The U.S. Supreme Court just handed employers a huge win in the continuing war over California’s Private Attorneys General Act (PAGA), a bounty-hunter statute that deputizes employees to sue on behalf of the state. In yesterday’s Viking River Cruises, Inc. v. Moriana, decision, the Supreme Court held that employers may compel employees to arbitrate
The Supreme Court of California has just resolved a long-standing debate over whether employees may recover additional statutory penalties if employers do not include unpaid premium payments for meal period and rest break violations (commonly referred to as “break penalties”) on employee paystubs, or include such premium payments with an employee’s final wages due immediately…
Pay transparency laws (laws requiring employers to disclose compensation ranges to applicants) are spreading like wildfire across the US. Regulators are hoping such laws eliminate pay differentials based on gender or race. Putting good intentions aside, the laws are a source of huge consternation for businesses as the state and local requirements vary greatly in…
On April 1, a state court judge in Los Angeles ruled that the California law (AB 979) mandating publicly traded companies include people from underrepresented communities on their boards violates the California Constitution. We initially reported on AB 979 here, noting that it was the first law of its kind in the US and was the second time California sought to mandate diversification of public company boards through legislation. In 2018, the first piece of California legislation (SB 826) aimed at increasing gender diversity; in 2020, AB 979 sought to increase diversity from underrepresented communities.
The 2020 law requires publicly held corporations headquartered in California to include at least one person on their boards from an underrepresented community by the end of last year, with additional appointments required in future years. People from underrepresented communities are defined as anyone who self-identifies as Black, African American, Hispanic, Latino, Asian, Pacific Islander, Native American, Native Hawaiian or Alaska Native, or who self-identifies as gay, lesbian, bisexual or transgender.
Under AB 979, the California Secretary of State must report annually on companies’ compliance with the law and may impose fines of $100,000 for an initial violation and $300,000 for each subsequent violation.…
2022 is looking to be an unprecedented year for California companies’ privacy law obligations. The California Privacy Rights Act (CPRA) takes effect on January 1, 2023, with a twelve-month look-back that also applies to the personal data of employees and business contacts. The new California Privacy Protection Agency is preparing regulations that will sit on top of existing rules from the California Attorney General. Meanwhile, the California Legislature is enacting privacy laws even though it has not repealed or streamlined any of the myriad California privacy laws that continue to apply in addition to the California Consumer Privacy Act (CCPA).
On March 1, we held a webinar focused on the employment law implications stemming from these significant changes and covering a handful of critical hot topics (e.g., how to process vaccination information, the treatment of employees of PEOs, and EORs). If you missed it, here are the major highlights you should know!
Preparing for CCPA / CPRA Compliance
- CPRA amendments to CCPA take effect January 1, 2023; this ends the transitional exemptions for “HR” and “B2B contact information” and includes a 12-month look-back to January 1, 2022.
- “At collection notices” have been required since January 1, 2020, with increased disclosure requirements since December 16, 2020. For more detail, click here.
- Businesses must declare on January 1, 2023, in privacy policies whether they have been selling or sharing personal information of employees and B2B contacts in the preceding 12 months and, if yes, offer opt-out mechanisms and alternatives without discrimination.
- Businesses must update service provider agreements, including with recruiters and IT, cloud, payroll, benefits, and other providers.
- Businesses must offer broad access, deletion, rectification, portability and other rights to California employees and B2B contacts, and prepare for what may be the end of confidentiality in the employment area; employers should conduct training, and implement robust data governance policies (incl. deletion and discovery).
Data Access / Deletion Requests from Employees
- Under existing employment law, California employees (not contractors) have the right to inspect and receive a copy of the personnel files and records that relate to their performance or any grievance concerning them within 30 days of their written request. The existing right to inspect does not extend to records relating to the investigation of a possible crime, letters of reference, or various ratings or reports.
- By contrast, the new “right to know” under the CPRA/CCPA goes further. It encompasses two distinct rights: (i) the right to a disclosure explaining how the employer collects and handles the individual’s personal information; and (ii) the right to copies of “specific pieces of personal information.” The “right to know” applies to California consumers, which goes beyond employees (i.e., including contractors). In theory, it could extend the scope of the “right to know” from simply the personnel file to include, for example, informal communications about the employee, investigations, etc. Employers must generally comply with such requests within 45 days.
- The “right to know,” however, is not absolute, and employers can refuse if the request is manifestly unfounded or excessive (e.g., if the purpose is to harass) and does not cover privileged information (e.g., communications with in-house and external counsel).
- The CPRA/CCPA also introduce a new right to “data deletion.” This right is not absolute either. An exception should apply for most categories of personal information reasonably necessary to managing or administering current or past employment or contract work relationship.
- Finally, the CPRA/CCPA gives California residents other rights including the right to limit the processing of sensitive information. There are exceptions to the right to limit the processing of sensitive information, but none of the statutory exceptions apply squarely to HR data.
With special thanks to our data privacy colleague Helena Engfeldt for her contributions.
On February 17, 2022, California Senator Bob Wieckowski introduced a bill (SB 1189) that would add protections for biometric information and establish a private right of action permitting individuals to allege a violation of the law and bring a civil action. The legislation is similar to the Biometric Information Privacy Act in Illinois (BIPA) which is creating expensive headaches for Illinois employers. (Read about the latest BIPA developments here.) If enacted, the law will cover all employers that use biometric time-keeping systems in California. Many employers would have to navigate the law alongside other California privacy laws such as the California Consumer Privacy Act (CCPA).
Here’s what employers need to know about SB 1189:
The bill would apply to any private entity regardless of size. “Private entity” is defined as an individual, partnership, corporation, limited liability company, association, or similar group, however organized.
How does the bill define biometric information?
- A person’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), that can be used or is intended to be used, singly or in combination with each other or with other identifying data, to establish individual identity;
- It includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
Actions under California’s Private Attorneys General Act (PAGA) have long plagued employers, both large and small, but that all may change this year.
What is PAGA?
PAGA, enacted in 2004, permits a single employee to stand in the shoes of the state’s Attorney General and file suit on behalf of other “aggrieved” employees to recover penalties for California Labor Code violations. The potential recovery against employers can be substantial, with default penalties calculated as $100 “for each aggrieved employee per pay period for the initial violation,” and $200 per aggrieved employer per pay period for “each subsequent violation.” As such, potential PAGA awards commonly reach millions of dollars against small employers, and tens of millions against large employers, just for simple administrative oversights.
In addition to the potential for steep penalties, several California court decisions have expanded the reach of PAGA over the years. In 2009, the California Supreme Court held that employees bringing actions under PAGA need not comply with the strict procedural rules governing class actions. See Arias v. Superior Court, 46 Cal. 4th 969 (2009). Then, in 2014, the California Supreme Court held that employees could not waive their right to bring PAGA claims in court, paving the way for an increase in PAGA litigation. See Iskanian v. CLS Transportation Los Angeles, LLC, 59 Cal. 4th 348 (2014).
Recently, California courts have provided some limits to the expansion of PAGA. In 2021, the California Court of Appeals provided a potential “manageability” defense for employers. Specifically, in Wesson v. Staples The Office Superstore, LLC, the Court of Appeals held that trial courts have the discretion to strike claims for penalties under PAGA if the claims will be unmanageable due to individualized issues at trial. See 68 Cal. App. 5th 746 (2021).
Is there an end in sight?
However, the fate of PAGA may rest in the hands of California voters this year. In December 2021, California’s Secretary of State approved the distribution of a petition to put an initiative on the 2022 ballot called “the California Fair Pay and Accountability Act.” The California Fair Pay and Accountability Act aims to essentially repeal PAGA, and replace it with an alternative framework for the enforcement of labor laws.…
As the Omicron wave recedes, a raft of states have announced plans to lift their mask mandates.
In the past few days alone, California, Connecticut, Delaware, Illinois, Massachusetts, Nevada, New Jersey, New York, Oregon, and Rhode Island have announced changes to their face covering rules. And if the number of Omicron cases continues to dwindle…
On February 9, California Governor Gavin Newsom signed legislation (Senate Bill 114) providing up to two additional weeks of paid time off if an employee is sick with COVID-19, or if they have to take care of a family member who contracts the disease. The law takes effect immediately and is retroactive to January 1, 2022, but an employer’s obligation to provide 2022 COVID-19 supplemental California paid sick leave (CPSL) does not begin until 10 days after the governor signs: February 19, 2022. Leave is available through September 30, 2022.
The law is similar to legislation that expired in September last year.
What kinds of employers are covered?
Small businesses are exempt. The new law only applies to businesses with 26 employees or more.
Who are covered employees?
Covered employees are those unable to work or telework due to certain reasons related to COVID-19, including:…
We are pleased to share a recent Washington Post article, “Ask Help Desk: What should I do when my job gives me lousy tech?” with quotes from Mike Brewer. We’ve all been there or at least know someone who has: You land that coveted job only to get handed disappointing — and maybe even outdated…