On Sept. 29, 2023, the U.S. Equal Employment Opportunity Commission (EEOC) issued proposed new guidance for determining whether workplace harassment violates Title VII of the Civil Rights Act (Title VII) or other equal employment opportunity (EEO) laws enforced by the agency. For employers subject to these laws, the new proposed guidance provides insight into how the EEOC will enforce compliance with anti-harassment provisions.
Title VII is a federal law that prohibits employers with 15 or more employees from discriminating against or harassing individuals based on certain characteristics. These characteristics, also known as protected traits, include race, color, religion, national origin and sex (including sexual orientation, transgender status and pregnancy). Other EEO laws protect individuals from discrimination or harassment based on disability, age (40 and older) and genetic information.
Between 1986 and 1999, the EEOC issued several documents designed to guide agency staff members who investigate claims of harassment under EEO laws. The agency also issued proposed enforcement guidance on these topics in 2017. If finalized following a 30-day comment period, the agency’s newly issued proposal would consolidate and replace those earlier documents.
In the newly proposed guidance, the EEOC provides several updated examples to reflect a wide range of modern scenarios and address emerging issues, such as how social media postings and other online content may contribute to a hostile work environment. It also incorporates current case law, including the U.S. Supreme Court’s 2020 decision on sexual orientation and gender identity in Bostock v. Clayton County, into the new proposed guidance.
The new proposed guidance focuses on the three main questions that must be answered in any workplace harassment claim, which are:
As further explained in the document, an employer may be liable for workplace harassment under several legal standards that often depend on the harasser’s relationship with the employer. The
document also describes preventive and corrective actions an employer may take to help establish defenses against liability for workplace harassment.
On Sept. 13, 2023, the U.S. District Court for the Southern District of Texas ruled against the 2022 Deferred Action for Childhood Arrivals (DACA) final rule. The final rule was published on Aug. 30, 2022, by the U.S. Department of Homeland Security (DHS) to preserve the department’s 2012 DACA policy. Specifically, the final rule defers the removal of qualifying noncitizens who came to the United States as children and grants them the right to work.
Under the final rule, “deferred action” is defined as a temporary forbearance from removal procedures. Deferred action does not grant eligible individuals any rights or entitlement to stay within the United States. Under deferred action, DHS may initiate criminal or other enforcement action at any time.
In its ruling, the court held that there were no material differences between the final rule and the 2012 policy, and the final rule does “nothing to change or resolve the substantive problems” found by district and appellate courts regarding the legality of DACA.
In 2012, DHS adopted a policy that authorized immigration and customs enforcement personnel to stay, at their discretion, the removal of young people who came to the United States as children.
Under this policy, individuals who met the qualifying criteria and passed a background check were granted deferred action. DHS favored deferred action and considered it “a longstanding practice by which DHS has exercised its discretion to forbear from or assign lower priority to removal action in certain cases for humanitarian reasons, for reasons of administrative convenience or on the basis of other reasonable considerations involving the exercise of prosecutorial discretion.” Since 2012, more than 825,000 people have received deferred action under DACA.
On July 16, 2021, the U.S. District Court for the Southern District of Texas vacated the 2012 DACA policy. The court found, among other things, that the DACA policy violated the Immigration and Nationality Act of 1952. In response, on Sept. 28, 2021, DHS published a proposed rule to recommend regulations to preserve and fortify the DACA policy. This final rule implements the 2021 proposal with some amendments that take into consideration the public comments received regarding the proposal. On Aug. 30, 2022, DHS published a new DACA final rule. The final rule was scheduled to become effective on Oct. 31, 2022, but was enjoined by the District Court during the course of active litigation.
On Oct. 5, 2022, the U.S. Court of Appeals for the 5th Circuit upheld the 2021 Southern District of Texas court decision, declaring the 2012 DACA policy unlawful. However, the Court of Appeals preserved the partial stay issued by the District Court in July 2021 and remanded the case back to the District Court for further proceedings regarding the 2022 DACA final rule.
On Sept. 13, 2023, the U.S. District Court for the Southern District of Texas ruled against the 2022 final rule and held, among other things, that:
The 2023 District Court decision is expected to be appealed by DHS.
DACA recipients are considered to be lawfully present in the United States. This designation does not grant “lawful status” or authorization to remain in the United States but does allow DACA recipients to remain in the United States without accruing “unlawful presence.”
The DACA final rule creates a specific regulatory provision regarding eligibility for employment authorization for eligible individuals. Under this provision, DACA recipients must have been granted deferred action and must establish an economic need to be eligible for employment authorization. DACA employment authorization automatically terminates when DACA expires.
DACA recipients who are authorized to work receive an employment authorization document (EAD) from DHS. An official, unexpired EAD is an acceptable List A document for Form I-9. Employers cannot ask DACA recipients for more (or different) work authorization documents based on an individual’s citizenship status or national origin. When using an EAD for Form I-9 purposes, employers should:
At this time, the District Court ruling does not affect current grants of DACA and related EADs. DHS will continue to “accept and process renewal DACA requests, accompanying requests for employment authorization and applications for advance parole for current DACA recipients.” This means that current DACA recipients will retain protection from deportation, work authorization, and the ability to renew these protections while litigation continues. However, the decision prevents DHS from processing new DACA applications.
Employers with 100 or more employees and certain federal contractors are required to file an EEO-1 Report annually with the U.S. Equal Employment Opportunity Commission (EEOC). Federally mandated under Title VII of the Civil Rights Act, this survey collects workforce data categorized by race, ethnicity, sex and job category. EEO-1 Reports are typically due by March 31 each year. However, for 2022 EEO-1 Reports (due in 2023), the EEOC has recently announced that the portal for employers to submit 2022 EEO-1 Reports will open Oct. 31, 2023, and the deadline for submission has been extended to Dec. 5, 2023. The EEOC had previously extended the portal’s opening date twice before making the most recent announcement.
In addition to altering the deadline for EEO-1 submissions, the EEOC has also made significant changes to the EEO-1 Report. According to the EEOC, these changes have been made as part of ongoing modernization efforts and in response to feedback from previous filers. This article highlights the most significant changes to EEO-1 reporting and provides guidance for how employers can prepare.
The EEOC recently published a new instruction booklet for the 2022 data collection period. Employers can review this booklet for instructions on how to file EEO-1 Reports and for more information on the changes that have been made to 2022 EEO-1reporting. The following are significant changes to EEO-1 reporting for the 2022 submission year:
Naming conventions—In the new EEO-1 Report, the EEOC has replaced the different types of non- headquarters establishment reports based on the number of employees at an establishment with a single Establishment-Level Report. The names referring to different types of employer reports have also been altered:
Remote employees—Consistent with the informal guidance previously published by the EEOC, remote employees should be included in the establishment they report to or the establishment their manager reports to, if they don’t report to an establishment. If employers operate entirely remotely, they should report the address where the organization is legally registered. Remote employees’ home addresses should never be used.
Nonbinary employees—Reporting nonbinary employees outside the male/female chart is not required. However, employers who wish to report nonbinary employees can do so in the comments section of the applicable establishment report.
IDs for federal contractors—Since the U.S. government no longer uses Data Universal Numbering System numbers to identify federal contractors, these numbers have been eliminated from the EEO-1 Report. For 2022 EEO-1 reporting, federal contractors must use the Unique Identity ID created at http://www.sam.gov/. Crucially, the EEOC booklet says any company is considered a federal contractor if any of the employers’ establishments is a contractor. This is a variation from the Office of Federal Contract Compliance Programs’ stated position about the use of the single entity test to determine when affiliated entities are covered contractors.
Foreign-based employers—Companies based outside of the United States must file an EEO-1 Report if they meet the filing thresholds for U.S.-based establishments. According to the instruction booklet, foreign-based employers can use one of their U.S. establishments as headquarters for the purpose of filing. Otherwise, each U.S. establishment should file a separate EEO-1 Report.
North American Industry Classification System (NAICS) codes—Employers must use appropriate NAICS codes for each establishment. These codes are updated every five years. Employers should use the most recent 2022 codes for this year’sEEO-1 Report.
Mergers, acquisitions and spinoffs—Requirements for corporate changes have been updated for 2022 reporting. If a merger, acquisition or spinoff occurs after the reporting period, the new entity is typically responsible for reporting the data if the establishment meets filing eligibility requirements. The EEOC urges companies that experience corporate change during the reporting period to carefully review this section of the instruction booklet to ensure compliance.
The EEOC has announced additional changes that will impact the EEO-1 Report for 2023 data in 2024. Beginning next year, employers will no longer be able to choose a snapshot date that would eliminate the obligation to report. Also, employers will be required to report employees who are assigned to client sites at the client’s physical address. Currently, employers can report these employees at either the client’s address or the employer establishment where they’re assigned.
Careful planning for EEO-1 reporting can reduce the risk of mistakes and confusion when the EEOC portal opens on Oct. 31,2023. Employers can prepare for EEO-1 submissions with the following steps:
Employers should stay current on updates from the EEOC regarding filing requirements and deadlines for the EEO-1 Report. Submitting an incorrect or incomplete report could result in a court order compelling employers to complete the forms. Further failures to accurately complete the EEO-1 Report could cause employers to be held in contempt. It may also result in the termination of federal contracts for contractors. By reviewing the EEOC’s recently published instruction booklet, employers can help ensure compliance with significant new changes to EEO-1 reporting.
The National Labor Relations Board (NLRB) issued a new legal standard on August 2, 2023, in the Stericycle, Inc. and Teamsters Local 628 case. This will significantly affect employer’s current and future workforce rules. It sets a new legal standard in determining if an employer’s policy, process, or rule violates an employee’s protected concerted activity under Section 7 of the National Labor Relations Act (NLRA).
Employers must immediately review their policies, practices, and workforce rules including those found in the employee handbook and/or onboarding packets to ensure they meet compliance with Section 7 in light of the new legal standard. Several employee handbook sections to review include but are not limited to social media policies, confidentiality and trade secret clauses, non-solicitation, and non- distribution statements. Additionally, companies should review the language of these policies, practices, and rules for violation such as prohibiting employees from discussing wages, benefits, or work conditions, treatment from supervisors, etc. Additionally, these employer work rules should not prohibit employees from engaging in political or social activities that may affect the employer’s reputation or business interests without compliant language indicating what activities are relevant or how they may affect the employer.
The following is from the News & Publication page of the NLRB website: “Under the new standard adopted in Stericycle, the General Counsel must prove that a challenged rule has a reasonable tendency to chill employees from exercising their rights. If the General Counsel does so, then the rule is presumptively unlawful. However, the employer may rebut the presumption by proving that the rule advances a legitimate and substantial business interest and that the employer is unable to advance that interest with a more narrowly tailored rule. If the employer proves its defense, then the work rule will be found lawful to maintain.”
Utah adopted the Utah Consumer Privacy Act (UCPA) on March 24, 2022. Compliance with the UCPA will be monitored by the Utah Division of Consumer Protection (the Division) and enforced by the state’s attorney general office. The UCPA does not create a private right of action for individuals affected by violations of this law. The UCPA’s effective date is Dec. 31, 2023.
The UCPA applies to any controller or processor that:
Controller means a person or entity “doing business in the state that determines the purposes for which and the means by which personal data are processed, regardless of whether the person or entity makes the determination alone or with others.” Processor means a person or entity that “processes personal data on behalf of a controller.”
Notable exclusions from the UCPA apply to:
The UCPA creates the right for consumers to:
To exercise these rights, consumers must submit a request to the controller through the means the controller prescribes. These requests must specify the rights that consumers intend to exercise.
Parents or legal guardians may exercise these rights on behalf of their children.
Determining whether a person or entity is acting as a controller or processor with respect to a specific processing of data is a fact-based determination that depends upon the context in which personal data are to be processed. A processor that adheres to a controller’s instructions with respect to the specific processing of personal data remains a processor.
Controllers must provide consumers with a reasonably accessible and clear privacy notice that includes:
Controllers that sell consumer personal data to one or more third parties and controllers that engage in targeted advertising must also clearly and conspicuously disclose to consumers how they may exercise their right to opt out.
The UCPA requires controllers to establish, implement and maintain reasonable administrative, technical and physical data security practices designed to:
These measures must be appropriate for the volume and nature of the personal data and account for controller business size, scope and type.
The UCPA also prohibits controllers from processing sensitive data collected from consumers unless they first provide clear notice and an opportunity to opt out of the processing.
Notice is not required under the act if controllers process the data for known children in accordance with the federal Children’s Online Privacy Protection Act and the act’s implementing regulations and exemptions.
Controllers cannot discriminate against consumers who exercise their rights under the UCPA. Prohibited discrimination includes denying a good or service, charging a different price or rate for a good or service and providing a different level of quality of a good or service.
However, controllers may encourage consumers to share their data by offering a different price, rate, level or quality (including offering a good or service for no fee or at a discount) if:
Controllers are not required to provide products or services to consumers if their personal data (or processing the data) is reasonably required to receive the products or services and consumers either fail to provide the data (or prevent the controller from processing the data.)
Controllers must respond to consumer requests to exercise their rights under the UCPA within 45 days of receiving the request. Specifically, controllers must act on these requests and inform consumers of any actions they have taken regarding their requests.
The requirement to respond within 45 days is void when a controller reasonably suspects the consumer’s request is fraudulent and the controller is not able to authenticate the request before the 45-day period expires. Controllers must also comply with the 45-day notice requirement when they choose not to act on any request. With this notice, controllers must also include the reasons for not acting.
Controllers cannot charge a fee for information in response to a request unless the request is the consumer’s second or subsequent request during the same 12-month period. However, controllers may charge a reasonable fee to cover the administrative costs of complying with requests or refusing to act on a request if:
If they charge a fee, controllers bear the burden of demonstrating the request satisfies one or more of the criteria described above.
Finally, controllers are not required to comply with requests they cannot authenticate using commercially reasonable efforts. Within reason, controllers may request that consumers provide additional information to authenticate their requests.
Processors are entities that process data on behalf of controllers. Under the UCPA, processors must adhere to the instructions they receive from controllers and assist controllers in meeting their obligations.
In addition, before processing any data, processors and controllers must enter into a contract that:
Controllers that use pseudonymous data or deidentified data must take reasonable steps to ensure they comply with any contractual obligations governing the data and promptly address any breach of these contractual obligations.
However, controllers are not required to:
Finally, the rights to confirm the processing of data, delete personal data and obtain a copy of personal data do not apply to pseudonymous data if a controller demonstrates that any information necessary to identify a consumer is kept separately and subject to appropriate technical and organizational measures to ensure the personal data are not attributed to an identified individual or an identifiable individual.
UCPA requirements do not restrict a controller’s or processor’s ability to:
Finally, the UCPA does not require controllers, processors, third parties or consumers to disclose trade secrets.
10/2 – QSEHRA Notice Deadline (Calendar Year Plans Only)
1014 – Medicare Part D Creditable/Non-creditable Coverage Notice
10/30 – Form 941 Filing Deadline (third quarter)
Nothing for this Month
12/5 – 2022 EEO-1 Component 1 Filing Deadline
12/29 – Gag Clause Prohibition Compliance Attestation (Group Health Plans, insurers, and insurance brokers) – more information, click here.
Lighthouse HR Support (LHRS) provides practical human resource information and guidance based upon our knowledge and experience in the industry and with our clients. LHRS services are not intended to be a substitute for legal advice. LHRS services are designed to provide general information to human resources and/or business professionals regarding human resource concerns commonly encountered. Given the changing nature of federal, state and local legislation and the changing nature of court decisions, LHRS cannot and will not guarantee that the information is completely current or accurate. LHRS services do not include or constitute legal, business, international, regulatory, insurance, tax or financial advice. Use of our services, whether by phone, email or in person shall indicate your acceptance of this knowledge.