Wage and-hour-osha-eeoc


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wage and-hour-osha-eeoc

  1. 1. Wage and Hour, OSHA, and EEOCRegulatory and Enforcement Activity is Already Underway. Are You Prepared? An employer’s guide to new regulations and initiatives that are currently being considered by federal agencies. September 2011HR. Payroll. Benefits.
  2. 2. ContentsAbout the Report 1Wages and Hours Worked 2Immigration 7Workplace Safety 10Equal Employment Opportunity Commission 14Federal Contractors 19Data Privacy 24Conclusion 26About ADP® 27About Jackson Lewis 27
  3. 3. About the ReportThe purpose of this special report is to provide Federal agencies have also openly stated theiremployers with information to prepare for, and commitment to change as part of fulfilling theirplan for, the new regulations and initiatives, as well overall mission statement. The head of theas those that are currently being considered, by Department of Labor has said, “There is a newfederal agencies. sheriff in town and the agency is once again back in the enforcement business.” The head of theOn March 23, 2010, President Obama signed Office of Federal Contract Compliance Programsthe Affordable Care Act. Several months later, has said, “We are committed to enforcing ourhowever, the 2010 midterm Congressional laws to keep the doors of opportunity open for allelections quickly translated into a legislative workers–even if we have to pry those doors openstalemate, Republicans seized control of the from time to time.”U.S. House of Representatives, while Democratsmaintained a slim majority in the Senate. As aresult, there has been no new federal labor andemployment legislation passed in 2011. “There is a new sheriff in townThe legislative stalemate, however, has not and the agency is once again backslowed regulatory and enforcement activity by in the enforcement business.”federal agencies. Many agencies, including the — Hilda Solis, U.S. Secretary of LaborDepartment of Labor (DOL), Equal EmploymentOpportunity Commission (EEOC), OccupationalSafety and Health Administration (OSHA), Officeof Federal Contract Compliance (OFCCP), andDepartment of Homeland Security (DHS) havebeen busy changing and updating federal laborand employment regulations and enforcingthose regulations.In addition, many agency initiatives are comingfrom outside the regulatory rule-making process.These initiatives and programs are not subjectto the strict rule-making process, which wouldinclude public notice and an opportunity for thepublic to comment on the proposed rules. Suchinitiatives and programs have the potential toshape agency policy and can have an importantimpact on employer operations.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 1
  4. 4. Wages and Hours WorkedThe U.S. Department of Labor (DOL) is anagency that enforces many federal labor and By embracing an aggressiveemployment laws, including a key wage andhour law called the Fair Labor Standards Act enforcement policy and hiring(FLSA). This law has received renewed attention hundreds of new investigators,and vigor under the DOL’s leadership. Secretaryof Labor Hilda Solis remarked not so long ago, DOL handled about 32,000 wage“Workplace enforcement and safety is not only our and hour matters in fiscal yearresponsibility, it’s our moral obligation.” 2010, a jump of more than 30By embracing an aggressive enforcement policy percent in just two years.and hiring hundreds of new investigators, DOLhandled about 32,000 wage and hour matters infiscal year 2010 (ending September 30, 2010), a “We Can Help” appears to be targeted towardjump of more than 30 percent in just two years. specific industries, such as construction, dayDOL’s activity in 2011 has shown no signs of laborers and farm workers, and it clearly reachesslowing down. out to non-citizens and/or undocumented workers. The campaign’s encouragement of self-action inDOL Initiates “We Can Help” Campaign employee recordkeeping, coupled with the mediaAimed at Increasing Enforcement blitz, will likely increase complaints filed with“We Can Help” is a campaign designed to the DOL. To that end, the DOL added some 250educate workers about their rights under the additional investigators, in large part to supportFLSA. The campaign includes, among other this campaign.features, a separate website with links to pagesexplaining the rights of workers and Public ServiceAnnouncements (PSAs) in both English andSpanish by Hollywood stars, including Jimmy Smitsand Esai Morales. Secretary Solis and DoloresHuerta (co-founder of the United Farm Workers ofAmerica, AFL-CIO) also recorded PSAs in supportof the campaign.“I’m here to tell you that your president, yoursecretary of labor and this department will notallow anyone to be denied his or her rightful pay —especially when so many in our nation are workinglong, hard and often dangerous hours,” SecretarySolis said during a speech. “We can help, andwe will help. If you work in this country, you areprotected by our laws. And you can count on theU.S. Department of Labor to see to it that thoseprotections work for you.”Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 2
  5. 5. DOL Announces Collaboration with theAmerican Bar Association Step Two: DOL will propose a requirementThe DOL has announced a new collaboration that employers thoroughly and completelywith the American Bar Association (ABA), which implement the plan in a manner that preventsis a national association of lawyers. Under this legal violations. The plan cannot be a mere paperinitiative, FLSA or Family and Medical Leave Act process. The employer cannot draft a plan andcomplainants who are informed that the DOL is then put it on a shelf. The plan must be fullydeclining to pursue their complaint are provided implemented for the employer to comply with thea toll-free number to contact a newly created, “Plan/Prevent/Protect” compliance strategy.ABA-sanctioned Attorney Referral System. TheDOL has also pledged to provide prompt, relevant Step Three: DOL will propose a requirement thatinformation and documents on the referred case the employer or other regulated entity ensuresto complainants and the referral attorney electing that the plan’s objectives are met on a regularto take the case including, but not limited to, a list basis. Just any plan will not do. The plan mustof any violations found and the amount of back actually protect workers from violations of theirwages owed. workplace rights.DOL’s “Plan/Prevent/Protect” Employers who fail to take these steps to addressRegulatory Initiative comprehensively the risks, hazards, and inequitiesPursuant to the DOL’s “Plan/Prevent/Protect” in their workplaces will be considered out ofinitiative, employers and others must “find and fix” compliance with the law and, depending upon theviolations — that is, assure compliance — before agency and the substantive law it is enforcing,a DOL investigator arrives at the workplace. subject to remedial action. Employers must understand that the burden ison them to obey the law, not on the DOL to catchthem violating the law. This is the heart of theDOL’s new strategy. Simply put, the DOL is goingto replace “catch me if you can” with “Plan/Prevent/Protect.”Although the specifics will vary by law, industry andregulated enterprise, this strategy will require (atsome unknown point in the future) all regulatedentities to take three steps to ensure safe andsecure workplaces and compliance with the law:Step One: DOL will propose a requirement thatemployers and other regulated entities createa plan for identifying and remediating legalviolations and other risks to workers — forexample, a plan to review potentially unlawfulpay practices. The employer would provide theiremployees with opportunities to participate in thecreation of the plans. In addition, the plans wouldbe made available to workers so they can fullyunderstand them and help to monitortheir implementation.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 3
  6. 6. DOL Proposes “Right to Know” The DOL predicts that workers’ informationRegulation “could prove invaluable” during an investigation ofFrom an employer’s perspective, one of the most employers accused of failing to maintain accuratedifficult challenges associated with the FLSA is time records. Indeed, the app will allow workers toproperly classifying employees as exempt or non- “email the summary of work hours and gross payexempt. This is an important distinction. Exempt as an attachment” to the Department of Labor’semployees are not entitled to be paid overtime, investigators. The app provides a “glossary,while nonexempt employees are. contact information and materials about wage-and- hour laws through links to the Web pages of theDOL has proposed a new rule, entitled the Department’s Wage and Hour Division.” According“Right to Know Under the Fair Labor Standards to Secretary of Labor Solis, “This app will helpAct,” that would require employers to produce a empower workers to understand and stand upwritten “classification analysis” to justify exempt for their rights when employers have denied theiremployee status (and/or independent contractors hard-earned pay.”status) for each employee. This proposed rule hasgenerated interest in the employer community The DOL also is considering future updates tobecause of the potential burden and cost that it enable use on other smartphone platforms,would place on employers. such as AndroidTM and BlackBerry®, and to capture information on types of pay not currentlyDOL Launches Timesheet Application for addressed, “such as tips, commissions, bonuses,Smartphones deductions, holiday pay, pay for weekends, shiftWhat happens when an employee is misclassified differentials and pay for regular days of rest.”as exempt by an employer? That employee may DOL Ceases Issuing Opinion Lettersbe owed several years of overtime compensation(and additional penalties may apply). In order to Historically, employers have been able to request andetermine the amount of compensation due, the Opinion Letter from the DOL to obtain guidance in aDOL may ask the employee to construct a record specific factual setting. That is no longer true. DOLof hours worked. This has now become an easier has ceased issuing Opinion Letters and, instead,task for employees. has decided to issue more general “Administrator’s Interpretations” on topics the DOL selects. The firstThe DOL has announced the launch of its first several Interpretations, including the DOL’s currentapplication for smartphones, described as “a view that loan officers generally cannot qualify fortimesheet to help employees independently track the administrative exemption, have reflected a pro-the hours they work and determine the wages employee position.they are owed.” Users can track regular workhours, break time and any overtime hours theywork for one or more employers, according to theDOL press release on the application. The free“app” is compatible with iPhone® and iPod touch®and is available in English and Spanish.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 4
  7. 7. DOL Takes New Proactive, Company-Wide The DOL has itself suggested that “perhapsApproach to Settlements workers will review the database before beginningThe DOL has promised to pursue corporate-wide their job search, allowing them to more accuratelycompliance strategies to ensure that employers assess a prospective employer’s reputation. Ortake on responsibility for their compliance maybe someone will create a mashup of thebehavior. In a 2011 speech, Solicitor of Labor employers in their community and encouragePatricia Smith mentioned a recent settlement neighbors to stop doing business with serialwith an employer as an example of the DOL’s employment law violators.”new approach. Solicitor Smith explained that DOL Issues New Child Labor Regulationseven though the DOL’s enforcement action waslimited to only one of the employer’s facilities, The DOL issued new regulations concerningthe settlement included a nationwide injunction child labor under the FLSA. The regulationswhich broadly covers other company facilities and are focused on the limitations as to both dutiesworkers. Solicitor Smith explained “that’s the and work hours applicable to 14-15 and 16-17type of settlement you will see us entering into year-olds in “non-agricultural” occupations.more and more in the future…if we find a violation The regulations address in detail the typesat one facility, it should be corrected at all the of machinery that minors are permitted to,company’s facilities.” During the same speech, and barred from, operating as part of theirMs. Smith reiterated that “the Labor Department employment.is open once again.”DOL Posts Enforcement Data Online An employer must notify theThe DOL has unveiled a publicly accessible online employee that it will be usingenforcement database which provides accessto enforcement data collected by the Employee a tip credit.Benefits Security Administration (EBSA),Occupational Safety and Health Administration DOL Implements New Tip Credit(OSHA), Office of Federal Contract Compliance RegulationsPrograms (OFCCP), Mine Safety and HealthAdministration (MSHA), and Wage and Hour The FLSA allows an employer to pay a tippedDivision (WHD) in one location. employee an hourly wage less than the legal minimum wage under certain circumstances. TheAnyone can access the database and search tipped employee’s tips and hourly wage combinedby state, zip code and company name. Users must equal at least the legal minimum wage.can obtain detailed information including, for The difference between minimum wage and theexample, the number of “FLSA violations” per employee’s hourly wage is known as a tip credit.employer, amount of back wages the employer Federal law currently allows an hourly wage as“agreed to pay,” the number of employees the low as $2.13 per hour, resulting in a maximum tipemployer “agreed to pay,” the type of violation (i.e., credit of $5.12 per hour (i.e., current minimumminimum wage or overtime) and the amount of wage of $7.25 per hour minus $2.13 per hourcivil money penalties assessed. minimum tip wage = $5.12 per hour maximum tip credit).Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 5
  8. 8. The new rule specifies what information anemployer must provide to tipped employees as acondition to being able to take the tip credit. Anemployer must notify the employee that it will beusing a tip credit. The notice must includethe following:• The amount of wage the employer will pay the employee;• The amount the employer will credit against tips received;• That the tip credit will be no greater than the value of tips actually received;• That the tip credit cannot be applied unless the tipped employee has been informed of the tip credit provisions of the FLSA; and• That, except for valid tip pooling, all tips received by the tipped employee must be retained by the employee.The new rule states that requiring an employeeto share his or her tips with a lawful tip pool isthe only permissible use to which an employercan put an employee’s tips. The new rule alsostates that there is no cap on the percentage ofan employee’s tips that may be contributed to avalid tip pool. This portion of the rule discardslong-standing agency policy and acquiesces inthe rulings of several courts that had rejectedDOL’s position on this issue. Thus, employers mayrequire tipped employees to pool their tips withother service personnel without a restriction onthe amount pooled.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 6
  9. 9. ImmigrationAs noted on the website for the Department ICE Audits Thousands of Employersof Homeland Security (DHS), Secretary of Pursuant to advance notice, called a NoticeHomeland Security Janet Napolitano “has forged of Inspection, U.S. Immigration and Customsa smart and effective approach to enforcing our Enforcement (ICE), which is part of DHS, hasimmigration laws and prioritizing public safety audited several thousand employers acrosswhile targeting criminal aliens and aggressively the country to determine compliance withpursuing employers that knowingly take employment eligibility verification laws. Theadvantage of illegal labor.” DHS has focused on audits cover I-9 documentation, payroll records,businesses that hire undocumented workers, and copies of immigration filings, Social Securitynot the workers themselves. Administration communications requesting corrections, information on independentThis change in approach — from one that contractors, and related information. Allemphasized punishing the illegal foreign worker documentation normally must be producedto one that emphasizes punishing the employer within three business days of the employerthat hired the worker — is designed to reduce receiving the Notice.the demand for illegal employment by focusingon employers suspected of employing illegal or ICE says the employers targeted are those whoseunauthorized workers. businesses have a key role in keeping national infrastructure safe. The 17 sectors singled out for the enforcement action include those associated with agriculture and food, financial services, commercial nuclear reactors, drinking water and water treatment, postal and shipping, healthcare, and transportation. According to ICE, “The inspections will touch on employers of all sizes and in every state in the nation, with an emphasis on businesses related to critical infrastructure and key resources.”It is also an approach that is being supported bystepped-up regulatory enforcement. Under theObama administration, DHS has conducted moreaudits and debarred more employers for hiringillegal immigrants than in the entire tenure ofthe prior administration. Employers shouldtake notice.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 7
  10. 10. DHS Opens New Employment andCompliance Inspection CenterICE has signaled that it intends to keepconducting I-9 audits and imposing civil fines onemployers. ICE chief John Morton announced theestablishment of ICE’s Employment ComplianceInspection Center. Located in Crystal City,Virginia, near ICE Headquarters, the Center willbe staffed by 15 forensic auditors supporting ICE’sworksite enforcement strategy. They will helplocal field offices around the country expediteForm I-9 audits of businesses selected by ICE.USCIS Fraud Detection UnitU.S. Customs and Immigration Services (USCIS), Civil Worksite Enforcement Agreementanother arm of the DHS, has again stepped up its Between DOL and DHSefforts to investigate and combat fraudulent use To avoid potential conflict, DOL and DHS haveof immigration programs. The Fraud Detection entered into a Memorandum of UnderstandingUnit first started making random site visits in (MOU) concerning their respective civil worksitelate 2009. USCIS has continued site visits in enforcement activities. Under the MOU, ICE agreed2010 and 2011, with no signs of slowing down. that, unless determined necessary by the DirectorA visit usually involves an unannounced drop-in of ICE, Secretary of Homeland Security, or anby a USCIS agent or contractor who reviews the Officer of the DOL, it would refrain from engaging inemployment conditions of a nonimmigrant worker, civil worksite enforcement at a worksite if there isusually H-1B employees. The agent will request an existing DOL investigation. The MOU specificallyto speak to the employee, review the workplace, states that ICE and DOL agree to create a meansand review payroll and related records. by which they will exchange information from their respective investigations. The DOL’s enforcement activities are intended to ensure proper wages and working conditions for all workers regardless of their immigration status. In contrast, DHS enforces immigration laws to ensure that all workers are authorized to work.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 8
  11. 11. SSA “No Match” Letters Make a ComebackThe Social Security Administration (SSA) has In the past, about 10 percent ofresumed notifying employers of SocialSecurity number mismatches of employees. all W-2s initially received by theThe “No-Match” or “Request for Employer Agency had some sort of aInformation” letter states that the informationreported on an individual’s W-2 or W-2c form do name-number mismatch.not match the Agency’s records. On receiving a“No-Match” letter, the SSA requests the employerdo the following: The SSA cautions the employer that the “No- Match” letter alone should not be the basis for• Compare the SSA information with the taking adverse action against an employee. A individual’s employment records. mismatch can be for many reasons, including typographical errors, incomplete or blank• If the records match, ask the employee to names reported, name changes, or incomplete check the name and Social Security number or blank Social Security numbers reported. on their Social Security card. In the past, about 10 percent of all W-2s initially received by the Agency had some sort of a name-• If the card does not show the employee’s number mismatch. correct name or Social Security number, or if a name change or a correction is necessary, instruct the employee to contact a Social Security Administration office to resolve the discrepancy.• Provide written responses to several questions about the individual in question and return the completed form to the Agency (separately from any Form W-2c correction filing).Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 9
  12. 12. Workplace SafetyThe Occupational Safety and Health OSHA Has Proposed Injury and IllnessAdministration (OSHA) is the federal agency Prevention Program (I2P2)responsible for workplace safety. OSHA has Consistent with the DOL’s “Plan/Prevent/Protect”continued to maintain its high level of annual initiative, OSHA wants employers everywhere toinspection activity. In fiscal year 2010, OSHA undertake a systematic approach to occupationalconducted 40,993 total inspections. The Agency safety and health, a framework for theirlooks to increase those numbers in 2011, along businesses to incorporate hazard investigation,with increased regulatory activity. identification, remediation and prevention into workplace culture. OSHA Administrator Dr.OSHA Plans Specific Changes to Increase David Michaels describes the program rule as aEnforcement “risk-based system to address hazards” in whichThe Agency has shifted its resources to regulatory workers will play “an important role.” OSHA, heand enforcement activities, including: said, is “trying to get away from [a] ‘catch-me- if-you-can’” approach to dealing with workplace• Hiring 25 additional inspectors to “expand the safety and health issues. agency’s enforcement presence.” OSHA is laying the groundwork for such a national• Conducting more inspections. program, referred to as I2P2. It has engaged• Training its inspectors to recognize where the Eastern Research Group (ERG) to prepare independent contractor misclassification is a “Safety and Health Practices Survey.” ERG’s occurring and to refer such situations to the questionnaire attempts to determine how safety proper DOL division for enforcement. is managed in various workplaces and may hold clues to potential program elements that may• The Site-Specific Targeting (SST) Program, be included in any I2P2 that is adopted. It will which focuses on businesses that report high be sent to employer establishments selected injury rates, will target businesses with 20 or at random from a publicly available database, more employees. The minimum number of according to OSHA. All sectors of the economy employees had been 40. will be represented.• Implementing a new directive for its inspectors on Corporate-Wide Settlement Agreements (CSAs) for multisite employers. CSAs address safety and health hazards that exist at more than one employer location. The new directive will emphasize using these agreements for smaller employers with more than one location.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 10
  13. 13. OSHA to Revise Whistleblower Investigations Manual In response to external and internal reviews of the operation and effectiveness of OSHA’s Whistleblower Protecton Program, OSHA has announced significant changes in how the Agency runs the program. OSHA enforces the whistleblower provisions of 21 different statutes, including Section 11(c) of the Occupational Safety and Health Act and other workplace and environmental safety and health laws.OSHA promotes participation in the survey as a The significant changes announced byway “to enable you to have your voice heard and OSHA include:your experience considered as OSHA approachesnew regulation.” While Michaels said a draft of • Reorganizing the Agency so that theproposed regulatory text for I2P2 should be ready Whistleblower Protection Program reportsfor publication by year’s end, the rule is certainly a directly to the Assistant Secretary of OSHA;work-in-progress. The Agency will need to receiveand assess the information from the survey and • Adding 25 new investigators; andincorporate it meaningfully in any proposed rule. • Revising the Whistleblower InvestigationsThe Agency recognizes some employers may Manual to “provide further guidance onhesitate to hit the send button on the multiple- the enforcement program to help ensurechoice questionnaire for fear of disclosing their consistency and quality of investigations.”identity. It seeks to reassure them, saying, “No Employers should continue to monitor OSHA’sindividual or company will be identified to OSHA, actions in this area carefully and, in particular,nor will ERG provide any information to OSHA review the updated Investigations Manual once itthat will enable identification of any individual or is released.company.” It will receive only aggregate data fromERG and participation will be voluntary.The 49-question survey includes questions toprofile the employer’s establishment, determineexisting safety and health management practicesand responsibilities, explore types of hazardspresent and types of safety training, identifysources of safety information, catalog safetymanagement systems, programs and programelements already in place, including accidentinvestigation methods, and obtain information onprotections for contractor employees working onthe host employer’s site.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 11
  14. 14. OSHA Commences Severe Violators Review Commission Holds EmployersEnforcement Program Accountable for RecordkeepingOSHA’s new Severe Violators Enforcement InaccuraciesProgram (SVEP) focuses enforcement efforts In a much anticipated decision, the Occupationalon employers who willfully and repeatedly Safety and Health Review Commission (Reviewendanger workers by exposing them to serious Commission) has ruled that OSHA can enforce itshazards. The directive establishes procedures requirement for employers to record work-relatedand enforcement actions for the severe violator injuries and illnesses on the OSHA 300 Log evenprogram, including increased inspections, such as when the employer’s duty to record the injuriesmandatory follow-up inspections of a workplace and illnesses occurred more than six monthsfound in violation and inspections of other before the issuance of the citation. The employerworksites of the same company where similar in the case had argued that the six-month statutehazards or deficiencies may be present. of limitations in the Occupational Safety and Health Act for OSHA to enforce violations of theSVEP is intended to focus enforcement efforts on Act prohibited OSHA from enforcing recordkeepingemployers who have demonstrated recalcitrance violations that occurred beyond that six-monthor indifference to their legal obligations by period. The Commission disagreed, however, andcommitting willful, repeated or failure-to- by doing so has reiterated for employers the needabate violations in one or more of the following to continually review their recordkeeping logs tocircumstances: a fatality or catastrophe situation; ensure the entries are accurate.in industry operations or processes that exposeworkers to severe occupational hazards; exposing Under OSHA’s recordkeeping rule, employers areworkers to hazards related to the potential required to enter a recordable injury on the OSHAreleases of highly hazardous chemicals; and all 300 Log within seven days of the occurrence ofegregious enforcement actions. the injury. Employers must also retain their logs for five years and under OSHA’s rule, there is anOSHA Announces Photo Contest obligation for employers to go back and updateSometimes a picture is worth a thousand words, entries should the circumstances surroundingor at least OSHA thinks so. The Agency has them change.announced the “Picture It!: Safe Workplaces forEveryone” photo contest. The contest challenges This decision reiterates the need for employersanyone to capture an image of workplace safety to integrate into their recordkeeping proceduresand health and share it with OSHA. The purported a mechanism to ensure they go back andgoal of the contest is to raise awareness of continually evaluate the accuracy of entriesworkplace safety and health. The public is — during the entire retention period. It is notinvited to interpret “image of workplace safety enough to record an injury within seven days andand health” in any way they choose; they are not then “forget” about it. OSHA expects employers torestricted to particular subjects or themes. Prizes be diligent in updating recordkeeping entries forare awarded for the most outstanding portrayals accuracy and may cite employers who are not.of occupational safety and health in terms ofartistic value and ability to raise awareness ofsafety and health to the general public.OSHA does not deny that the photos can be usedto investigate employers.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 12
  15. 15. OSHA Proposes Requiring New IndustriesKeep OSHA 300 Logs, Adds More StringentReporting ObligationsOSHA has proposed changing the industries thatwould be generally exempt from maintainingregular workplace injury and illness records.Employers in exempt industries are not requiredto maintain OSHA 300 Logs, complete OSHA 301incident report forms, or complete the OSHA 300Aannual summary forms. The current exemptionlist is industry-specific and based on the now-outdated 1987 Standard Industrial Classification(SIC) coding system. OSHA’s proposed rule willre-categorize the exempt industries based on theNorth American Industrial Classification System(NAICS), which is the system used by federalagencies for statistical research purposes. Theproposal also will remove some industries fromthe list based on new injury and illness datacompiled by the Bureau of Labor Statistics.OSHA’s proposed rule also would requireemployers to report workplace amputations tothe agency within 24 hours, as well as all in-patient hospitalizations within 8 hours. Existingrecordkeeping rule (Part 1904) requires employersto report in-patient hospitalizations of 3 ormore employees to OSHA within 8 hours. Anyworkplace fatality would continue to be reportable,as well.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 13
  16. 16. Equal EmploymentOpportunity CommissionThe Equal Employment Opportunity Commission(EEOC) is a federal agency that enforces many The ADAAA made clear thatfederal discrimination laws, including those the primary focus in ADA casesthat prohibit discrimination based on race, sex,religion, color, national origin, disability and age. should be on whether employers complied with their obligationsJacqueline Berrien, Chair of the EEOC, hasnoted that while “blatant forms of discrimination under the statute and whetherhave receded, more sophisticated, but equallyeffective methods of restricting employment discrimination occurred, notopportunities have emerged – not only for people whether individuals are disabledwith disabilities, but also on the basis of race,color, national origin, religion and sex…The EEOC under the law.will continue to work to meet new and emergingchallenges in order to ensure the equality ofemployment opportunity to all.” EEOC Releases New ADA Regulations The EEOC has recently experienced an increaseThe EEOC has indeed been working hard. in disability-based charges of discriminationIndividuals are bringing more charges of from private-sector employees. At the sameworkplace discrimination against employers time, the EEOC has released long-awaited Finalthan ever before. The EEOC reported that it Regulations implementing the ADA Amendmentsreceived nearly 100,000 workplace discrimination Act (ADAAA). The ADAAA was signed into lawcharges in its fiscal year 2010. The number of on September 25, 2008, and became effective oncharges filed (99,922) is more than seven percent January 1, 2009. The Final Regulations reaffirmhigher than the year before. The agency noted the purpose of the ADAAA: to make it easier foranother record for fiscal year 2010: through its individuals with disabilities to obtain the ADA’senforcement, mediation and litigation programs, protection.it secured more than $404 million in monetarybenefits from employers.The EEOC has responded to this higher volumeby hiring staff, increasing enforcement activity,issuing new regulations, and engaging in an activepublic relations campaign.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 14
  17. 17. • Except in the cases of ordinary eyeglasses orThe Final Regulations seek to contact lenses, the determination of whether an impairment substantially limits a majorprovide a “predictable, consistent, life activity is to be made without regard to theand workable” framework for ameliorative (beneficial) effects of mitigating measures.ensuring more generous coverage • An impairment that is episodic or in remissionand application of the ADA’s is a disability if it would substantially limit adiscrimination prohibition. major life activity when active. • An impairment that substantially limits oneThe ADAAA made clear that the primary focus major life activity need not substantiallyin ADA cases should be on whether employers limit other major life activities in ordercomplied with their obligations under the to be considered a substantially limitingstatute and whether discrimination occurred, impairment.not whether individuals are disabled under the • The effects of an impairment lasting orlaw. Accordingly, the Final Regulations follow expected to last fewer than six months can beCongress’ lead by providing “rules of construction” substantially limiting.to evaluate ADA-coverage issues. These “rules ofconstruction” are as follows:• The term “substantially limits” is to be construed broadly in favor of expansive coverage, to the maximum extent permitted by the terms of the ADA.• Whether an impairment “substantially limits” a major life activity should not demand extensive analysis.• An impairment is a disability if it substantially limits the ability of an individual to perform a major life activity as compared to most people in the general population; this usually will not require scientific, medical, or statistical analysis.• An impairment need not prevent, or significantly or severely restrict, the individual from performing a major life activity in order to be considered substantially limiting. Nonetheless, not every impairment will constitute a disability.• “Substantially limits” is to be interpreted and applied to require a degree of functional limitation that is lower than the standard for “substantially limits” applied prior to the ADAAA.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 15
  18. 18. Prohibited actions include refusal to hire, demotion, placement on involuntary leave, termination, exclusion for failure to meet a qualification standard, harassment, and denial of any other term, condition, or privilege of employment, among others. In practice, an individual is “regarded as having such an impairment” if his or her employer takes a prohibited action against the individual because of an actual or perceived impairment, even if the employer asserts, and may ultimately establish,While careful to state that an individualized a defense to such action. This highlights theassessment is always required, the Final ease with which individuals can now obtain ADARegulations allow that some impairments involve coverage. However, coverage alone does not“predictable assessments” which, in “virtually mean the employer has violated the ADA. Liabilityall cases,” will result in a finding that they are is established only when an individual provescovered by the ADA. The Final Regulations seek to that an employer discriminated on the basis ofprovide a “predictable, consistent, and workable” disability, which, in turn, requires an analysisframework for ensuring more generous coverage of whether the individual was qualified for theand application of the ADA’s discrimination position sought or held.prohibition. Impairments that should lead to“predictable assessments” include deafness,blindness, intellectual disabilities, partially orcompletely missing limbs or mobility impairmentsrequiring the use of a wheelchair, autism, cancer,cerebral palsy, diabetes, epilepsy, HIV infection,multiple sclerosis, muscular dystrophy, majordepressive disorder, bipolar disorder, post-traumatic stress disorder, obsessive compulsivedisorder, and schizophrenia.The most far-reaching provisions of the FinalRegulations arguably can be found in the provisionon coverage when one is “regarded as” havinga substantially limiting impairment. The FinalRegulations clarify that an individual is “regardedas having such an impairment” if the individualis subjected to a prohibited action becauseof an actual or perceived physical or mentalimpairment, whether or not that impairmentsubstantially limits, or is perceived to substantiallylimit, a major life activity.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 16
  19. 19. EEOC Issues Regulations Regarding • Preimplantation genetic diagnosis performedGenetic Testing and Acquisition of on embryos created using in vitro fertilization;Genetic Information • Pharmocogenetic tests to predict how anThe EEOC also issued final regulations for the individual might react to a drug or particularemployment provisions (Title II) of the Genetic dosage of a drug;Information Nondiscrimination Act (GINA). GINArestricts the acquisition, use, and disclosure of • DNA testing to detect genetic markersgenetic information in the employment context. associated with information about ancestry;The Final Regulations, among other things, clarify andthe meaning of a “genetic test,” the circumstancesunder which the acquisition of genetic information • DNA testing that reveals family relationshipsis permissible, and requirements for employer such as paternity.compliance with GINA’s confidentiality and postingrequirements. Information about the race or ethnicity of an employee or his or her family members, notIn general, Title II of GINA prohibits employers derived from a genetic test, is not protectedfrom discharging, refusing to hire, or otherwise genetic information according to the EEOC. Thediscriminating on the basis of genetic information, Final Regulations also clarify that a test forand from intentionally acquiring genetic infectious and communicable diseases that mayinformation about applicants and employees. be transmitted through food handling, completeCongress defined genetic information broadly to blood counts, cholesterol tests, and liver-functioninclude information about the following: (1) an tests are not covered genetic tests.individual’s genetic tests; (2) the genetic testsof the individual’s family members; and (3) the The Final Regulations focus particular attentionmanifestation of a disease or disorder in a family on requests for medical information thatmember. The law imposes strict confidentiality inadvertently acquire genetic information. Therequirements on genetic information. Final Regulations essentially impose a duty on employers and other covered entities to preventIn the Final Regulations, the EEOC identifies many such occurrences. An employer’s receipt ofspecific tests that will be considered “genetic genetic information will “not generally betests” and within GINA’s reach. They include, but considered inadvertent” unless the employer/are not limited to: covered entity has directed the employee not to provide genetic information when responding• Certain genetic tests that might determine to an otherwise lawful request for medical whether individuals are genetically information. The EEOC provides the following predisposed to breast cancer, colon cancer, or sample notice that, if used when requesting Huntington’s Disease; medical information, will protect employers:• Carrier screening to detect the risk of conditions such as cystic fibrosis, sickle cell anemia, spinal muscular atrophy, or fragile X syndrome in future offspring;• Amniocentesis;• Newborn screening;Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 17
  20. 20. The Genetic Information Nondiscrimination • Where managers or supervisors learn Act of 2008 (GINA) prohibits employers and genetic information about an individual by other entities covered by GINA Title II from overhearing a conversation between the requesting or requiring genetic information individual and others. of an individual or family member of the individual, except as specifically allowed • During casual conversations that include by this law. To comply with this law, we are responses to an ordinary expression of asking that you not provide any genetic concern about the employee or a parent or information when responding to this request child that is the subject of the conversation. for medical information. “Genetic information” However, this exception does not apply where as defined by GINA, includes an individual’s an employer follows up with more probing family medical history, the results of an questions concerning a family member’s individual’s or family member’s genetic tests, general health. the fact that an individual or an individual’s • When employers receive unsolicited genetic family member sought or received genetic information, including in emails about the services, and genetic information of a fetus health of an employee or an employee’s carried by an individual or an individual’s family member. family member or an embryo lawfully held by an individual or family member receiving • When employers inadvertently learn of genetic assistive reproductive services. information from a social media platform. Like the ADA, GINA requires employers to keep The Final Regulations focus records containing genetic information on separate forms and in separate medical files and particular attention on requests to treat them as confidential medical records. for medical information According to the Final Regulations, genetic information placed in an employee’s personnel that inadvertently acquire file before November 21, 2009 does not need to be genetic information. The Final removed from the file. However, the prohibitions against disclosing or using genetic information Regulations essentially impose apply to all such information, regardless of when a duty on employers and other it was obtained. covered entities to prevent Lastly, the Final Regulations provide that every covered entity “shall post and keep posted in such occurrences. conspicuous places upon its premises where notices to employees, applicants for employment,Even without this notice, the acquisition of genetic and members are customarily posted a noticeinformation may still be considered inadvertent to be prepared or approved by the Commissionif the employer’s request was not “likely to result setting forth excerpts from or, summaries of,in a covered entity obtaining genetic information.” the pertinent provisions of this regulation andAn overly broad response received in response information pertinent to the filing of a complaint.”to a tailored request for medical information, forexample, would be considered inadvertent.Other situations where receipt of medicalinformation may be considered inadvertentinclude the following:Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 18
  21. 21. Federal ContractorsThe Office of Federal Contract Compliance More Collaboration in the Future forPrograms (OFCCP) administers the federal OFCCP and Civil Rights Enforcementaffirmative action requirements for government Agenciescontractors pursuant to Executive Order 11246. OFCCP, the EEOC, and the Justice Department’sThe requirements for written affirmative action Civil Rights Division hosted a webcast to discussplans apply to contractors or subcontractors with increased collaboration among their agencies inannual federal contracts totaling $50,000 or more enforcing federal civil rights laws.and at least 50 employees. These contractorsand subcontractors must create and implement The meeting, which was transmitted to fieldaffirmative action plans annually. offices for all three agencies, represents the first time in history that these agencies haveAccording to OFCCP Director Patricia Shiu, the met to discuss joint enforcement efforts. Deputymarch toward equality has been a long and Secretary of Labor Seth Harris moderated aarduous one, spanning over 150 years in the panel with OFCCP Director Patricia Shiu, EEOCUnited States. And while substantive steps have Chair Jacqueline Berrien and Assistant Attorneybeen made, particularly over the last 50 years, General for Civil Rights Thomas Perez to discussthere is still more work to do and the nation must opportunities for sustained collaboration movingkeep moving. forward. In addition, opening remarks were offered by Melody Barnes, White House Domestic Policy Council Director and principal advisor to“We believe businesses that President Obama on civil rights.play by the rules shouldn’t have All of the agencies cited ways they will leverageto compete at a disadvantage resources and increase their collective abilityagainst those who don’t.” to hold employers accountable for employment discrimination, including developing joint — OFCCP Director Patricia Shiu protocols, sharing information and best practices, and coordinating training and litigation strategies. “We need to start talking to each other, to start“We are committed to enforcing our laws to keep sharing information, and to put our egos and turfthe doors of opportunity open for all workers— issues aside to really prioritize what’s in the besteven if we have to pry those doors open from interests of workers,” Director Shiu said.time to time,” said Director Shiu. “We believebusinesses that play by the rules shouldn’t haveto compete at a disadvantage against those whodon’t.”Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 19
  22. 22. Under the old ACM, OFCCP focused on identifying cases of class-based discrimination that may have affected at least 10 individuals. Under ACE, however, OFCCP removes the affected- class-member threshold, saying indicators of discrimination may be of an individual or class nature. OFCCP defines “class” as “two or more victims.” The agency has much to choose from in finding an indicator of discrimination or violation. It may include statistical evidence, anecdotal evidence, patterns of individual discrimination, patterns of systemic discrimination, patterns of major technical violations, and indicators of non-OFCCP Issues New Procedures for compliance with non-EEO (Equal EmploymentConducting Compliance Evaluations Opportunity) labor and employment laws enforcedClaiming that its previous Active Case by other federal agencies (e.g., Department ofManagement (ACM) method for conducting Labor’s Wage and Hour Division, Occupationalcompliance evaluations was only “of limited Safety and Health Administration, and Equalutility,” the OFCCP has rescinded ACM and Employment Opportunity Commission).instituted a new system. The new Active CaseEnforcement (ACE) is intended to allow the Agency All ACE compliance evaluations will begin withto “more effectively utilize its resources and a full desk audit, regardless of the enforcementstrengthen its enforcement efforts” by: method used thereafter. A full desk audit is a comprehensive analysis of a contractor’s• Lowering the thresholds for an “indicator” of affirmative action plan (AAP) and supporting discrimination prompting in-depth review, documentation prepared pursuant to Executive Order 11246, the Rehabilitation Act and the• Expanding the definition of what constitutes an Vietnam-Era Veterans Readjustment Assistance indicator of discrimination, Act. As with the old ACM, the ACE audit will• Planning to assess contractor compliance for include a full evaluation of a contractor’s the three years preceding an evaluation, selection decisions (i.e., hires, promotions and terminations), compensation and other more• Expanding enforcement tools available to the programmatic aspects of a contractor’s AAP (e.g., agency when conducting evaluations, goal-setting and outreach efforts).• Requiring compliance officers to conduct full desk audits in every review, and Under ACE, OFCCP will select• Requiring an on-site audit requirement in at every 25th compliance evaluation least every 25th evaluation scheduled. for an automatic full compliance review, regardless of whether any problematic employment processes are identified.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 20
  23. 23. Following the full desk audit, OFCCP will OFCCP Seeks to Overhaul Auditconsider initiating one of the following review Submission for Federal Contractorsmethodologies: OFCCP is proposing to overhaul its Scheduling• Compliance Review – A comprehensive review Letter and associated Itemized Listing used to of all components of a contractor’s AAP. In commence agency audits of employers. While the addition to the desk audit, the review may Agency states that it is seeking to “reduce overall include an on-site review and off-site analysis. burden hours on contractors,” the proposed changes, if approved, will significantly increase• Compliance Check – An abbreviated review the burden on employers subject to OFCCP audit. of a contractor’s recordkeeping practices to The proposal comes as the current Scheduling ensure compliance with the affirmative action Letter is set to expire on September 30, 2011. regulations. A compliance check may be followed by a more expansive evaluation, The OFCCP Scheduling Letter is sent to notify a as appropriate. particular contractor establishment that it has been scheduled for a compliance evaluation• Focused Review – An on-site review that and to request submission of the contractor’s focuses on one or more components of a Affirmative Action Program(s) and the supporting contractor’s employment organization or data, including personnel activity data and practices. summary pay data. A sample Scheduling Letter currently in use is available from the Department• Off-site Review of Records – As the name of Labor website at www.dol.gov/ofccp/regs/ suggests, the review will involve OFCCP’s compliance/OMB_appr_letter.pdf. receipt and review of documentation related to a contractor’s employment processes to OFCCP’s proposal would require the selected ensure compliance with the affirmative contractor establishment to submit, among other action regulations. things, (a) Family and Medical Leave Act (FMLA) and other leave or accommodation policies;On a positive note for contractors, OFCCP re- (b) data on sub-minority by both job groupemphasizes that, if during the desk audit of a and job title for applicants, hires, promotions,contractor’s AAP, the compliance officer identifies and terminations; (c) data on “actual pool”no violations or only minor technical violations, of employees considered for promotions andthe compliance officer should seek to close the terminations; and (d) detailed employee-specificreview at the desk-audit stage. pay data (typically requested only where OFCCPUnder ACE, OFCCP will select every 25th identifies indicators of potential discrimination).compliance evaluation for an automatic fullcompliance review, regardless of whether anyproblematic employment processes are identified.A full compliance review will consist of all threestages of a compliance review — desk audit, on-sitereview, and off-site analysis, when necessary.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 21
  24. 24. Changes to Contractors’ Obligationsunder OFCCP’s Proposed Rule on Veteran Recruitment, PlacementThe OFCCP has published a Notice of ProposedRulemaking that would affect federal contractors’compliance obligations significantly. Theproposal is the first modification to the VietnamEra Veterans’ Readjustment Assistance Act of1974 (VEVRAA) since 1976. Veterans protectedby VEVRAA include those with disabilities, thoserecently discharged, and those who servedduring a war, campaign or expedition for which acampaign badge is authorized. From the data, contractors must establish annual hiring benchmarks based on the averageIn the most significant departure from existing percentage of veterans in the civilian labor forcerequirements, OFCCP is proposing that federal in the state(s) where the contractor is located,contractors be required to track applicants the number of veterans who participate in thewho are covered veterans and analyze the data. employment service delivery system in the state(s)Applicants would be invited to self-identify their where the contractor is located for the previousprotected-veteran status both before and after an four quarters, the previous year’s referral,offer of employment is extended. The data to be applicant and hiring ratios, the contractor’stracked are considerable and include: self-assessment of its recruitment and outreach efforts, and other factors, including the naturea) aw number of priority referrals of R of the contractor’s job openings or its location. protected veterans; Additionally, documentation of the annual hiringb) Total number of referrals; benchmarks and how it was determined must be retained for five years.c) Ratio of priority referrals of veterans to total referrals (referral ratio); OFCCP Issues Long-Awaited Functional Affirmative Action Plan (FAAP) Directived) Number of applicants who self-identified as OFCCP has issued a new Functional Affirmative veterans (or are otherwise known to be); Action Plan (FAAP) directive that governs the application, updating, modification, renewal,e) Total number of job openings and total and administration of FAAP agreements. FAAP number of jobs filled; agreements permit covered federal contractorsf) Ratio of jobs filled to job openings; to develop affirmative action plans (AAPs) along functional or business units, rather thang) Total number of applicants for all jobs; by physical establishment. The release of the directive, effective June 14, 2011, ends OFCCP’sh) Ratio of protected-veteran applicants to all lengthy moratorium on considering new requests applicants (applicant ratio); for, and modifications to, FAAP agreements.i) Number of protected-veteran applicants hired;j) Total number of applicants hired; andk) Ratio of protected veterans hired to all hires (hiring ratio).Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 22
  25. 25. Under the federal affirmative action regulations, Existing FAAP agreement contractors thatcovered contractors must include all employees experience significant corporate structurein a written affirmative action plan and maintain a changes must notify OFCCP’s Director withinseparate plan for each physical establishment of 30 days of the changes. Failure to do so mayat least 50 employees. This method of constructing lead to termination of the agreement. Under theAAPs is known as the “establishment model.” The new directive, existing FAAP contractors mustaffirmative action regulations also permit covered annually (within 30 days from the anniversarycontractors to develop AAPs based on functional date of the agreement) notify the OFCCP of anyor business units. AAPs thus prepared are known minor changes to the agreement, such as contactas “functional affirmative action plans” or FAAPs. information. Failure to do so could trigger aBefore contractors can prepare FAAPs, they must compliance review.secure permission from, and enter into an FAAPagreement with, OFCCP. Contractors that have an approved FAAP agreement must (1) submit a renewal requestA contractor requesting an FAAP agreement no later than 120 days prior to the expiration ofinitially must submit a written request to OFCCP the current agreement and (2) have undergone atdemonstrating why an FAAP would be appropriate. least two functional unit compliance evaluationsThe contractor must be prepared to demonstrate during the initial three-year term. To meet thisthat the functional or business unit a) currently requirement, OFCCP says that it will conductexists and operates autonomously, b) includes compliance evaluations of at least two of theat least 50 employees, c) has its own managing contractor’s functional or business units duringofficial, and d) has the ability to track and the three-year term of the agreement. All renewalmaintain its own personnel activity. The directive requests granted will be for an additional three-mandates that certain information concerning year term.the request must be provided to the Agencyprior to a conference. This information includes The directive permits either the contractor ororganizational profile/workforce analysis, total OFCCP to terminate the agreement upon 90number of employees by race and gender within days’ written notice. Should OFCCP terminate theeach functional or business unit, and copies of agreement, the contractor will not be permittedpersonnel policies. to reapply for a period of three years. OFCCP may terminate an FAAP agreement where theAll FAAP requests must be received by the contractor is found to be in violation of anyOFCCP Director no later than 120 calendar days laws or regulations enforced by OFCCP (e.g.,prior to the expiration of the current corporate discrimination, failing to maintain accurateheadquarters AAP or within 120 days from the records, or failing to make good faith efforts).award of a covered federal contract for a first-time contractor.OFCCP will consider whether a contractor iscurrently reporting its compliance under aconciliation agreement in determining whether togrant the FAAP request. OFCCP also will considerany local, state, and federal equal employmentopportunity (EEO) violations for the past threeyears. Once approved, FAAP agreements willexpire three years following the approval date.Employment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 23
  26. 26. Data PrivacyHHS Announces Proposed Changes toHIPAA Privacy RuleThe Department of Health and Human Services(HHS) is responsible for implementing andenforcing the Health Insurance Portabilityand Accountability Act of 1996 (HIPPA), andits implementing regulations, as well as theHealth Information Technology for Economicand Clinical Health Act (HITECH). Prior toHITECH becoming law, the HIPPA Privacy Rulerequired covered entities to provide individualswith an accounting of certain disclosures of theirprotected health information (PHI). HITECH the accounting of disclosures is to provide moreenhances these accounting rules and requires detailed information (a “full accounting”) for certainthat individuals be able to know who has disclosures that are most likely to impact theaccessed their electronic PHI. individual.HHS’s Office of Civil Rights (OCR) is proposing The White House’s Cybersecuritychanges to the Privacy Rule to implement these Legislative Proposalnew requirements. OCR’s proposal wouldenhance the rules concerning the obligation to The White House issued a Cybersecurity Legislativeprovide an accounting of certain disclosures of Proposal that focuses on protecting the AmericanPHI and would flesh out the right of individuals to people, the nation’s critical infrastructure, and theget a report on who has electronically accessed federal government’s computers and networks.their PHI. While legislation of this nature would simplify the breach reporting process for businesses, andThese two rights, to an accounting of disclosures overall streamline cybersecurity laws, a numberand to an access report, would be distinct but of legislative attempts to do this have previouslycomplementary. The right to an access report failed. It is important to note that while thiswould provide information on who has accessed proposal sets forth some guidelines, the specifican electronic PHI in a designated record set details of how each provision would be instituted(including access for purposes of treatment, are not yet clear.payment, and healthcare operations), while theright to an accounting would provide additionalinformation about the disclosure of designatedrecord set information (whether hard-copy orelectronic) to persons outside the covered entityand its business associates for certain purposes(e.g., law enforcement, judicial hearings, publichealth investigations). The intent of the accessreport is to allow individuals to learn if specificpersons have accessed their electronic designatedrecord set information. In contrast, the intent ofEmployment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 24
  27. 27. Our critical infrastructure – such as the electricity Executive Branch civilian computers whilegrid, financial sector, and transportation networks codifying strong privacy and civil libertiesthat sustain our way of life – have suffered repeated protections, congressional reportingcyber intrusion, and cyber crime has increased requirements, and an annual certificationdramatically over the last decade. The president has process; and preventions on states requiringthus made cybersecurity an administration priority. companies to build their data centers in that state, as opposed to in the cloud, except where1. The proposed legislation calls for a national expressly authorized by federal law. data breach-reporting law which would simplify and standardize the existing The administration’s proposal also attempts patchwork of 47 state laws that contain these to ensure the protection of individuals’ privacy requirements. Additionally, the proposal calls and civil liberties through a framework for penalties for computer criminals and designed expressly to address the challenges of clarifies the penalties for computer crimes, cybersecurity. Some of these provisions include: synchronizes them with other crimes, and sets requiring federal agencies (and likely federal mandatory minimums for cyber intrusions into contractors) to follow privacy and civil liberties critical infrastructure. procedures; limitations on monitoring, collecting, using, retaining, and sharing of information;2. The proposal calls for legislative changes to requiring efforts to remove identifying information fully protect this infrastructure. Specifically, unrelated to cybersecurity threats; as well as the proposal will enable the Department immunity provisions for those businesses which of Homeland Security (DHS) to quickly comply with the proposal’s requirements. help a private-sector company, state, or local government when that organization asks for its help. It also clarifies the type of assistance that DHS can provide to the requesting organization. Additionally, the proposal permits businesses, states, and local governments to share information about cyber threats or incidents with DHS. To fully address these entities’ concerns, it also provides them with immunity when sharing cybersecurity information with DHS. At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties.3. The proposal includes: an update to the Federal Information Security Management Act (FISMA) as well as formalizing DHS’ current role in managing cybersecurity for the federal government’s civilian computers and networks, in order to provide departments and agencies with a shared source of expertise; giving DHS more flexibility in hiring highly qualified cybersecurity professionals; the permanency of DHS’s authority to oversee intrusion prevention systems for all FederalEmployment Regulatory and Enforcement Activity Is Already Underway. Are You Ready? 25