News & Analysis

Use strong policies and training to defend against lawsuits

Sexual harassment training has been the subject of jokes for decades. All HR professionals understand how important sexual harassment training is, but getting employees and managers to take it seriously can be an uphill battle. Good antiharassment policies and regular training can be vital components to the defense of a harassment lawsuit, while weak policies and poor training can do real damage to your case.

Colbert, Letterman, and the NLRB

Stephen Colbert recently debuted as the new host of The Late Show. Although Colbert is a terrific talent, he acknowledged that he cannot replace his predecessor, David Letterman. Letterman is a true pioneer in the late night space, and he will be missed.

Growth of tax fraud leads states to expand data breach laws

According to data from the Federal Trade Commission (FTC), tax fraud is the most common consumer complaint from victims of identity theft. In 2014, nearly one-third of complaints from identity theft victims were related to tax fraud. In response, some states have revisited their existing data security laws. This trend may create additional responsibilities for your business now or in the future.

Several states revise data breach laws

Unsurprisingly, California was the first U.S. state to pass a data breach law. That law, which took effect in 2003, has served as the template for similar laws now on the books in all but three states (Alabama, New Mexico, and South Dakota).

In the 12 years since, many states' lawmakers not only have passed new laws but also have revisited their existing laws and expanded them to include and protect more types of personal data and to add state agencies to the notification requirements. This year, several states, including Montana, Nevada, North Dakota, Washington, and Wyoming, amended and expanded their existing laws.

Wyoming and Nevada. Wyoming's security breach law follows the standard template of requiring entities that conduct business within the state and that own or license computerized data that includes personal identifying information about any resident of the state to notify affected individuals in the event the personal data is accessed by unauthorized parties.

However, effective July 1, 2015, the definition of "personal information" significantly expanded. The law already protected data when the first name or initial and the last name of a person were accessed in combination with obviously sensitive data elements such as Social Security numbers; credit, debit, and other financial account numbers; and details on any federal, state, or tribal issued identification card. But the law now also extends to protect data elements such as medical information, health insurance information, taxpayer identification numbers, biometric data, and certain information that would permit access to "an online account." Nevada has similarly expanded its law to include new forms of personal information.

In the event of a breach, covered Wyoming entities must also provide "clear and conspicuous" notice to affected individuals that includes, at a minimum, the date of the breach, a general description of the breach and the types of information affected, any actions taken by the company to prevent further data loss, and advice to the affected individuals (for example, recommendations to review account statements or credit reports).

Montana and North Dakota. Effective October 1, 2015, Montana's existing law also expands its protection and the duties of covered entities. As with Wyoming's law, Montana adds new forms of protected data to the definition of personal information. Montana law now also protects medical record information, taxpayer identification numbers, and any identity protection personal identification number issued by the federal IRS when the information is accessed in combination with an individual's first name or initial and last name.

Montana's law also imposes an additional reporting requirement on affected entities. Now victims of a data breach will be required to notify the state Attorney General's Office of Consumer Protection (or, if the affected entity is an insurer, the state insurance commissioner). Effective August 1, 2015, North Dakota also added a requirement that breaches affecting more than 250 covered persons must be reported, by mail or e-mail, to the state attorney general.

Washington. Washington's expanded law, effective July 24, 2015, makes two primary changes that expand the type of data protected. First, the law now protects data regardless of whether it is computerized (previously the law's protection extended only to computerized data). Second, the law also requires notice to be provided for encrypted data in some circumstances. Previously, if data was encrypted, then it was presumed to be secure. However, the law now accounts for situations in which the encryption isn't sufficient to secure the data (for example, the person who accesses the data also obtained access to or can easily decipher the encryption key).

Bottom line

Though these changes represent only a handful of states, they demonstrate that many state lawmakers continue to revisit and revise existing security breach laws as new types of data are created, stored, and made vulnerable to unauthorized access. Proactive employers may wish to expand existing data security and breach notification protocols to include these new categories of personal data—even if your state laws don't yet require that you do so.

NLRB ruling on 'joint employers' opens door to unionization

Businesses spend a lot of time and money making sure they comply with the myriad laws that govern the employment relationship. Employers have relied on decisions by the National Labor Relations Board (NLRB) that define "joint employers" in structuring their businesses. This is true of employers that use temporary or leased employees as well as those whose companies are organized into several subsidiaries or have a franchise model.

Honesty in HR matters: It really is the best policy

According to one of Billy Joel's many great songs, "Honesty is such a lonely word, everyone is so untrue. . . . Honesty is hardly ever heard, but mostly what I need from you." Sure, honesty is admirable and virtuous, but it's also the best policy for handling employment matters. Even though it seems like common sense, it's often hard for HR managers and supervisors to tell the truth about employees when it matters. And that often gets them into trouble. Let's make sure that honesty is what's heard at your workplace.

Agency Action

EEOC releases American workplace report. The Equal Employment Opportunity Commission (EEOC) in August 2015 released a report titled American Experiences Versus American Expectations, illustrating the changes to the demographics of the workforce since the agency opened its doors in 1965 as well as the continuing challenges to equal opportunity in employment. The new report, an update to the 1977 Black Experiences Versus Black Expectations, examines changes in participation in nine job categories for African Americans, Hispanics, Asian Americans, American Indians/ Alaskan Natives, and women between 1966, the first year for which the agency collected data, and 2013, the most recent year for which data is available. Despite notable progress in diversity and inclusion in the workplace over the past half century, this report highlights continued job segregation by race and gender, with women and people of color disproportionately occupying lower paying positions, said EEOC Chair Jenny R. Yang.

Workplace Trends

Survey explores move away from 9-to-5 workdays. The traditional eight-hour workday is showing further signs that its on its way out, according to a survey from CareerBuilder that gathered responses from more than 1,000 full-time workers in information technology, financial services, sales, and professional and business servicesindustries that historically have more traditional work hours. The survey, conducted online by Harris Poll on behalf of CareerBuilder from May 14 to June 3, 2015, found that 63% of workers in those industries believe working 9:00 a.m. to 5:00 p.m. is an outdated concept, and many have a hard time leaving the office mentally. Twenty-four percent of the respondents said they check work e-mail during activities with family and friends. Sixty-two percent of the workers perceive working outside of required office hours as a choice rather than an obligation, with that view more often expressed by workers 55 and older than by workers ages 18 to 24.

Union Activity

Gallup survey finds increasing support for unions. A Gallup poll released in August 2015 found that Americans approval of labor unions has gone up five percentage points to 58% over the past year and is now at its highest point since 2008, when 59% approved. The image of organized labor hit an all-time low of 48% in 2009. Gallup first asked Americans about organized labor in 1936, a year after Congress legalized private-sector unions and collective bargaining. At that time, 72% of Americans approved of unions. Support remained high into the 1960s but dipped through the 1970s. The percentage of Americans saying they would like labor unions to have more influence in the country also has been rising and now stands at 37%, up from 25% in 2009. The figures come from the 2015 installment of Gallups annual Work and Education Survey.

Track coach overcomes hurdles, wins retaliation case on appeal

In a case we have followed since 2011, e-mail evidence again played a significant role in the latest outcome. Based in large part on the e-mail evidence, along with a delay in discipline, the Kentucky Supreme Court reinstated a jury verdict in favor of a former assistant track coach at the University of Louisville who claimed she was fired because she complained about discrimination. However, the coach lost her back-pay claim because she failed to properly seek new work after the termination.

NLRB ruling on 'joint employers' opens door to unionization

Businesses spend a lot of time and money making sure they comply with the myriad laws that govern the employment relationship. Employers have relied on decisions by the National Labor Relations Board (NLRB) that define "joint employers" in structuring their businesses. This is true of employers that use temporary or leased employees as well as those whose companies are organized into several subsidiaries or have a franchise model.