Independent Contractor or Employee? The DOL Weights In.

The U.S. Department of Labor is offering its two cents on the big dollar distinction between employees and independent contractors, and it is saying, “most workers are employees under the FLSA’s broad definitions.”   This new advice is consistent with DOL’s continuing campaign to “crack down” on what it deems misclassification of employees as independent contractors  and is important because determining whether an individual is an independent contractor or an employee is one of the most vexing issues employers face, in large part because getting wrong can be so costly.

The DOL’s position is set forth in Administrator’s Interpretation No. 2015-1, released on July 15, 2015, and issued by David Weil, Administrator of the Department of Labor’s Wage and Hour Division (WHD).  The snappy title of the Interpretation is “The Application of the Fair Labor Standards Act’s ‘Suffer or Permit’ Standard in the Identification of Employees Who Are Misclassified as Independent Contractors.”  While the Interpretation does not overtly change DOL policy and is not per se binding on employers or the courts, employers should evaluate their classifications based on this guidance and see how they measure up.  

In support of its conclusion that most workers are employees, the Interpretation focuses on the so-called “economic realities test” (one of the tests used to determine whether a worker is an employee).  The economic realities test, as its name suggests, focuses heavily on the extent to which a worker is economically dependent on the employer – the greater the dependence , the more likely the worker will be found to be an employee. The test examines six factors: 

  1. The nature and degree of the alleged employer’s control as to the manner in which the work is to be performed;
  2. The alleged employee’s opportunity for profit or loss depending upon his or her managerial skill;
  3. The alleged employee’s investment in equipment or materials required for his task, or his or her employment of workers;
  4. Whether the service rendered requires a special skill;
  5. The degree of permanency and duration of the working relationship; and
  6. The extent to which the service rendered is an integral part of the employer’s business.

In this latest guidance, the DOL emphasizes the sixth factor – whether the work is “integral to the business” of the employer.  The Interpretation advocates applying the “integral to the business” prong  through the lens of the FLSA’s definition of the term “employ” (which means to “suffer or permit to work,” 29 U.S.C. § 203(g)) in a way that  broadly construes a worker’s contributions to the business of the employer as integral.

Although this Interpretation is not controlling on the courts, our Supreme Court has recognized that Administrator’s Interpretations reflect a body of experience and informed judgment to which courts and litigants may properly resort for guidance.  Employers also should keep in mind that, while the Interpretation is limited to the independent contractor classification under the FLSA, other federal and state statutes and regulations also govern the classification of employees in relation to taxes, workers compensation coverage, unemployment insurance, and other issues.  Employers obviously need to consider all applicable laws, regulations and guidance when determining whether to classify a worker as an independent contractor, but, in light of this Interpretation should:

  • Evaluate job descriptions and duties to determine whether they are likely to be deemed “integral to the business”;
  • Analyze whether the work independent contractors are performing goes beyond the scope of their stated duties and could be considered integral; and
  • Assess whether workers currently treated as employees may be considered independent contractors due to the non-integral nature of their work.

Questions? Let me know.

EEOC Finds Existing Workplace Protections Extend to Sexual Orientation

The U.S. Equal Employment Opportunity Commission (EEOC) has ruled that discrimination against an employee  based on his or her sexual orientation can constitute sex discrimination under existing civil rights laws, adding to a wave of legal developments favoring protections for the LGBT community. The EEOC’s evolution of its interpretation of existing laws is especially noteworthy as it comes as Congress considers Employment Non-Discrimination Act (ENDA) and the Equality Act of 2015, both of which extend workplace protections to workers based on sexual orientation and gender identity. 

The EEOC ruling, issued on July 15, 2015 in Complainant v. Foxx, broke new ground when it reversed an EEOC Agency’s dismissal of a sexual orientation complaint and  found all types of discrimination based on sexual orientation are forms of sex discrimination prohibited by Title VII of the Civil Rights Act of 1964.  For decades, the EEOC and the courts found no Title VII protections based on sexual orientation alone.  In recent years, however, the EEOC and some courts have extended Title VII protections to sexual orientation and gender identity discrimination when the discrimination can be characterized as arising out of sex-based stereotypes.  The Foxx decision takes this one step further. 

In Foxx, a federal air traffic controller based in Miami contended he was denied a promotion because he was gay.   In evaluating the scope of Title VII protections, the  EEOC noted Title VII does not exclude “sexual orientation” discrimination from its definition of discrimination based on “sex,” and the EEOC found that there can be no basis to draw  a distinction between the two.   Going forward, the EEOC directed, “Agencies should treat claims of sexual orientation discrimination as complaints of sex discrimination under Title VII and process such complaints through the ordinary . . . process.”   

The EEOC’s ruling binds the EEOC’s agencies but does not bind the courts,.  Nonetheless, state and federal courts routinely look to EEOC rulings for guidance in interpreting the Civil Rights Act and other federal anti-discrimination laws enforced by the EEOC.  In many states, including New Jersey, state laws already protects employees from discrimination based on sexual orientation and gender identity, so expansions of Title VII would have less impact on employers in those states. 

While the future is never certain, employers should expect state law and federal laws to increasingly protect employees from discrimination based on sexual orientation and gender identity, especially in light of the U.S. Supreme Court’s 2015 ruling recognizing same-sex marriage as a constitutionally-protected right.  Employers therefore should re-evaluate their anti-discrimination policies, identify any gaps relating to sexual orientation and gender identity, and consider expanding their policies and training, as needed, to protect employees from such discrimination. 

Questions? Let me know.

Employers Should Not Go Overboard On Proposed Changes to Overtime

Benny Frank ClockDespite last week’s alarmist press reports, employers can hold off on calling their payroll providers and authorizing overtime for previously exempt managers.  When President Barak Obama disrupted the news cycle by proposing changes to the overtime rules under the Fair Labor Standards Act, as is too often the case when the press reports on legal developments, many of the press reports covering the topic glossed over important details even suggesting that the President had changed the rules.  The President’s proposed rules have a number of hurdles to overcome before they transform overtime and there is significant opposition that may in fact limit or refine the proposed rules changes.

What is proposed?

Since 2004, federal law treated salaried workers who earn at least $23,660 and meet certain “white collar exemption” requirements as exempt from overtime.  Salaried employees who meet the white collar exemption need not be paid overtime, or even minimum wage, no matter how many hours they work.  For employees to be exempt from overtime, they must meet both the salary and the duties test, which means workers whose annual salary is less than $23,660 do not qualify for the white collar exemption and must be paid both minimum wage and overtime, even if they are otherwise white collar workers.

Under new rules proposed by President Obama, the threshold will move to $50,440 as early as 2016 and be adjusted annually based on the pay of the 40th percentile of full-time U.S. workers, although alternate methods of computing an ongoing adjustment are also being considered. If this rule is implemented in 2016, it would mean salaried employees whose annual earnings are less than $50,440 would not qualify for the white collar exemption even if they otherwise met the criteria for white collar employees.  Additionally, under the proposal rule changes, those classified as “highly compensated employees”  must earn at least $122,148 (rather than the current $100,000) in total annual compensation to be automatically exempt from overtime. This sweeping change is being touted as an income equality measure to combat employer’s practices of using the white collar exemption to avoid paying overtime to low level managers.  In essence, if adopted, the new rule will mean employees who earn between $23,660-$50,440 and were not overtime eligible will have to be paid for overtime if they work more than 40 hours in a workweek.

What is next?

The proposal is not ready to be adopted by the Department of Labor.  The Department of Labor is accepting comments from interested parties, including employers, for 60 days and considering additional changes which may materially affect which employees must be paid overtime.  For instance, the Department of Labor may refine other non-salary aspects of the white collar exemption tests.  Additionally, business groups and elected officials who oppose this change are vowing to fight it with legislation and litigation, which may delay its implementation.

What should employers do now?

First, employers should be sure that they are properly using the white collar exemption even for employees with salaries above the current threshold.  Employers need to remember that a salary that meets the threshold does not in and of itself make an employee exempt from overtime.   There are specific tests for executive, administrative, professional, computer, outside sales and highly compensated employee exemptions that depend on the duties these employees perform and recent court rulings have refined and narrowed the application of these tests.  Employers who have questions or concerns about compliance should consult with their counsel and consider a wage and hour audit to determine if they are currently in compliance with applicable federal and state laws regarding overtime pay.

Second, employers should plan for an increase in the salary threshold.  Even if this rule change is not fully implemented, employers should expect that the threshold will increase from its current level.  Employers, with the guidance of counsel, should begin to analyze how to best structure their workforces in light of coming changes.  For example, employers should be evaluating whether it makes more business sense to start paying more employees overtime or hire more staff or restructure certain aspects of their workforces.

Third, employers should be careful not to forget about compliance with applicable state wage laws, which differ from the federal law and will not automatically change, even if the federal law does.

In sum, employers should expect that, one way or the other, the white collar exemption will be narrowed and more employees will be eligible for overtime.  Now is the time for employers to ensure their current payroll practices and policies comply with the Fair Labor Standards Act and state law, but they can hold off on making any sweeping payroll changes until the new regulations are finalized and adopted, and the nuances of the new rules are ironed out.

Questions? Let me know.

The hacker in the henhouse

hacker-in-a-henhouse- dos

“How do we begin to covet? We begin by coveting what we see every day.”

― Dr. Hannibal Lechter in The Silence of the Lambs

Are you worried about your company’s, employee’s and/or customer’s data being hacked by sophisticated criminals or cyber activists from China, Russia, North Korea, or other far off lands? Does the idea of losing your business’s hard-earned credibility and trust with the stroke of a key or two keep you up at night? You are not alone. An enterprising TV network could get high ratings with a late, late show catering to the business owners, senior management, and general counsel who are restless with thoughts of the class action lawsuits that are hitting Target, Home Depot, Sony, Anthem and others. But, while you have to be ever vigilant to protect your business from the type of all-out-assault that is grabbing headlines, you can’t afford to overlook the threat lurking in the next office.

Did you know a recent study found the most likely threat to information security is not the overseas hackavist, virus or worm, but rather the malicious or careless corporate insider? That’s right, employees caused more data breaches that any other source, 39% of reported breaches according to recent research. Note, I said “reported” breaches, which does not include the breaches employers do not discover or the ones they do not report. All this means it is a matter of when your data will be compromised, not if. Worse yet, when the breach is caused by a defecting employee, the information stolen can be the most crucial to your business’s success and the most harmful to its reputation.

On the one hand, employers who are the victim of malicious data breaches by employees or other insiders have a web of state and federal protections (and, hopefully, contractual rights) to help make them whole, but, on the other hand, the reality of the “unknown unknowns” and costs of recovery virtually assures that winning a lawsuit still means losing, at least, a little. If your employee steals important data to establish a new business, you may well have the legal means to put a stop to it, but you may not be able to recover the customers you lost (or the revenue from the future customers those customers would have sent your way) or succeed in collecting a monetary judgment from a former employee who invested all of his assets into his start up that is sputtering under the weight of litigation.

Breathe deeply. This blog post isn’t a horror show or an existential meditation on futility. Rather, there are key practical steps businesses should take to guard against this growing threat from within, which include:

  • Binding employees to contracts that tightly limit access to and use of key information and provide for strong remedies in the event of breach;
  • Storing only the electronic data needed to run your business and securely archiving data that is not needed on a routine business or that is merely held for contingencies (hackers can’t take what they can’t access);
  • Tightly limiting employee access to data on a need-to-know basis so that the entire organization does not have access to it (does your east coast sales manager really need access to the west coast’s prospect list?);
  • Using the latest cyber tools to protect from infiltration and detect potential hacks;
  • Enforcing security protocols and controls, including requiring regular updating of passwords;
  • Locking in protections and allocating the risk with agreements with vendors who are given access to data;
  • Establishing appropriate insurance coverage;
  • Developing a data breach plan to designate a crisis response team and identify a process for addressing the breach in hours, not days; and
  • Working with counsel to understand the scope of your liability and how to mitigate it in anticipation of a possible breach.

In sum, the ways in which the information age allows data collection and access that drives efficiency in business are the same ways it creates vulnerabilities. Employers cannot afford to overlook the likelihood of a data breach from within. By anticipating it and planning for it, employers can mitigate their damages.

Questions? Let me know.

Lenovo class action highlights the way in which a single weakness in cyber security can have devastating effects

weakest linkA class action lawsuit filed in California against computer manufacturer Lenovo highlights how a weak link in the cyber security chain can lead to disaster effects.

In the suit, the plaintiffs allege Lenovo preinstalled Superfish bloatware/adware developed by a Chinese tech firm, for a fee, on the Lenovo PCs it sold, mainly to businesses, and that the pre-installed Superfish adware created a cybersecurity vulnerability. Ostensibly, the Superfish software was only meant to display advertisements targeted to the user based on images the viewer clicked on with a mouse. However, the plaintiffs allege the Superfish software had a vulnerability whereby it could be modified and hacked to extract user data.

Lenovo has worked with Microsoft, McAfee, and others to eliminate any risk from the Superfish software but, of course, remediation requires users to install updates, which industry data suggests only one-third of users do on a timely basis. In the meantime, businesses that are running machines with this vulnerability risk allowing outside sources to access otherwise secure data.

Lessons learned: cyber security requires vigilance at every level because superfluous adware and other background processes can create significant liability for businesses.

Questions? Let me know.

Oops! Nearly a third of data breaches can be blamed on human error

Confused Businessman With Computer

Although we often think of the malicious data hacker as the “boogey man” of data breaches, more breaches can be attributed to benign sources than to criminal activity. According to the 2014 Cost of a Data Breach Study: Global Analysis, from the Ponemon Institute, (sponsored by IBM) the second largest source of data breaches (30)% is human error, meaning contractors and employees whose errors resulted in exposure of confidential information.

How do businesses guard against this: like everything else, they plan. This is includes training (obviously) and also creating systems infrastructures that limit the damage a single employee or group can do. Employees can’t compromise what they can’t access, yet, businesses that fail to plan often give employees broader access than they need to do their jobs and risk exacerbating exposure.

Questions? Let me know.

The very least every lawyer needs to know about data breach liability

calling counsel 2When a business experience’s a data breach, after calling the CIO, its second call is going to be to its counsel, as it should be. Inevitably the business wants to know two things: what have you done to protect me from this exposure and what is my total exposure. Counsel better be prepared with a good answer to both, and I do not mean the standard lawyer response; “it depends.”

First, Counsel should have instituted policies and procedures to mitigate this exposure and should be in a position to reassure the victimized business. These policies include: (i) retaining only the most essential customer/employee information to minimize the risk of exposure; (ii) encrypting data; (iii) using outside vendors who are insured and can provide some cover; (iv) instituting policies to limit employee’s access to confidential information; and (v) instituting state-of-the-art data protection procedures. If counsel has done this, counsel can paint a picture of exposure that is favorable and limited.

Second, counsel must assess and, even more importantly, limit the total exposure. This means analyzing the type of data compromised and taking the appropriate steps to report the breach. Were customer account numbers stolen? If so, and the business is not a bank, the effect of the breach may be minimal and manageable. Did the hackers access highly confidential information like social security numbers, health data, trade secrets, sales data, bank account/credit card numbers, or other personal identifiers? If so, the business needs to act accordingly. Is the data from foreign entities? If so, counsel needs to have a plan to address foreign compliance.

Of course, unless you are a lawyer practicing in this area, you may not know the answers or solutions off the top of your head, but, at minimum you need to know the questions to ask:

  1. What type of data was compromised?
  2. How many accounts/people are effected?
  3. Is the data in a form that it cannot be readily accessed (e.g., encrypted)?
  4. What is the source of the data?
  5. What states’ and/or countries’ laws might apply?

Questions? Let me know.

%d bloggers like this: