In the latest HR headline from the start-up world, the offending executive doesn’t fit the typical mold, but the lesson remains the same: don’t ignore human resources.

Miki Agrawal, the self-proclaimed “SHE-eo” of THINX, and her “boundary pushing” workplace demeanor are the focus of a New York City Commission on Human Rights complaint by the former head of public relations, Chelsea Leibow. Leibow alleges that Agrawal created a hostile work environment through her constant discussion of sex, nudity around employees, and inappropriate touching of employees’ breasts.

THINX, the “period underwear” company that seeks to disrupt the menstrual products world, intentionally pushes boundaries with its marketing strategies. In her role, Leibow was responsible for PR emails, which were the subject of media attention highlighting the emails’ casual, “millennial-speak.” According to Leibow in an interview with New York Magazine, the company also pushed internal boundaries of professionalism.  Leibow alleges that, just a few months after she joined THINX Agrawal, “helped herself” to Leibow’s breasts and engaged in a variety of other sexualized conduct.  Leibow asserts that Agrawal drove a casual culture, and that many employees engaged in more casual (and often sexually-inappropriate) conversations out of fear of losing their jobs.

Leibow alleges that she made multiple internal complaints, including to the CFO and CCO, about Agrawal’s behavior, but those complaints were ignored. Rather than establish a formal HR function, Agrawal introduced “Culture Queens” to manage internal disputes. Neither of these individuals had HR experience, and the reporting line brought all complaints back to Agrawal – even those complaints about her. In fact, Leibow alleged that it was ingrained into the culture that the employees and the executive team “operated on different planes.”

In response to Leibow’s complaint and subsequent publicity, Agrawal published a blog acknowledging that THINX failed to appropriately establish a human resources function early enough in the formation of the company. Like many start-ups, when THINX had only 15 employees, Agrawal did not make hiring an HR professional a priority.  She acknowledges that the failure to address human resources was a “problem area,” but “to sit down and get an HR person and think about [health insurance, vacation days, benefits, and maternity leave] were left to the bottom of the pile of things to get done.” THINX has commissioned an employment law firm to investigate these claims, along with several other allegations being anonymously reported to various news outlets.

Following the complaint, Agrawal has stepped down as CEO, and THINX is hiring a new CEO and a HR manager. Our attorneys have seen a continuing pattern of successful start-up companies ignoring human resources functions in favor other responsibilities to launch the business.  But as this example teaches, start-ups and other small businesses should not leave HR-planning to the end. Although managing the HR function early on seems less important than getting the business off the ground, failing to establish basic workplace rules, including a harassment complaint procedure, can lead to major problems.

Human Resources and Payroll should advise employees in their departments to be on the lookout for the latest tax season phishing scam designed to steal employees’ tax related information and social security numbers. Given the regular frequency of these types of attacks, employers should be taking appropriate steps to safeguard employee Personally Identifiable Information (“PII”).  At a minimum, Human Resources should have in place written policies regarding the handling of employee PII and provide training designed to protect employee PII against a data breach.  Because Human Resources works with employee PII on an everyday basis, it may be the best equipped to secure sensitive personnel information against the type of fraudulent scheme highlighted in the recent IRS alert.

On February 2, 2017, the IRS issued an urgent alert to employers regarding a phishing scheme intended to steal employees’ tax related information to commit identify theft and tax fraud. The IRS reports that the scam involves spoofing an email to make it appear as if it is coming from an organization’s executive.  The email is sent to an employee in the Human Resources or Payroll departments, requesting a list of employees and their Forms W-2.  The IRS reports that the phony email may also request the names and social security numbers of employees with their addresses and dates of birth.  Since the email is disguised to be from an internal email address, should the HR or Payroll employee respond with the information it will actually be sent out of the organization to a cybercriminal.  The phishing scam is presently targeting healthcare organizations, shipping companies, school districts, restaurants, and temporary staffing agencies.

What preventative steps can be taken to guard against these attacks? Human Resources should ensure that policies and procedures are in place requiring that the sending of employees’ confidential tax related information by email only be done with 100% confidence that the intended recipient is within the organization and has requested the information. Indeed, the IRS advises that employers consider adopting written policies that govern the electronic distribution of confidential employee Form W-2s and tax related information.  One simple protective measure may be that a phone call confirmation is required before hitting the send button.  As a general matter, employers should have in place comprehensive written policies and procedures that govern the electronic sending, receiving and storage of confidential personnel related PII and provide workforce training to protect against data breaches and fraudulent schemes.  In addition to procedures verifying that the recipient of sensitive PII is actually within the organization, employers may also want to consider technologies providing for use of encryption when sending personnel related PII by email.  The maxim that “an ounce of prevention is worth a pound of cure” is in full effect here since a well thought out strategy is the best defense.

Our colleague Daniel J. Green, an Associate at Epstein Becker Green, has a post on the Trade Secrets & Noncompete Blog that will be of interest to many of our readers in the technology industry: “Aggressive New Antitrust Guidance for Human Resources Professionals Threatens Criminal Prosecution for Certain Unlawful Wage Fixing and No Poaching Agreements”

Following up on a string of civil enforcement actions and employee antitrust suits, regarding no-poaching agreements in the technology industry, on October 20, 2016 the Department of Justice (“DOJ”) and Federal Trade Commission (“FTC”) issued Antitrust Guidance for Human Resources Professionals (the “Guidance”). The Guidance outlines an aggressive policy to investigate and punish employers, and individual human resources employees who enter into unlawful agreements concerning employee recruitment or retention.

The Guidance focuses on three types of antitrust violations:

  • Wage fixing agreements: agreements among employers to fix employee compensation or other terms or conditions of employment at either a specific level or within a range;
  • No poaching agreements: certain agreements among employers not to solicit or hire one another’s employees not ancillary to an overarching pro-competitive collaboration; and
  • Unlawful information exchanges: exchanges of competitively sensitive information which facilitate wage matching among market participants.

Read the full post here.

We recently had the pleasure of being interviewed by Julianne Tveten of Motherboard, for her article “HR Comes Last at Startups, and Women Pay the Price.”

The article raises some important issues for startup founders and investors.  In particular, as we discuss, a delay in establishing HR policies may inadvertently draw claims of harassment in the workplace.

Following is an excerpt of one of our passages:

“Usually, the wakeup call comes by way of litigation, investigation, or when the people strategy is not completely sound and investors or potential acquirers look at the operating model and it impacts their evaluation,” Schaefer said. “And that’s often way too late in the game to be focused on that.”

“It’s important to get on top of these issues early on or it’s easy to go for years out of [legal] compliance,” Michelle Capezza, an attorney who edits the blog with Schaefer, told Motherboard.

Read the full article here.