U.S. & EU REACH PRIVACY SHIELD AGREEMENT FOR TRANSFER OF PERSONAL DATA
Massachusetts has amended its anti-discrimination law to ban discrimination against pregnant workers and job applicants. The law prohibits an employer from taking an adverse employment action because an individual is pregnant. The law also will require employers to provide reasonable accommodations to pregnant workers.
Although Massachusetts and federal laws already protect workers from discrimination if they incur disabling conditions due to pregnancy, this law also protects employees who are experiencing healthy pregnancies. The new law also explicitly requires employers to provide accommodations related to nursing, including provision of a private, non-bathroom area for this purpose. The amendment became effective April 1, 2018.
In late 2015, new rules went into effect for organizations which accept credit cards at point-of-service.
In the aftermath of mass data breaches, many credit card companies have issued a new type of credit card to American consumers. These credit cards use a chip on the card to transmit a customer's information at the time of payment, rather than using a magnetic strip. This technology protects a customer's personal information. Businesses may need to install new card readers to read the new credit cards.
The October 1 deadline was not a legal deadline to adopt a new credit card reader. This deadline was created by the financial institutions which issue credit cards. Here's what the October 1 deadline meant: if a data breach occurred after October 1, 2015, banks will not absorb the costs of the data breach automatically. Instead, whichever organization has the least updated technology - either the business / organization which accepted the credit card, or the bank - will bear the costs associated with the data breach. For this reason, if your organization accepts credit cards, it is in your best interest to adopt credit card readers which can read credit cards with chip technology.
Not all credit cards with chips provide equal protection to consumers, however. Your business still may have more up-to-date card readers than the card issuer. This potentially would limit your liability. Contact Faulkner Legal for more information about the new credit cards, the status of your current technology, and resources and options for your business to consider.
The information available on this site is for informational purposes, and does not constitute legal advice. Review of this information does not create an attorney-client relationship.
MASSACHUSETTS UNVEILS ONLINE PORTAL FOR REPORTING DATA BREACHES
Massachusetts Attorney General Maura Healey has announced creation of a new Data Breach Reporting Online Portal. The portal may be used by businesses and organizations to notify the Attorney General's Office in the event of a possible data breach. Organizations already must provide notice to the Mass. Attorney General of a data breach affecting Massachusetts residents under the state's breach notification law and data security regulations. Previously, businesses needed to provide a hard copy notice to the Attorney General's Office. A link to the Attorney General's data breach website is included here:
The Massachusetts data breach law and regulations also requires an organization to provide notice to the Commonwealth's Director of the Office of Consumer Affairs and Business Regulation. That office also has an online form which an organization may complete to provide notice of a data breach. That online form can be found here:
When must an organization provide notice of a data breach? When may it be a good business practice to do so, even at the early stage of investigating a data incident? Please contact Faulkner Legal to learn more about an organization's obligations and best practices.
ACCOMMODATING STUDENTS WITH DISABILITIES IN THE TITLE IX GRIEVANCE PROCESS
Has your institution received a request to provide reasonable accommodations for disabilities in the Title IX adjudication process? Please see my article on United Educators' EduRisk blog:
The National Council on Disability cited my article in its 2018 report, Not on the Radar: Sexual Assault of College Students with Disabilities:
CREDIT CARD CHIP TECHNOLOGY: MORE PRIVACY FOR YOUR CUSTOMERS, LESS LIABILITY FOR YOUR BUSINESS
DEPT. OF LABOR RELEASES OVERTIME RULES
On May 18, 2016 the federal Department of Labor released its long-awaited new overtime rules. Under the Fair Labor Standards Act (FLSA), employees are entitled to earn overtime pay for any work performed beyond forty hours per week. Employers must pay overtime pay at one and a half times an employee's hourly rate. The Department of Labor raised the threshold for overtime pay eligibility to $47,476 per year, or $913 per week, beginning in December 2016. In other words, employers will have to pay overtime to white-collar employees who earn under $47,476 per year. Prior to this update, many employees who made more than $455 per week ($23,660 per year) could have been exempt from overtime pay. The Department of Labor had estimated an additional 4.6 million workers could become eligible for overtime pay under these new rules.
The new salary threshold was to adjust automatically every three years to align with the 40th percentile of weekly earnings for full-time salaried workers in the lowest wage U.S. Census region. The Department of Labor's final regulation did not include changes to definitions of administrative, executive, and professional employees for overtime purposes, or "duties" test. The "duties" test is used to evaluate whether some jobs are exempt from overtime. Exemptions exist for employees whose primary job duties are executive, administrative, and/or professional (a.k.a. the "white collar exemption.") This may include assistant managers and IT employees.
APPLICATION TO HIGHER EDUCATION: The DOL has addressed several higher ed-specific job classifications in its new rules. Please see our link to a DOL fact sheet:
Bona fide teachers, i.e. employees whose primary role is teaching, are exempt from overtime. This includes teachers, tutors, instructors and lecturers.
Academic administrative employees: employees who interact with students outside the classrooms will not be entitled to overtime if they are paid at least as much as the entrance salary for teachers at their institution.
Non-academic administrative employees: may be subject to overtime. This group covers admissions counselors and recruiters.
Graduate and undergraduate students: many of these students will not be eligible for overtime. For example, teaching assistants will fall under the teaching exemption. Research assistants and RAs may not be considered employees.
Post doctoral researchers: Post-docs who conduct scientific research may be eligible for overtime. Post-docs in the humanities may be exempt, if they have a primary duty of teaching.
Coaches: Coaches may fall under the teaching exemption, but only if their primary duty is teaching.
Please contact Faulkner Legal for further developments and more information at firstname.lastname@example.org.
On August 31, 2017 the federal district for the Eastern District of Texas held that the U.S. Department of Labor exceeded its authority when it drafted new overtime eligibility regulations. The court held that the regulations' new salary level for overtime eligibility was so high that the regulations did not provide for consideration of other factors about whether jobs should be exempt from overtime. (See posts below).
In November 2016, the federal court for the Eastern District of Texas issued an order blocking the Department of Labor's implementation of its new overtime regulations. This ruling came just one week before those rules were to become effective. Employers are considering their options about how to proceed with any planned changes to employees' salaries and/or job duties. The Department of Labor under President Obama had filed notice of its intent to appeal the court's ruling.
EARNED SICK TIME LAW
Massachusetts Attorney General Maura Healey has joined eight other states' attorneys general in urging adoption of chip-and-PIN technology to protect credit card holders. The nine attorneys general sent a letter to the financial institutions which issue the majority of credit cards in the United States. The lawyers asked the banks to implement both chip and PIN technologies which are available to protect sensitive customer data during a credit card transaction. Use of a PIN instead of a signature during the transaction provides a greater level of security, instead of undermining the security available through use of the chip reader. Attorney General Healey has responsibility for enforcing data protection laws in Massachusetts. Her office provides helpful information on this topic for both businesses and consumers. You can read their letter here:
HOW EMPLOYMENT POLICIES ADD VALUE TO YOUR BUSINESS
Proactive employment planning is the topic of my recent visit to Exit This Way, a business radio show focused on long-range business planning. From an employer's point of view, it's critical for employees to be focused on their business' goals. Ideally, an organization strives to focus on its core mission, not employment matters. With some thoughtfulness and effort, however, employment practices can be a point of pride, not a distraction. On Exit This Way, I explain how an employer can add value to its business by establishing clear employment policies on vacation pay, leaves of absences, equal opportunity, business records, disability requests, and more. If an employer establishes clear policies, and implements those policies consistently across the organization, this provides a blueprint for managing employment events as they arise. An employer can provide its rationale for its employment practices, and demonstrate compliance in the event of an audit or potential sale.
COURT RULES AGAINST OVERTIME RULES
NEW MASSACHUSETTS LAW BANNING PREGNANCY DISCRIMINATION
MASSACHUSETTS & NEW YORK
ATTORNEYS GENERAL URGE BANKS TO ADOPT CHIP-AND-PIN CREDIT CARD TECHNOLOGY
The U.S. and the European Union have reached an agreement which will provide a means for multinational companies to transfer personal data from Europe to the United States - the Privacy Shield Agreement. The Privacy Shield Agreement became effective on July 13, 2016. Companies which fall under the authority of the U.S. Commerce Department or the Department of Transportation have been able to self-certify compliance with Privacy Shield as of August 1, 2016.
Why is Privacy Shield needed? Previously, companies with EU subsidiaries, or employees in the EU, relied on a Safe Harbor agreement between the U.S. and the EU. A company's compliance with the Safe Harbor agreement indicated that the company complied with the EU's strict rules for privacy of personal data of EU residents. However, the Safe Harbor agreement was invalidated late in 2015, after a European privacy advocate won a lawsuit in the European Court of Justice about the handling of his personal data by an American company. Since then, American companies have had little or no way to transfer personal data of employees or individuals from the EU to America in compliance with EU requirements. Such restrictions had significant potential implications for today's global and technologically nimble economy.
What are the key components of Privacy Shield? Privacy Shield has detailed requirements which must meet to be eligible to participate in the program. The U.S. government also agreed to provisions to address Europeans' concern about U.S. handling of personal data, especially after the revelations of collection of personal data by the U.S. government just a few years ago. Some of the more noteworthy aspects of Privacy Shield include:
Should our company participate in the Privacy Shield program?
First and foremost, your company must determine whether it can comply with Privacy Shield program requirements. Those requirements, while numerous, are straightforward about how personal data must be handled. Beyond that, the big question remains as to whether your organization prefers to tolerate the risk associated with the potential for further litigation on this arena. Negotiators maintain that the program has been designed to address the legal issues noted by the European Court of Justice. However, privacy activists indicated their intent to pursue challenges to Privacy Shield even before the agreement was finalized. Each company must make its own determination of whether to invest in designing cross-border data transfers to comply with Privacy Shield in a still unsettled legal climate.
Faulkner Legal can provide more detail about Privacy Shield requirements.
Does your business have workers in Massachusetts? You may not be aware that Massachusetts voters passed a law last year which requires employers to provide sick time for its workers. This law became effective on July 1, 2015 for most employers. Read below to see whether and how your business is covered.
Who’s covered? Which employers? Which employees?
IMPORTANT: The new sick time law is comprehensive, covering a wider range of employers and employees than might be obvious at first.
You may think: “We already provide sick time to our employees. We’ve got this covered.” However, under the regulations which enforce this new law:
For colleges and universities, there has been an important change in the final regulations. Federal work-study students, or students participating in a substantially similar financial aid or scholarship program, are not considered employees for purposes of accruing paid sick leave. Students who work as resident assistants in exchange for a waiver of room, board, tuition, or other education-related expenses also are not covered.
Adjunct faculty compensated on a per-course or fee-for-service basis are considered to have worked three hours for each "classroom hour" worked. ("Classroom hour" is not defined.)
How much sick time must an employer provide?
A safe harbor applied to employers who already had policies which provided for at least 30 hours of paid time off as of May 1, 2015. Those employers were considered in compliance with the new law on July 1, 2015 with respect to the employees who receive paid time off, if the employers complied with their already-existing policies, and extended their time off provisions to employees who previously were not covered by the policy. The safe harbor was in effect through December 31, 2015. After that date, employers were required to comply with the new law's specific requirements unless their policies qualified as substitute paid leave policies.
For what purposes may an employee use sick time? Eligible reasons for time off are similar to those which are covered under the federal Family and Medical Leave Act (FMLA). Generally, sick time can be used for:
Paid time off under the Massachusetts law may be used or calculated concurrently with time off taken under other applicable laws.
The Massachusetts Attorney General's final regulations addressed many issues raised by employers and organizations. For example, the Attorney General provided specific information about other paid leave policies which may be allowed under the new law. The regulations address how unlimited sick leave policies may be administered. Some recordkeeping requirements may not apply.
The law, and the regulations to enforce this law, cover other areas of importance to employers and employees. For example, employers may require medical certification to support an employee’s request for sick time for more than 24 consecutive hours. Employees must not be discouraged from taking sick time, and cannot be subject to adverse action for taking earned sick time. The proposed regulations would establish the rates for calculating compensation for earned sick time, and increments of time which may be used. Of course, employers also may provide more general sick leave benefits than required by the new law.
The Massachusetts Attorney General's Office created a poster about the Earned Sick Time law. Employers are required to post this poster at their workplaces. Employers also must provide a hard copy or electronic copy of this notice to all eligible employees. Alternatively, you can include your policy on earned sick time, or substitute paid leave policy, in the applicable employee handbook. You can access the poster here:
© 2018 FaulknerLegal
All Rights Reserved