the RFI, we anticipate that the proposed revised regulation will raise the salary threshold to a figure in the neighborhood of $32,000 to $35,000 and may loosen the other criteria for determining when an employee may be classified as exempt.
Further Changes in Federal Wage-Hour Enforcement Policies and Practices
Secretary Acosta has already made a number of changes to how the DOL’s Wage and Hour Division (“WHD”) will approach its mission, including (i) withdrawing Administrator’s Interpretations regarding joint employment and independent contractor versus employee status, (ii) announcing that the WHD will resume the long-standing practice—suspended during the Obama administration—of issuing opinion letters to provide guidance to the public, and (iii) announcing withdrawal of a 2011 final rule regarding the standards for tip pooling.
In 2018, candidates for further changes to WHD enforcement include:
- abandoning the pursuit of liquidated damages for investigations that resolve at the administrative level;
- narrowing the range of matters for which the agency will seek civil money penalties by focusing on clearly willful scenarios and repeated violations substantially similar to prior violations;
- less burdensome initial demands for information and documentation regarding related entities and individuals, as well as vendors and other business partners; and
- greater willingness to supervise back wage payments when an employer is willing to approach the WHD to confess a violation.
Cybersecurity has never been more important, or challenging, to address. For many employers, even figuring out where to start may seem like an overwhelming challenge. The first step—and one that should be done at least annually—is to focus on the adequacy of your organization’s cybersecurity planning processes, if any, in place. To jump-start your year-end cybersecurity planning, here are our “top ten” vulnerabilities to put on your list.
Vulnerability No. 1. No, or inadequate, security program in place. It is essential that your organization have a written, formalized cybersecurity program that assigns and enforces individual job responsibilities. The absence of a written plan documenting your cybersecurity program is a significant gap that leaves you more vulnerable to a cyberattack. If your organization already has adopted a written security plan, review and, if necessary, update it periodically (no less than annually) to determine how your organization will comply with the plan to protect your systems and staff. Cybersecurity is everyone’s responsibility.
Vulnerability No. 2. No recently conducted vulnerability and risk assessments. A comprehensive, well-documented vulnerability assessment will identify gaps in your workforce management and information technology security policies, procedures, and technical controls. A formalized risk assessment will address the risks of cyberthreats exploiting the gaps revealed by the vulnerability assessment. Vulnerability and risk assessments, which may be conducted with the assistance of cybersecurity counsel under the protection of the attorney-client privilege, are fundamental building blocks for reducing cybersecurity vulnerabilities.
Vulnerability No 3. No evaluation of weaknesses or gaps in your controls in light of statutory requirements and potential common law claims. This highlights your compliance gap and legal exposure arising from poor technical and administrative controls (e.g., inadequate or nonexistent policies), particularly in financial services, health care, or where your location and business lines subject you to requirements of state data privacy and breach laws. The absence of particular controls may constitute statutory violations or be cited in litigation as evidence of red flags.
Vulnerability No. 4. No formalized patching process or inadequate enforcement of the current process to ensure its systematic implementation. Failure to expeditiously address known vulnerabilities carries potential liability. A formalized, well-documented and enforced patching process may avoid gaps in failing to timely patch a known vulnerability and help reduce exposure.
Vulnerability No. 5. No insider threat program. Most data breaches are caused by insiders—either employees or trusted third parties (or their employees). Not having in place an insider threat program (that includes an insider threat vulnerability assessment) increases your vulnerability to insider threats.
Vulnerability No. 6. Lack of connection to the cybersecurity community. Did you know that the leading wireless (WiFi) encryption protocol (WPA2) has recently been cracked by a new method called “KRACK” (short for Key Reinstallation AttaCK)? Did you know that the National Institute of Standards and Technology (known as “NIST”) has recently proposed significant new guidance in password administration? The new guidelines recommend, for example, increasing usability, including a blacklist of poor choice passwords and allowing passwords of at least 64 characters in length to support the use of pass phrases. These are just examples of the ever-changing cybersecurity landscape. Your organization should establish contact with the cybersecurity community, including cybersecurity counsel, to facilitate training and education within your organization and to maintain current on best practices and technologies.
Vulnerability No. 7. Lack of stringent configuration management. If your organization does not use a baseline of secure configurations for each of its information and communications systems and related hardware before each goes live or before any implemented changes, then you are vulnerable. The vulnerability from permitting the live implementation of default configurations (e.g., default passwords), for example, is an ever-present and frequently overlooked vulnerability that requires rigorous oversight.
Vulnerability No. 8. Lack of stringent remote access management. If your organization permits remote access by its personnel, your potential attack surface is expanded. Granting remote access requires a combination of stringent best practices, such as rigorous human resources and technical controls (including monitoring remote access usage).
Vulnerability No. 9. Failing to consider available cybersecurity data. If you are not looking at the available cybersecurity data for your particular industry, you are likely not making the most informed decisions. Don’t fly blind—there is data out there for all industries that you can use to inform your vulnerability analysis.
Vulnerability No. 10. No incident response plan in place. No matter the level of stringent controls you put in place, you have to be prepared for the eventuality of a data incident or breach. Being reactive because you do not have a plan in place tested through training, including table-top training exercises, leaves you vulnerable.
The foregoing list is non-exhaustive. Your list may be different. Hopefully, our recommendations get you thinking about your cyber protections for the coming year.
The year 2017 brought the enactment of several significant state and local paid family and medical leave laws. These new laws do not always align with the federal Family and Medical Leave Act (“FMLA”) or a company’s existing policies—even if the company’s existing policies are more generous than the FMLA. Employers operating in the jurisdictions below must be sure that their policies and practices comply with the following upcoming laws, and employers everywhere will need to be on the lookout for other states and municipalities following suit.
New York State Paid Family Leave
Effective January 1, 2018, employees working in New York State will be eligible to receive job-protected, paid family leave under the New York Paid Family Leave Benefits Law (“NY PFL”) (i) to provide care to a newborn or a newly placed child for adoption or foster care, (ii) to care for a family member with a serious health condition, or (iii) due to an exigency relating to a family member being deployed abroad. Under the NY PFL, an employee may, in a 12-month period, take leave of up to eight workweeks in 2018, increasing to 12 workweeks beginning on January 1, 2021. Benefits received under the NY PFL begin at 50 percent of the employee’s pay, up to 50 percent of the state average weekly wage (increasing to 55 percent, 60 percent, and 67 percent, respectively, on January 1 of the following three years).
The NY PFL is intended to be funded through employee payroll contributions. Employee eligibility for NY PFL benefits and leave begins after 26 consecutive weeks (for employees whose regular employment schedule is 20 or more hours per week) or 175 days (for employees whose regular employment schedule is less than 20 hours per week) of employment. Notably, the definition of “family member” under the NY PFL is significantly broader than under the FMLA. In addition, maternity leave under the NY PFL does not begin until after pregnancy disability ends, thus extending the leave beyond 12 weeks in most cases, including for employers not covered by the FMLA.
The San Francisco Paid Parental Leave Ordinance
Effective January 1, 2017, the city of San Francisco began to phase in its new Paid Parental Leave Ordinance (“PPLO”), with the final phase becoming effective on January 1, 2018. The PPLO requires that San Francisco employers pay the difference (“Supplemental Compensation”) between benefits received under California’s Paid Family Leave (“CA PFL”) insurance program and an employee’s full pay (to a cap) for a period of six weeks. This law applies only to leave taken to bond with a newborn or a newly placed child for adoption or foster care. To qualify for Supplemental Compensation, employees must (i) have been employed at least 90 days prior to starting leave, (ii) be eligible to receive CA PFL benefits, (iii) perform at least eight hours of work per week for the employer within the city of San Francisco, and (iv) work at least 40 percent of their total weekly hours for the employer within the city of San Francisco.
The California Family Rights Act
As a part of a slew of 2017 legislative changes to California employment laws, the California Family Rights Act (“CFRA”) has been amended to expand the parental bonding leave protections to California employers with only 20-49 employees within 75 miles of the worksite, beginning January 1, 2018. The CFRA’s other eligibility requirements will remain intact: the employee must work at least 12 months with the employer and have worked 1,250 hours during the previous 12-month period. This expansion of the CFRA to smaller employers does not extend to other types of job-protected leave under the law, including leave for an employee’s own serious health condition or to care for the employee’s parent or spouse who has a serious health condition.
Washington State Paid Family and Medical Leave
In 2017, Washington State enacted a comprehensive Paid Family and Medical Leave Law (“WA PFML”), which will create an insurance program to provide income replacement benefits for family and medical leaves. Eligible employees may begin to receive benefits and take leave beginning on January 1, 2020; however, payroll deductions to fund this insurance may begin as early as January 1, 2019. The WA PFML provides for up to 90 percent of an employee's income for as much as 18 weeks of protected leave in a year. Like the federal FMLA, the WA PFML applies to employees who have been employed for at least 12 months and have worked for at least 1,250 hours in the previous 12-month period. The WA PFML applies to employers with 50 or more employees (without regard to the number of employees at a single worksite).
The District of Columbia Universal Paid Leave Amendment Act
In 2017, the District of Columbia enacted the Universal Paid Leave Amendment Act (“D.C. UPL”). Beginning January 1, 2020, the law will provide D.C. employees up to a combined 16 weeks of (i) paid family leave (up to six weeks), (ii) medical leave (up to two weeks), and (iii) parental leave (up to eight weeks) in a 52-workweek period. The D.C. UPL provides income replacement while on leave but does not provide job-protected leave—such leave is only job-protected to the extent employees are also eligible for leave under the existing D.C. Family and Medical Leave Act, which provides up to 16 weeks of unpaid job-protected leave every two years. Nearly all employees in the District of Columbia will be eligible for paid benefits under the D.C. UPL, so long as more than 50 percent of the employee’s hours worked for the employer are in the District of Columbia. The D.C. UPL will be funded by payroll taxes, and deductions may begin July 1, 2019.
State and local legislators have had another busy year with efforts to strengthen equal pay regulation, and there is no sign of a slowdown anytime soon. Legislation in this field began picking up in 2016 and continued to gain momentum throughout 2017. There were approximately 100 bills relating to equal pay introduced in the state legislatures this year in more than 40 jurisdictions. We expect this trend to continue as the closing of historical pay disparities between men and women and amongst other groups remains a policy priority.
Equal pay legislation has centered around three major areas. First, legislatures are acting to expand the scope and coverage of, and narrow the exceptions for, existing equal pay laws. For example, employers in certain states with amended equal pay laws must now provide equal pay not only for “equal” work, but also for “comparable” or “substantially similar” work. Some of these laws also effectively remove geographical distinctions and narrow other exceptions that employers may rely on. This year, Oregon and Puerto Rico added themselves to the list of states and territories (including Massachusetts, California, Delaware, and Maryland) that have made these sorts of changes, and California went a step further by expanding its equal pay act to cover race and ethnicity in addition to gender. Bills along these same lines for gender pay equality are also pending or expected in at least 15 additional states.
Second, legislatures are introducing salary history bans, which prohibit employers from asking applicants about prior compensation in the hiring process. These laws aim to stop the perpetuation of prior salary discrimination by increasing focus on the value that a recruit will bring to the position and reducing reliance upon compensation decisions made by others in the past when formulating job offers. Salary history inquiry bans were recently enacted in four states, including California, Delaware, Maine, and Oregon, along with Puerto Rico, New York City, Philadelphia, San Francisco, and Albany County (New York). Similar laws are pending in at least 13 additional states, and we expect that legislation will be reintroduced in several others during the next legislative sessions.
Finally, legislatures are acting to increase employer accountably for wages by proposing stronger pay transparency laws, which, among other things, would protect the open discussion of wages and—in at least one attempted effort thus far—would require employers to publicly disclose their wage differences between men and women. Currently, 17 states and Puerto Rico have laws governing pay transparency, although a number of these laws have been in place for some time. Recently, we have seen new or enhanced laws enacted on pay transparency in California, Colorado, Maryland, Massachusetts, Nevada, and New York, and several other states have pending legislation in this area as well. Thus far, California is the only state to have proposed a “wage shaming” law that would require larger employers to report gender wage differential information to the state for publication on a government website. The proposed law (A.B. 1209) passed the California Legislature in 2017 but was vetoed by the governor—the second consecutive year that he vetoed this type of proposed law. Similar legislation has been discussed in New York City as well.
Equal pay also saw some activity at the federal level in 2017. Representative Eleanor Holmes Norton introduced the Pay Equity for All Act of 2017 (H.R. 2418), a salary history ban law. She also introduced the Fair Pay Act of 2017 (H.R. 2095), which would lower the federal statutory standard from equal to comparable work, consistent with the state and local trend. While additional action has not been taken on these bills since they were introduced, it is likely that Rep. Norton will continue to pursue these efforts as she has in the past.
Also on the federal front, the EEOC has included “Ensuring equal pay protections for all workers” as one of its six top priorities for 2017-2021. And although the expanded EEO-1 form (including 12 pay bands for the reporting of employee pay by gender and race/ethnicity) was rejected earlier this year, EEOC Acting Chair Victoria Lipnic has stated that the EEOC remains committed to the enforcement of equal pay laws and that the decision to stay implementation of the expanded EEO-1 form does not alter this enforcement position.
As we move into 2018, employers should continue to focus on equal pay within their organization and get ahead of the curve on compliance, since the legislative momentum gained in 2017 will likely continue.