Our colleague Steven M. Swirsky at Epstein Becker Green has a post on the Management Memo blog that will be of interest to our readers: “NLRB Reverses Key Rulings: Returns to Pre-Obama Board Test for Deciding Joint-Employer Status and for Determining Whether Handbooks, Rules and Policies Violate the NLRA – Assessment of 2014 Expedited Election Rules and Future Changes Also Announced.”

Following is an excerpt:

It should come as no surprise that recent days have seen a stream of significant decisions and other actions from the National Labor Relations Board as Board Chairman Philip A. Miscimarra’s term moves towards its December 16, 2017 conclusion.  Chairman Miscimarra, while he was in a minority of Republican appointees from his confirmation during July 2013 and as a new majority has taken shape with the confirmation of Members Marvin Kaplan and William Emanuel, has clearly and consistently explained why he disagreed with the actions of the Obama Board in a range of areas, including the 2015 adoption of a much relaxed standard for determining joint-employer status in Browning-Ferris Industries, the standard adopted in Lutheran Heritage Village for determining whether a work rule or policy, whether in a handbook or elsewhere would be found to unlawfully interfere with employees’ rights under Section 7 of the National Labor Relations Act to engage concerted action with respect to their terms and conditions of employment, and his disagreement with the expedited election rules that the Board adopted through amendments to the Board’s election rules. …

In Hy-Brand Industrial Contractors Ltd. and Brandt Construction Co., decided on December 14, 2017, in a 34-2 decision, the Board has discarded the standard adopted in Browning-Ferris, and announced that it was returning to the previous standard and test for determining joint-employer status and returning to its earlier “direct and  immediate control standard.”  …

In The Boeing Company, also decided on December 14, 2017, the Board adopted new standards for determining whether “facially neutral workplace rules, policies and employee handbook standards unlawfully interfere with the exercise” of employees rights protected by the NLRA. …

Noting that the 2014 Election Rules were adopted over the dissent of Chairman Miscimarra and then Member Harry Johnson, and the fact that these rules have now been effect for more than two years, on December 14th, the Board, over the dissents of Members Mark Pearce and Lauren McFerren, both of who were appointed by President Obama, published a Request for Information, seeking comment …

Read the full post here.

When deliberations began regarding the first tax reform legislation in over thirty years, many raised concerns that tax reform measures would adversely affect retirement savings programs such as the 401(k) plan.  Now, as the tax reform proposals have become further vetted, the 401(k) approach to pre-tax retirement savings appears to remain intact and may actually survive “Rothification”.  The IRS also recently increased the 401(k) pre-tax savings contribution limit to $18,500 for 2018.  Despite the confirmed importance of retirement savings vehicles such as the 401(k) Plan, many eligible participants for these employer-sponsored programs do not enroll in the plans, fail to contribute as much as they could, or do not fully understand how to maximize their benefits or select their investment options.  Multigenerational employees also have different financial needs and perceptions, and receive communications differently.   Plan sponsors should take this opportunity, as passage of tax reform legislation appears imminent, to provide eligible employees and participants with an enhanced communications program touting the benefits of 401(k) plan participation.

What Enhancements Can be Made to Existing 401(k) Plan Communications?

As plan sponsors know, certain plan communications are required and are already provided to plan participants through specific channels such as direct mail or e-delivery.   These materials include summary plan descriptions, summary annual reports, and participant fee disclosures.  In addition, there may be safe harbor notices, 404(c) plan disclosures, automatic contribution notices, qualified default investment alternative notices, fund change notices, blackout notices, and perhaps even investment education or advice materials distributed to participants.  A re-occurring debate is that participants do not read, understand, or cannot even locate all of these materials.  Plan sponsors might be well-served by considering the following when enhancing their otherwise required communications:

  • Incorporate tools into a traditional communications program such as mobile applications that can deliver understandable information to those on-the-go, in short snippets, regarding the benefits of plan participation
  • Issue periodic email, text message or other digital/social media reminders regarding increasing savings rates during the year and how a percentage increase can impact retirement savings over time
  • Offer online short videos or podcasts (5 to 15 minutes) that explain 401(k) features and benefits in digestible segments
  • Provide generic plan enrollment assistance either through on-site meetings, video-conference or on-line software
  • Strategically time the issuance of communications well before the due date of a summary of material modification that will allow participants to fully maximize the benefit of a plan design change
  • Connect the messaging with relevant events (such as passage of new legislation; a corporate acquisition)
  • Consider a financial wellness program that can educate employees regarding their whole financial picture, including managing debt and how to allocate available compensation to employer-provided benefit programs

The foregoing suggestions are a starting point and should be tailored to the organization’s needs and employee demographics.  The idea is to develop a strategy that supplements the required communications, and does so in a brief and engaging manner without contradicting plan terms.  The messaging can also refer the employees back to the longer, required communications and documentation which might be located on a company intranet for easy access.  Further, these types of communications do not need to be personalized and should not include personally identifiable information, unless the mechanisms are fully compliant with cybersecurity policies including password protection and encryption.  Also, these particular communications should avoid being fiduciary or advice-oriented in nature.  Instead, the goal is to highlight, and educate employees regarding, the important plan benefits and encourage them to participate in a language they understand.  This approach can also be duplicated for other types of employee benefits (i.e., the ones that survive tax reform).

Our colleagues , at Epstein Becker Green, have a post on the Retail Labor and Employment Law blog that will be of interest to many of our readers in the health care industry: “Proposed Federal Bill Would Pre-Empt State and Local Paid Sick Leave Laws.”

Following is an excerpt:

On November 2, 2017, three Republican Representatives, Mimi Walters (R-CA), Elise Stefanik (R-NY), and Cathy McMorris Rodgers (R-WA), introduced a federal paid leave bill that would give employers the option of providing their employees a minimum number of paid leave hours per year and instituting a flexible workplace arrangement. The bill would amend the Employee Retirement Income Security Act (“ERISA”) and use the statute’s existing pre-emption mechanism to offer employers a safe harbor from the hodgepodge of state and local paid sick leave laws. Currently eight states and more than 30 local jurisdictions have passed paid sick leave laws.

The minimum amount of paid leave employers would be required to provide depends on the employer’s size and employee’s tenure. The bill does not address whether an employer’s size is determined by its entire workforce or the number of employees in a given location. …

Read the full post here.

In a recent update to the IRS’ Questions and Answers on Employer Shared Responsibility Provisions under the Affordable Care Act, the IRS has advised that it plans to issue Letter 226J informing applicable large employers (ALEs) of their potential liability for an employer shared responsibility payment for the 2015 calendar year, if any, sometime in late 2017.  The IRS plans to issue Letter 226J to an ALE if it determines that, for at least one month in the year, one or more of the ALE’s full-time employees was enrolled in a qualified health plan for which a premium tax credit (PTC) was allowed (and the ALE did not qualify for an affordability safe harbor or other relief for the employee). The IRS will determine whether an employer may be liable for an employer shared responsibility payment, and the amount of the potential payment, based on information reported to the IRS on Forms 1094-C and 1095-C and information about the ALEs full-time employees that were allowed the premium tax credit.

In my blog last year “ACA Information Reporting: Ensuring Big Data Analyses Do Not Lead to Big Penalties,” the terms of a Letter 226J were still unclear, yet the imperative to establish an approach for reviewing and responding to these types of letters was forewarned.  If an ALE receives a Letter 226J from the IRS, the employer will have only 30 days from the date of the letter to dispute liability for a penalty payment.  With the holiday season and other year-end deadlines, preparing a response with sufficient detail will undoubtedly become a daunting task.  As provided on the model Letter 226J, employers that wish to dispute the liability assessment will need to:

  • Complete, sign, and date a Form 14764, Employer Shared Responsibility Payment (ESRP) Response, and send it to the IRS by the due date along with a signed statement explaining why the employer disagrees with part or all of the proposed ESRP,
  • Ensure that the statement describes changes, if any, the employer wants to make to the information reported on Form(s) 1094-C or Forms 1095-C,
  • Make changes, if any, on the Employee PTC Listing using the indicator codes in the Instructions for Forms 1094-C and 1095-C for the tax year shown on the first page of this letter,
  • Include the revised Employee PTC Listing, if necessary, and any additional documentation supporting the employer’s changes with the Form 14764, ESRP Response, and signed statement.

If the ALE responds to Letter 226J, the IRS will acknowledge the ALE’s response to Letter 226J with an appropriate version of Letter 227 (a series of five different letters that, in general, acknowledge the ALE’s response to Letter 226J and describe further actions the ALE may need to take).  If, after receipt of Letter 227, the ALE disagrees with the proposed or revised employer shared responsibility payment, the ALE may request a pre-assessment conference with the IRS Office of Appeals.  The ALE should follow the instructions provided in Letter 227 and Publication 5, Your Appeal Rights and How To Prepare a Protest if You Don’t Agree, for requesting a conference with the IRS Office of Appeals.  A conference should be requested in writing by the response date shown on Letter 227, which generally will be 30 days from the date of Letter 227.

Now is the time to consider a self-audit of 1095-C reporting, as well as organization of documents that may be needed to prepare a response and/or appeal to the IRS. If the ALE does not respond to either Letter 226J or Letter 227, the IRS will assess the amount of the proposed employer shared responsibility payment and issue a notice and demand for payment, Notice CP 220J.

Our colleagues , at Epstein Becker Green, have a post on the Retail Labor and Employment Law blog that will be of interest to many of our readers in the technology industry: “New Jersey’s Appellate Division Finds Part C of the “ABC” Independent Contractor Test Does Not Require an Independent Business

Following is an excerpt:

In a potentially significant decision following the New Jersey Supreme Court’s ruling in Hargrove v. Sleepy’s, LLC, 220 N.J. 289 (2015), a New Jersey appellate panel held, in Garden State Fireworks, Inc. v. New Jersey Department of Labor and Workforce Development (“Sleepy’s”), Docket No. A-1581-15T2, 2017 N.J. Super. Unpub. LEXIS 2468 (App. Div. Sept. 29, 2017), that part C of the “ABC” test does not require an individual to operate an independent business engaged in the same services as that provided to the putative employer to be considered an independent contractor. Rather, the key inquiry for part C of the “ABC” test is whether the worker will “join the ranks of the unemployed” when the business relationship ends. …

Read the full post here.

Employers continue to incorporate the use of biometric information for several employee management purposes, such as in systems managing time keeping and security access that use fingerprints, handprints, or facial scans.  Recently, Illinois state courts have encountered a substantial increase in the amount of privacy class action complaints under the Illinois Biometric Information Privacy Act (“BIPA”), which requires employers to provide written notice and obtain consent from employees (as well as customers) prior to collecting and storing any biometric data.  Under the BIPA, the employer must also maintain a written policy identifying the “specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used.”  740 ILC 14/15(b)(2).

Although the BIPA was enacted almost 10 years ago, individuals did not start filing lawsuits until 2015.  Since September 2017, there have been over twenty-five new filings in Illinois state courts including class actions against prominent international hotel and restaurant chains.  These lawsuits tend to target employers utilizing finger print recognition machines as part of their time keeping systems.  Where the employer uses a third-party supplier for its time-tracking system, the claims have also included allegations that the employer improperly shared the biometric information with the supplier without obtaining the proper consent.  In these cases, the claims generally allege that the employer failed to provide proper notice.

Though there is no definitive reason for the increase in filings over the past months, the claims may be related to the increased use of biometric information in the workplace since the initial case filings in 2015.  While Texas and Washington also have laws governing employer use of biometric information, Illinois is the only state that currently provides a private right of action, including class actions.  Additionally, potential damages associated with BIPA violations, particularly for class actions, can be extensive, including liquidated damages of $1,000 per negligent violation (or the amount of actual damages, whichever is greater), liquidated damages of $5,000 per intentional or reckless violation (or the actual damages, whichever is greater) and attorney’s fees.

What Can Employers Do?

  • Prior to collecting or storing biometric data, employers in Illinois should: (1) create a written policy regarding the retention and destruction of biometric data; (2) obtain written acknowledgment and release from the employees; and (3) store the biometric information securely, similar to other confidential information, such as personal health information or personally identifiable information.
  • Employers who use a third party to assist with the collection or storage of biometric data should include the third party in the acknowledgement and release, which employees execute.
  • Employers also should be aware that most states, including Illinois, have legislation governing how employers respond to data breaches and the required notifications to employees. If a data breach occurs, employers are advised to immediately contact counsel to devise and implement a response plan.
  • In the event of litigation, employers should remove BIPA cases to federal courts when possible, particularly where the allegations focus on notice and consent issues, as employers can argue that plaintiffs cannot establish the necessary harm to establish standing as required by the Supreme Court case Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016) (requiring more than a “bare procedural violation” to establish harm). Because employees likely will have difficulty establishing actual harm where the biometric data was stored in a confidential and secure manner, employers may be successful in getting such claims dismissed.

As the laws regulating biometric data continues to evolve, employers should monitor this issue closely and consult with counsel as further developments occur to ensure compliance with any relevant regulations.

For the second time in as many years, California Governor Jerry Brown has vetoed “wage shaming” legislation that would have required employers with 500 or more employees to report gender-related pay gap statistics to the California Secretary of State on an annual basis beginning in 2019 for publication on a public website. Assembly Bill 1209 (“AB 1209”), which we discussed at length in last month’s Act Now advisory, passed the Legislature despite widespread criticism from employers and commerce groups.  This criticism included concerns that publication of statistical differences in the mean and median salaries of male and female employees without accounting for legitimate factors such as seniority, education, experience, and productivity could give a misleading impression that an employer had violated the law.  Opponents also decried the burden the bill would place on employers to do data collection and warned that it would lead to additional litigation.  In vetoing the measure, Governor Brown noted the “ambiguous wording” of the bill and stated he was “worried that this ambiguity could be exploited to encourage more litigation than pay equity.”

However, the same pen that vetoed AB 1209 signed another pay-equity law last week: Assembly Bill 168 (“AB 168”).  AB 168 precludes California employers from asking prospective employees about their salary history information.  “Salary history information” includes both compensation and benefits.  Like similar laws passed recently in several other states and cities, the policy underlying the inquiry ban is that reliance upon prior compensation perpetuates historic pay differentials.  Opponents have argued that such a ban will make it more difficult for employers to match job offers to market rates.  Go to our Act Now Advisory on AB 168 for a comprehensive review of this new law.

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”  Upon adoption by the NAIC, the NYSDFS regulations requiring that NYS financial organizations have in place a written and implemented cyber security program will gain further traction toward setting a nationwide standard for cyber security and breach notification.  Indeed, although there are differences, the NAIC drafters emphasized that any Licensee in compliance with the NYSDFS “Cybersecurity Requirements for Financial Services Companies” will also be in compliance with the model law.

The NAIC Working Committee expressed a preference for a uniform nationwide standard: “This new model, the Insurance Data Security Model Law, will establish standards for data security and investigation and notification of a breach of data security that will apply to insurance companies, producers and other persons licensed or required to be licensed under state law. This model, specific to the insurance industry, is intended to supersede state and federal laws of general applicability that address data security and data breach notification. Regulated entities need clarity on what they are expected to do to protect sensitive data and what is expected if there is a data breach.  This can be accomplished by establishing a national standard and uniform application across the nation.”  Other than small licensees, the only exemption is for Licensees certifying that they have in place an information security program that meets the requirements of the Health Insurance Portability and Accountability Act.  According to the Committee, following adoption, it is likely that state legislatures throughout the nation will move to adopt the model law.

The model law is intended to protect against both data loss negatively impacting individual insureds, policy holders and other consumers, as well as loss that would cause a material adverse impact to the business, operations or security of the Licensee (e.g., trade secrets).  Each Licensee is required to develop, implement and maintain a comprehensive written information security program based on a risk assessment and containing administrative, technical and physical safeguards for the protection of non-public information and the Licensee’s information system.  The formalized risk assessment must identify both internal threats from employees and other trusted insiders, as well as external hacking threats.  Significantly, the model law recognizes the increasing trend toward cloud based services by requiring that the program address the security of non-public information held by the Licensee’s third-party service providers.  The model law permits a scalable approach that may include best practices of access controls, encryption, multi-factor authentication, monitoring, penetration testing, employee training and audit trails.

In the event of unauthorized access to, disruption or misuse of the Licensee’s electronic information system or non-public information stored on such system, notice must be provided to the Licensee’s home State within 72 hours.  Other impacted States must be notified where the non-public information involves at least 250 consumers and there is a reasonable likelihood of material harm.  The notice must specifically and transparently describe, among other items, the event date, the description of the information breached, how the event was discovered, the period during which the information system was compromised, and remediation efforts.  Applicable data breach notification laws requiring notice to the affected individuals must also be complied with.

Our colleague Michelle Capezza of Epstein Becker Green authored an article in Confero, titled “Managing Employee Benefits in the Face of Technological Change.”

Following is an excerpt – click here to download the full article in PDF format:

There are many employee benefits challenges facing employers today, from determining the scope and scale of traditional benefits programs to offer that will attract, motivate and retain multigenerational employees, to embracing new models for defining and providing benefits, while simultaneously managing costs. In the midst of these challenges is the wave of technological change that is impacting all areas of the workplace, including human resources and benefits. In recent years, many new technological tools have emerged to aid in the administration of benefit plans, delivery of participation communications, as well as provide education and advice. These tools often require collection of sensitive data or allow employees to provide personal information in an interactive environment, such as:

  • Benefits, HR and payroll software, and plan recordkeeping, systems
  • Online and mobile applications for benefits enrollment and benefits selection assistance
  • Social media tools and applications for benefits information and education
  • Online investment allocation tools, robo advisors, financial platforms
  • Telehealth and wellness programs

These and other advancements are a sign of the times. While they appeal to employees, reduce burdens on employers, and assist in driving down program costs, organizations must be mindful that cyberattacks on benefit plans and participant information have occurred and measures should be taken to protect against such data breaches.

Our colleague Sharon L. Lippett, at Epstein Becker Green, has a post on the Financial Services Employment Law blog that will be of interest to many of our readers technology industry employers and plan sponsors: “Plan Sponsors: Potential Targets for IRS Compliance Examinations.”

Following is an excerpt:

The IRS recently released the Tax Exempt and Government Entities FY 2018 Work Plan (the “2018 Work Plan”) which provides helpful information for sponsors of tax-qualified retirement plans about the focus of the IRS’ 2018 compliance efforts for employee benefit plan.  While the 2018 Work Plan is a high-level summary, it does address IRS compliance strategies for 2018 and should assist plan sponsors in administering their retirement plans.…

Read the full post here.