Reminder: Starting Nov. 1, All Employers Must Use the Revised Form I-9

Starting November 1, 2023, all employers must use the revised Form I-9, Employment Eligibility Verification, with the edition date 08/01/23, when completing the employment eligibility verification process. This updated Form I-9 reflects the option for eligible employers to verify employment eligibility remotely. This edition is available now, and starting November 1, all previous versions will no longer be accepted. If you do not use the 08/01/23 edition of Form I-9, you may be subject to penalties.

Click Here for the Original Article

Trans Union Settles for $15 million with CFPB and FTC Over Tenant Screening Reports

A new enforcement action provides more detail on the expectations of the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) (collectively, the agencies) for the content of tenant screening reports.

As previously discussed here, according to its annual 10-K report Trans Union LLC has been “in active settlement discussions” with the agencies since 2022 over alleged Fair Credit Reporting Act (FCRA) compliance lapses related to its tenant screening reports. Just last week, the FTC announced the parties reached an agreement that will require Trans Union and its subsidiary TransUnion Rental Screening Solutions, Inc. (TURSS) to pay a total of $15 million to settle the agencies’ allegations the company’s tenant screening reports included inaccurate and incomplete eviction records. The settlement also requires Trans Union and TURSS to implement procedures to ensure the accuracy of the eviction information provided in tenant screening reports as well as disclose the source of that information to consumers upon request.

Specifically, the complaint in the FCRA action filed in the U.S. District Court for the District of Colorado alleged that in its tenant screening reports TURSS failed to follow reasonable procedures to: (1) prevent the inclusion of multiple entries for the same eviction case; (2) accurately report the eviction case disposition; (3) accurately label data fields in eviction proceeding records, and (4) prevent the inclusion of sealed eviction proceedings. The complaint further alleged that in numerous instances where TURSS obtained criminal and eviction proceeding records from third-party vendors, TURSS failed to identify the third-party vendor as a source of the information in file disclosures to consumers. According to the agencies, this made it harder for consumers to correct errors in their reports. Notably, many of these same issues were raised by plaintiffs in a Georgia multidistrict class action, In re TransUnion Rental Screening Solutions, Inc. FCRA Litigation. Specifically, plaintiffs alleged that TURSS “did not employ reasonable procedures to ensure the maximum possible accuracy of the information it reports regarding consumers.” The final class action settlement was approved by the Northern District of Georgia on October 3.

Pursuant to the parties’ agreement, Trans Union and TURSS neither admit nor deny the allegations. If the proposed order is approved by the federal court, TURSS and Trans Union will be required to:

  • Pay $11 million to compensate consumers;
  • Pay a $4 million civil penalty to the CFPB’s civil penalty fund;
  • Put in place procedures to assure the accuracy of eviction information provided in tenant screening reports;
  • Put in place procedures to prevent the inclusion of unresolved eviction cases, multiple filings for a single eviction case, and any monetary amounts other than final judgments;
  • Disclose the sources of information in a consumer’s file, including third-party vendors;
  • Put in place procedures that will help identify future problems with criminal and eviction records and take corrective steps to fix them;
  • Upon receiving a request from a consumer, provide all the information in their file at no charge, including any information that TURSS might provide to a landlord or property manager; and
  • Provide a sample “adverse action notice letter” on TURSS’s website that landlords can use when they reject a housing application, which will prompt the landlord to share the applicant’s tenant screening report and provide the reasoning behind the denial of the application.

Our Take:

This settlement represents a continued emphasis by the FTC and CFPB on issues relating to tenant screening. As discussed here, on February 28, the FTC and CFPB jointly issued a Request for Information, seeking public comment on how background screening affects individuals seeking rental housing in the United States. Three months prior, the CFPB issued two reports, discussed here, highlighting what the CFPB perceives to be forms of errors that frequently occur in tenant background checks and the impacts the CFPB believes that those errors can have on potential renters. We expect this focus on tenant screening to continue and more investigations and related enforcement actions to follow.

Click Here for the Original Article


Texas amends data breach reporting requirements

Texas recently amended its breach notification statute to shorten the time businesses have to notify the state Attorney General after a data breach affecting 250 or more Texas residents. As of September 1, businesses must notify the Attorney General within 30 days from when they determine that a breach has occurred. Previously, businesses had up to 60 days. Texas’ amended law requires businesses to notify the state Attorney General via a form that can be accessed and submitted through the AG website.

In addition to these amendments to the breach notification statute, Texas updated the timeline and process for state agency and local governments to notify individuals of a data breach and added requirements for reporting to the state Department of Information Resources. The law now requires local governments and state agencies that own, license, or maintain sensitive personal information, confidential information, or regulated data sets to comply with the notification requirements of Texas Business & Commerce Code § 521.053 and to report certain data security incidents within 48 hours of discovery. The reports must be made to the DIR, or alternatively (if the security incident includes election data) the Texas Secretary of State.

Under the statute, a “security incident” is a breach or suspected breach of system security, as defined by the Texas data breach notification statute, and the introduction of ransomware into a computer, computer network, or computer system.

State agencies and local governments must report the details and the cause of a security incident to the DIR and the Texas Chief Information Security Officer within 10 days of the eradication, closure, and recovery from the security incident. Reporting forms may be found on the DIR website.

By shortening the reporting period and requiring reporting through a web form, Texas has signaled that the state is paying increased attention to data breaches and security incidents. This shift in approach follows a national trend, which seems to recognize the ever-increasing integration of computer systems into our everyday lives, and that government organizations host a significant amount of personal, financial, and security-related data.

Florida, Colorado, and Washington have also recently shortened their breach reporting periods to 30 days.

Businesses should continue to review and update incident response plans to reflect these and other legislative changes. It is also important to stay informed of current cybersecurity threats, identify and address vulnerabilities, and confirm the adequacy of administrative, technical and physical controls.

Click Here for the Original Article

Can Maryland Employers Test and Discipline for Recreational Marijuana Use?

As most Maryland employers know, recreational marijuana was legalized as of July 1, 2023. The law does not contain any workplace provisions, and employers (and employees!) wondered what their rights were with regard to testing and disciplining employees for marijuana use. Well, according to recently-released guidance from the newly-created Maryland Cannabis Commission, employers have retained those rights.

What the Maryland Cannabis Commission Says. 

On its website, the Commission has Adult-Use Cannabis FAQs that include the following question and answer:

Can I use cannabis at work?

The Cannabis Reform Act does not address cannabis use or impairment in the workplace. Individuals remain subject to any existing laws and workplace policies on substance or cannabis use (e.g., federal laws prohibiting the operation of commercial transport vehicles while impaired, or workplace policies prohibiting cannabis use specifically and/or impairment generally). The legislation does not address the use of employer drug screening of employees or prospective employees. Your employer or prospective employer can provide more specific information about its policies regarding substance use in the workplace.

Accordingly, for the time being, it appears that employers may continue to prohibit marijuana use by employees – not only in the workplace, but off-duty as well. However, we anticipate that there will be attempts to pass legislation that provides workplace protections for recreational users in the coming Maryland General Assembly sessions, so employers should stay tuned for developments in this area.

But Testing Is Not the Only Option. 

Employers should be aware of issues with testing for marijuana use, however. The traditional drug tests only establish whether someone has used marijuana within the past several weeks or even months. There are some newer tests able to identify recent use, meaning within the past 4-8 hours or so – although such use could still occur prior to an employee reporting to work. Unlike alcohol testing, however, these drug tests do not measure current intoxication. Thus, even if an employer had a policy that permitted off-duty use but prohibited on-duty use, it would not be possible to establish through testing whether the employee was currently high on marijuana in violation of such a policy. As a result, employers may wish to include provisions in their drug testing policies that specifically state that they may take action based on observed symptoms of marijuana intoxication, in addition to or in lieu of positive drug test results.

Click Here for the Original Article

California Expands Marijuana Employment Antidiscrimination Law

On October 7, 2023, California Governor Gavin Newsom signed Senate Bill (SB) No. 700 into law, expanding California’s Fair Employment and Housing Act to protect applicants from discrimination based on prior cannabis use, with certain exceptions. The amendment takes effect on January 1, 2024.

Quick Hits

  • SB 700 amends California’s Fair Employment and Housing Act to prohibit employers from requesting information from job applicants relating to their prior use of cannabis.
  • The FEHA amendments take effect on January 1, 2024.

SB 700

The California Fair Employment and Housing Act (FEHA) prohibits various forms of workplace discrimination. Last year, Assembly Bill (AB) No. 2188 amended FEHA, effective January 1, 2024, to prohibit employers from engaging in any adverse employment action against employees for off-duty marijuana use.

SB 700 expands that protection by prohibiting employers from requesting information from an applicant for employment relating to the applicant’s prior use of cannabis. SB 700 also prohibits employers from using information obtained from a criminal history about an applicant or employee’s prior cannabis use, unless the employer is permitted to consider or inquire about that information under the state’s Fair Chance Act, or other state or federal law.

Preparing for SB 700

Employers may wish to prepare for SB 700’s effective date by reviewing and revising their antidiscrimination policies and drug use policies to comport with the new protections concerning prior cannabis use.

Click Here for the Original Article

What’s New In The Evolving Area Of Pay Equity Requirements?

As we discussed in a prior post, pay equity is a rapidly evolving area of significant import to employers.  Women, people of color, and individuals with disabilities continue to earn significantly less than non-Hispanic white men for the same work.  The disparity is even more dramatic for individuals at the intersections of those underpaid groups.  Anti-discrimination laws exist but, for a variety of reasons, they have not been enough to close these pay gaps.  In an effort to promote pay equity, states and localities are requiring employers to take certain steps as part of their recruiting process.  Since our last update, a number of new laws have passed or gone into effect that relate to issues such as pay transparency and the use of salary history.

Laws Already In Effect

  • The Rhode Island and Washington pay range disclosure requirements referenced in our prior update went into effect on January 1, 2023. Rhode Island’s prohibition on salary history inquiries went into effect on the same date.
  • California’s new pay transparency law also went into effect on January 1, 2023. Employers with fifteen or more employees are now required to disclose a pay scale in all job postings.  The pay scale must set out the salary or hourly wage that the employer reasonably expects to pay a successful applicant.  In addition, all employers, regardless of size, must provide (1) the pay scale for a posted position upon request by an applicant and (2) the pay scale for an employee’s current position if requested by the employee.
  • Effective February 12, 2023, Albany County joined the list of jurisdictions in New York requiring that employers disclose the minimum and maximum pay rate when posting open positions, including promotion and transfer opportunities.

Laws Effective In 2024

  • Colorado is expanding its pay transparency law, effective January 1, 2024, to require disclosure of salary ranges to current employees for positions within their expected career progression.
  • Hawaii has enacted its first pay transparency law, effective January 1, 2024, requiring employers with fifty or more employees to include a pay range that “reasonably reflects the actual expected compensation” in job postings. The requirement does not apply to internal transfers or promotions.
  • Minnesota has enacted salary history ban which becomes effective January 1, 2024. After that date, employers may not inquire about, require disclosure of, or consider pay history for purposes of determining an applicant’s compensation.
  • A Columbus, Ohio ordinance prohibiting employers from inquiring about and using salary history information during hiring goes into effect on March 1, 2024.

Laws Effective in 2025

  • Effective January 1, 2025, Illinois law will require that postings by employers with fifteen or more employees include a pay range that the employer “reasonably expects in good faith to offer for the position, set by reference to any applicable pay scale, the previously determined range for the position, the actual range of others currently holding equivalent positions, or the budgeted amount for the position, as applicable.” The requirement applies to all positions that may be performed, even in part, in Illinois and all positions which report to a supervisor located in Illinois.

Some of the requirements of these laws, particularly those that purport to dictate behavior outside the jurisdiction where they are enacted, are almost certain to face legal challenges as states begin to enforce them.  Employers are advised to check for new laws in this area that may apply to them and keep an eye out for updates.  Employers may also want to consider engaging in a pay equity study to help ensure compliance with applicable laws.

Click Here for the Original Article

US: Pay transparency in job postings


States across the US are implementing laws which require pay transparency in job postings.


Illinois is the latest state to require pay transparency in job postings

Illinois became the latest state to enact a law requiring pay transparency in job postings. Illinois’ law will take effect in 2025 and requires employers with 15 or more employees to disclose pay scales and benefits in job postings. It also requires employers to announce and post all promotion opportunities to current employees within 14 business days of posting the job externally.

Pay transparency in job postings in New York The law in New York took effect on 17 September 2023. This was supported by the New York State’s labour department publishing proposed regulations that seek to clarify requirements under the new law.

Click Here for the Original Article

California Employers Using Background Checks Must Comply with Updates to Fair Chance Act

Originally enacted in 2018, the Fair Chance Act (FCA) is a California law that seeks to reduce barriers to employment for individuals with criminal histories. Due to updates to the law that took effect in October 2023, California employers who conduct background checks for employment purposes should revise their background check policies for compliance.

The California Fair Chance Act prohibits employers from asking about an applicant’s criminal history until after a conditional offer of employment has been made to the applicant. If an employer contemplates not hiring an applicant because of their criminal history, the company must perform an “individualized assessment” that considers the following factors:

  • The nature and gravity of the offense or conduct.
  • The time that has passed since the offense or conduct and/or completion of the sentence.
  • The nature of the job held or sought.

If an employer does not want to hire an applicant after the assessment, a written notice must be sent to the applicant about potential adverse action and allow the applicant at least five (5) business days to respond [seven (7) business days in San Francisco]. If the employer still does not want to hire the applicant after a reassessment, a final notice must be sent notifying the applicant of the decision and their rights.

The California Civil Rights Department (CRD) offers a “Guide to Using CRD’s Sample Forms” that outlines the six (6) steps employers must follow when considering an applicant’s criminal history when obtaining a background check for employment purposes. Below are the six steps in the Fair Chance Act process and each CRD sample form that can be used by an employer.

  1. Advertisement and Application Compliance Statement: This is a voluntary statement that employers can choose to add to job advertisements and applications regarding the Fair Chance Act.
  2. Conditional Job Offer Letter (En Español): This sample letter can be used by an employer to make a conditional job offer and to notify the applicant that the employer intends to conduct a criminal background check.
  3. Sample Individual Assessment Form (En Español): After making an applicant a conditional job offer and conducting a criminal background check, this sample form can be used by an employer to conduct the necessary individualized assessment of an applicant’s criminal history.
  4. Preliminary Notice to Revoke Job Offer (En Español): If an employer intends to revoke a job offer because of the applicant’s criminal history, this sample letter can be used by an employer to meet its obligation to provide notice to the applicant.
  5. Individual Reassessment Form (En Español): Once an employer notifies an applicant that it intends to revoke a job offer because of the applicant’s criminal history, the employer must give the applicant at least five (5) days to dispute the accuracy of the information and to provide mitigating information. This sample form can be used by an employer to conduct an individualized reassessment based on information provided by the applicant.
  6. Final Notice to Revoke Job Offer (En Español): If after considering any information provided by the applicant, the employer still intends to revoke the job offer, this sample letter can be used by an employer to meet its obligation to provide notice to the applicant of that decision.

After updates to the law, “employer” includes “a labor contractor and a client employer; any direct and joint employer; any entity that evaluates the applicant’s conviction history on behalf of an employer, or acts as an agent of an employer, directly or indirectly; any staffing agency; and any entity that selects, obtains, or is provided workers from a pool or availability list.”

In addition, employers cannot advertise that people with a criminal history will not be considered for hiring and cannot consider information an applicant voluntarily offers about their criminal history prior to a conditional offer. The new regulations also provide a list of sub-factors that employers must consider at a minimum as part of the individualized assessment:

  • The specific personal conduct of the applicant that resulted in the conviction.
  • Whether the harm was to property or people.
  • The degree of the harm (e.g., amount of loss in theft).
  • The permanence of the harm.
  • The context in which the offense occurred.
  • Whether a disability, including but not limited to a past drug addiction or mental impairment, contributed to the offense or conduct, and if so, whether the likelihood of harm arising from similar conduct could be sufficiently mitigated or eliminated by a reasonable accommodation, or whether the disability has been mitigated or eliminated by treatment or otherwise.
  • Whether trauma, domestic or dating violence, sexual assault, stalking, human trafficking, duress, or other similar factors contributed to the offense or conduct.
  • The age of the applicant when the conduct occurred.
  • The amount of time that has passed since the conduct underlying the conviction, which may significantly predate the conviction itself.
  • When the conviction led to incarceration, the amount of time that has passed since the applicant’s release from incarceration.
  • The specific duties of the job.
  • Whether the context in which the conviction occurred is likely to arise in the workplace.
  • Whether the type or degree of harm that resulted from the conviction is likely to occur in the workplace.

The changes will amend California Code of Regulations Section 11017.1 which regulates the consideration of conviction history in employment decisions. The CRD is also providing employers with Frequently Asked Questions (FAQs) about “Fair Chance Act: Criminal History and Employment” (En Español). For more information, visit CalCivilRights.CA.gov/Fair-Chance-Act/.

Click Here for the Original Article

Employer Drug-Testing Policies Must Evolve With State Law

While many individuals are excited about the proliferation of state laws providing for medical and recreational use of marijuana across the country, inconsistencies in these state laws have made it difficult for employers to put in place consistent policies and practices on testing for marijuana as a condition of employment, upon reasonable suspicion, and post-accident. Employers are being forced to revisit their drug-testing policies not just because of changes to their state’s laws regarding medical and recreational use of marijuana, but also because it is becoming increasingly difficult to find employees who have not used, or do not use, marijuana. If employers want to continue testing for marijuana in states where use is legal, policies must be drafted carefully to account for the continued evolution of the law in this area.

The Status of Federal and State Marijuana Use Laws

Marijuana remains a Schedule I substance at the federal level—manufacturing, distributing, dispensing, or possessing it is prohibited under the Controlled Substances Act (CSA). According to the CSA, Schedule I drugs have a high potential for abuse and do not have a currently accepted medical use. Nonetheless, for the last decade or so the federal government has taken a hands-off approach as states enact and enforce their own laws permitting medicinal and/or recreational use of marijuana.

Thirty-nine states and the District of Columbia have laws in place allowing the use of marijuana for medical purposes, and twenty-two states and the District of Columbia have made medical and recreational use of marijuana legal. The scope of these laws, however, varies state by state. In medical-only states, those wishing to purchase medical marijuana in dispensaries often must obtain recommendations from a doctor and register for a state-issued medical marijuana card. In recreational states, any adult over the age of 21 can purchase marijuana in a state-licensed dispensary.

As described further below, some states have chosen to amend their employment laws to account for the new marijuana regimes—or to address employment issues within their marijuana statutes—while others have not.

Traditional Drug Tests May No Longer Be Helpful in the Case of Marijuana

It’s not just the patchwork of state laws that makes things complicated for employers, but also the nature of how marijuana interacts with the human body and the differing legal status of tetrahydrocannabinol (THC) products on the market. THC, the primary cannabinoid associated with the “high” users feel from consuming marijuana, can be detected by a drug test for up to 30 days, sometimes longer. Therefore, when an employee tests positive for marijuana, it does not mean the employee is currently impaired, or that marijuana use played a role in any on-the-job incident. Some states address this complication, but most leave it up to employers to decide how to determine on-the-job impairment.

Further, some forms of THC are considered illegal under federal law, while others are largely considered legal. On the one hand, THC that comes from “marijuana”—a cannabis plant with a 0.3% or higher concentration of delta-9 THC measured on a dry weight basis—is considered a Schedule I substance under the CSA. On the other hand, THC that comes from “hemp” —cannabis with a less than 0.3% concentration of delta-9 THC (on a dry weight basis) —in theory should no longer be considered a Schedule I substance thanks to the Agricultural Improvement Act of 2018, which legalized hemp and its extracts and derivatives. THC also comes in different isomers, such as delta-8, delta-9, and delta-10 THC. Many “hemp-derived” delta-8 and delta-10 THC products produce intoxicating effects but are ostensibly legal under federal law (we say “ostensibly” because there is debate as to whether these novel cannabinoids are “synthetic,” in which case they would again be an illegal Schedule 1 substance).

In states where marijuana use remains illegal, an employer may have a “drug-free workplace” policy that defines drugs as any substances that are illegal under federal law, including marijuana. But an employee who is impaired from the use of hemp-derived delta-8 THC has not used a federally illegal substance. Given that most tests are not able to differentiate between delta-8 THC and delta-9 THC, much less establish whether someone is actually impaired in the moment by the THC, it is difficult for employers to know whether there is a legal justification for administering a marijuana test.

To make matters worse, some employees may test positive for THC after using cannabidiol (CBD) products that they believe are THC-free. CBD is a nonintoxicating cannabinoid in both hemp and marijuana that is believed to have therapeutic effects. Some manufacturers are selling CBD products that contain 0.3% or less THC, but this threshold can be highly misleading and problematic. The Cannabis Regulators Association has called this the “0.3% loophole” and stated: “While the threshold of 0.3% delta-9 THC (tetrahydrocannabinol) by weight is a small amount of THC in a hemp plant, when applied to hemp-derived products (e.g., chocolate bars, beverages, etc.) which can weigh significantly more, 0.3% by weight can amount to hundreds of milligrams of THC. For example, a 50-gram chocolate bar at 0.3% THC would have around 150 mg of THC (30 times the standard 5 mg THC dose established by the National Institute on Drug Abuse). A family sized pack of cookies weighing 20 oz can contain around 1700mg of THC using the 0.3% THC threshold.”[1] There are even some commercial products that have been proven to contain more than the 0.3% threshold. Employees who have been fired for failing drug tests after using CBD products have sued product manufacturers, and, in some instances, employers, over this confusion.

Employment Law and Medical Marijuana Use

Most states have legalized—at least to some extent—the use of marijuana for medical purposes. The state statutes that implement these marijuana regimes have varying levels of protection for employees. On one end of the spectrum are states with broad protections for employees who are registered medical marijuana patients. These states recognize that registered patients may require employers to permit the use of marijuana off premises and not on work hours as a reasonable accommodation. For example:

  • New York recognizes certified patients who use medical marijuana as having a disability that may require reasonable accommodations.[2]
  • In Barbuto v. Advantage Sales & Mktg., LLCin 2017, the Massachusetts Supreme Court held—despite an employer’s established drug-free workplace policy—permitting an employee’s off-site use of medical marijuana to treat her Crohn’s disease may constitute a reasonable accommodation under the state’s disability discrimination law.[3]
  • The Nevada Supreme Court held that the state’s reasonable accommodation statute provides an implied private right of action for employees’ certified medical cannabis use if employers fail to permit such use.[4]

Other states have focused on expanding the rights of employees subject to marijuana testing policies, for example:

  • Under Delaware law, employers are not permitted to assume patient employees are under the influence of medical marijuana because of the detection of marijuana in a drug test.[5]
  • Under New Jersey’s medical marijuana statute, employers are permitted to perform drug testing, but they must offer employees the opportunity to provide a legitimate medical explanation following a positive test result.[6]
  • Pennsylvania law requires employers to accommodate impairment from medical marijuana unless the employee’s conduct falls below the standard of care normally accepted for that position.[7]In addition, the Commonwealth Court of Pennsylvania has held that medical marijuana users may be eligible for employment benefits if they are fired after testing positive for marijuana.[8]

Employers must also be mindful of local ordinances. Three municipalities—Philadelphia, New York City, and San Francisco—have laws banning or restricting private employers from testing employees and applicants for marijuana.[9] Exceptions to these testing bans exist, but they are largely dependent on whether the testing occurs in certain industries.

On the other end of the spectrum are states that have legalized marijuana use in some form but continue to permit employers to decide whether to test for marijuana and whether to reject applicants who test positive for marijuana. Marijuana use has been permitted for medical reasons in Virginia since 2015 and the state also legalized adult use and possession (but not sale) in 2021. However, Virginia does not have any employment protections for medical or recreational marijuana users. Other jurisdictions that have not yet passed any laws allowing for the use of marijuana for any reason.

Employment Law and Recreational Marijuana Use

Many of the states that allow for recreational use of marijuana either prohibit testing for marijuana, protect applicants and employees from adverse employment actions based on the results of a positive marijuana test, or require additional evidence of impairment. For example:

  • Effective January 1, 2024, California employers are prohibited from penalizing a person for use of cannabis off the job and away from the workplace.[10]
  • In New York, employers may not refuse to hire, fire, or otherwise discriminate against an employee’s legal use of marijuana outside of the workplace, including the legal use of marijuana before an employee’s work shift.[11]
  • In New Jersey, the use of a Workplace Impairment Recognition Expert (WIRE) is required for an employer to detect and identify an employee’s use of or impairment from marijuana.

State Restrictions on Employee Marijuana Testing

It goes without saying that crafting legally compliant marijuana testing policies presents a challenge for multi-state employers. The patchwork of different marijuana laws across the country, limitations of current drug tests to determine whether an employee is impaired, and issues surrounding the regulation and legality of CBD have all contributed to growing anxieties about crafting a legally-compliant policy.

That said, some patterns have emerged when it comes to the different degrees of restriction on marijuana testing in the employment space. Below are five lists to help you determine where state and local jurisdictions stand now, starting with the most restrictive laws for employers.

Employers cannot test employees or applicants for marijuana in:

  • New York
  • Philadelphia, Pennsylvania
  • Nevada

Employers must provide a reasonable accommodation for authorized medical marijuana users (but not necessarily recreational users) in:

  • Alabama
  • Arkansas
  • Delaware
  • Florida
  • Hawaii
  • Louisiana
  • Maryland
  • Minnesota
  • Mississippi
  • Missouri
  • New Hampshire
  • North Dakota
  • Ohio
  • Oklahoma
  • Pennsylvania
  • South Dakota
  • Utah
  • West Virginia

Employers are not permitted to refuse employment or otherwise discriminate against authorized medical marijuana patients in:

  • Arizona
  • Arkansas
  • Connecticut
  • Delaware
  • District of Columbia
  • Maine
  • Minnesota
  • Nevada
  • New Jersey
  • New York
  • Oklahoma (medical marijuana license holders)
  • Pennsylvania
  • Rhode Island
  • South Dakota
  • West Virginia

Employers are permitted to test for marijuana, but may not take adverse action against an applicant based solely on a positive marijuana test in:

  • Arizona
  • Connecticut
  • Delaware
  • Michigan
  • New Jersey
  • Oklahoma (only applies to medical marijuana license holders)

There are no marijuana testing restrictions on employers in:

  • Idaho
  • Indiana
  • Kentucky
  • Nebraska
  • North Carolina
  • Tennessee
  • Texas (low-level THC authorized)
  • Virginia
  • Wisconsin
  • Wyoming

Can employers count on any consistencies in the law across state lines when it comes to addressing employee marijuana use?

Employers are generally under no obligation to accommodate marijuana possession and use in the workplace or during work hours—and this principle holds true even if an employee has a medical marijuana prescription or the employer’s place of business is located in a state that has legalized recreational marijuana use.

In addition, employers generally are permitted to take adverse employment actions against employees who are under the influence of or impaired by marijuana at work, absent any reasonable accommodation requirement for medical marijuana use under the ADA or state law. The issue becomes whether, and under what circumstances, an employer is permitted to test for marijuana and rely on a positive drug test as indicative of present impairment.

Some state laws consider employees impaired or under the influence if the employer has a good faith belief that an employee exhibits specific, articulable symptoms—like irrational behavior, carelessness resulting in injury, or changes in speech—that negatively affect work performance. In these states, a positive drug test alone is not enough to constitute an articulable symptom of impairment. In New Jersey, for example, an employer may not take adverse employment against an employee based on a positive drug test. The test must be coupled with a physical examination by a Workplace Impairment Recognition Expert (WIRE) for signs of cannabis impairment. Even where there are specific articulable symptoms, the employer may need to allow impairment as a reasonable accommodation under the ADA if the employee is using marijuana pursuant to a valid prescription or marijuana medical card

Best Practices for Employers

Now that marijuana legalization and decriminalization laws have become the new norm, employers are scrambling to understand how to implement drug-free workplace policies. While employers are not required to tolerate marijuana possession and use on the job in most instances, as explained above, marijuana testing in the employment space is strictly restricted or prohibited in some states. In other states, marijuana test results must be combined with some other evidence of impairment before employers may take an adverse job action, an issue that can be especially tricky when the employee is working in a remote environment.

In the face of rapid changes in the law, some multi-state employers have abandoned marijuana testing altogether and instead base employment decisions on observations about employee performance and conduct, regardless of metabolic state. That said, here is a list of recommendations for employers to consider when implementing or adjusting marijuana testing policies:

  • Make sure you are aware of current law in the jurisdiction where you have employees and keep on top of legal developments. Employers who wish to continue testing for marijuana must be aware of state and local restrictions on the ability to test at various stages of employment – whether the testing is occurring pre-employment, upon reasonable suspicion, post-accident or randomly. If your office is in Philadelphia, for example, do not implement a drug screening for all prospective employees—that would be a violation of a municipal ordinance. If you have employees in New Jersey, you may not use a positive marijuana test to reject an applicant for employment and must combine a positive test with a physical exam from a WIRE before taking adverse job action against a current employee.
  • Create a clear written policy for employment-related drug testing—and stay away from vague language. The written policy should include details such as a prohibition against using or being impaired by marijuana while at work or on Company property and the consequences of a positive test. It should also include definitions of “impairment” and “under the influence.” If your policy distinguishes between medical use and recreational use, be sure to spell it out clearly.
  • Ensure your policy does not discriminate against medical marijuana cardholders. Employers with employees in states that have legalized the use of marijuana for medical purposes should be sure to have a statement in their policy- consistent with their practice- that the company does not discriminate against employees who are medical marijuana cardholders.
  • Treat all employees who test positive for marijuana consistently.Employers should avoid singling out individuals to avoid claims of discrimination.
  • Make sure that your testing method and recording of results is compliant with applicable law. In addition to laws restricting the use of marijuana test results, some states have guardrails on the methods used to test individuals, including that the testing take place in a private area and that the results are kept confidential.


Click Here for the Original Article

Delaware’s Governor Signed the Delaware Personal Data Privacy Act

On September 11, 2023, Delaware’s Governor signed House Bill 154 which enacts the state’s comprehensive consumer data privacy statute. Delaware joins CaliforniaColoradoConnecticutIndianaIowaMontanaOregonTennesseeTexasUtah, and Virginia in enacting a comprehensive consumer privacy law.

The law will take effect on January 1, 2025.

To whom does the law apply?

The statute applies to persons who conduct business in the state or persons who produce products or services that are targeted to residents of the state and who during the prior calendar year did any of the following:

  • Controlled or processed the personal data of 35,000 consumers or more, excluding personal data controlled or processed for the purpose of completing a payment transaction.
  • Controlled or processed personal data of 10,000 consumers or more and derived more than 20 percent of their gross revenue from the sale of personal data.

Hereafter, covered businesses are referred to as controllers.

However, the statute does not apply to the following entities:

  • Any regulatory, administrative, advisory, executive, legislative, or similar body of Delaware.
  • Any financial institution subject to Title V of the Gamm Leach Bliley Act.
  • Any non-profit organization dedicated exclusively to preventing and addressing insurance crime.

Who is protected by the law?

The law protects consumers which is defined under the law as an individual who is a resident of Delaware but does not include an individual acting in a commercial or employment context or as an employee, owner, director, officer, or contractor whose communications or transaction with the controller occur solely within the context of the individual’s role with the entity.

What data is protected by the law?

The law protects personal data which means any information that is linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.

The statute does not apply to certain health data including protected health information under the Health Insurance Portability and Accountability Act (HIPAA).

What are the rights of consumers?

Under the statute, consumers have the following rights:

  • To confirm whether a controller is processing the consumer’s personal data.
  • To access personal data processed by a controller.
  • To correct inaccuracies in the consumer’s personal data.
  • To delete personal data provided by or obtained about the consumer.
  • To obtain a copy of the consumer’s personal data processed by the controller.
  • To obtain a list of the categories of third parties to which the controller has disclosed the consumer’s personal data.
  • To opt out of the processing of the personal data for purposes of targeted advertising and profiling.

What obligations do businesses have?

Generally, a covered controller shall respond to a consumer exercising their rights under the statute without undue delay but not later than 45 days after receipt of the request. The controller may extend the response person by 45 additional days when reasonably necessary based upon the complexity and number of requests and other factors.

Information provided to a consumer in response to a request shall be provided free of charge, once per consumer during any 12-month period.

If the controller declines to take action in response to a consumer request they must inform the consumer without undue delay, but not later than 45 days after receipt of the request.

Moreover, controllers must limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to the purpose for which the data is processed.

Controllers must also establish and maintain reasonable administrative, technical, and physical data security practices to protect personal data.

Further, controllers must provide reasonably accessible, clear, and meaningful privacy notices that include the following:

  • The categories of personal data processed by the controller.
  • The purposes for processing the personal data.
  • How consumers may exercise their rights under the statute.
  • The categories of personal data that the controller shares personal data.
  • An active electronic mail address or the online mechanism that the consumer may use to contact the controller.

Processors of data also have enumerated obligations under the statute.

How is the law enforced?

Delaware’s Department of Justice has enforcement authority over the statute and may investigate and prosecute violations.

There is no private right of action under the statute.

Click Here for the Original Article


Employers Beware – Slew of Class Actions Filed Alleging Violations of Washington’s Pay Transparency Requirements in Job Postings

Within the past week, roughly 30 class action lawsuits were filed against myriad employers alleging violations of Washington’s new(ish) pay transparency law. This is a good time for employers to review their job postings, especially any job postings that are currently active, to ensure compliance. Employers with 15 or more employees are required to provide in all job postings a salary or wage range, a general description of all benefits, and any other compensation the employee will receive. The law is described in greater detail in this earlier advisory and this webinar.

The lawsuits are largely identical and assert claims that the employers’ job postings do not include salary or wage ranges, benefits, and “other compensation” information. The plaintiffs seek to represent a putative class of all applicants who applied for any job at the employer, for which postings were allegedly insufficient. The plaintiffs seek damages, on behalf of themselves and the putative class, under two theories. First, they allege they “lost valuable time” applying for the position. Second, the plaintiffs claim that because they did not have the salary information for the job posting, they were unable to “evaluate the pay for the position, negotiate that pay, and compare that pay to other available positions in the marketplace.” The plaintiffs seek $5,000 or actual damages, whatever is greater, and their attorney fees.

Employers with questions about the law are encouraged to contact legal counsel. In the meantime, DWT tracks all legal developments related to the law, including the new cases as they are filed, and will provide periodic updates.

Click Here for the Original Article


Harassment recognized as a tort in Alberta

Alberta is the first Canadian jurisdiction to recognize the tort of harassment, while Ontario and British Columbia have declined to recognize the same tort. In the recent decision Alberta Health Services v. Johnston two issues were considered. First the issue of whether unelected public bodies could bring suits in defamation and secondly whether to recognize the tort of harassment. The case involved an individual defendant who was a candidate for mayor of Calgary in 2021. During his campaign, he frequently criticized Alberta Health Services and a specific employee of Alberta Health Services, who were the plaintiffs in the case. The defendant made targeted attacks against the plaintiff’s referring to them as criminals and making threats of violence as well as personal and financial ruin. The plaintiff’s sued for harassment and defamation.

With respect to the claim of harassment, the court considered the following four points in deciding, contrary to the courts in Ontario and British Columbia, to recognize the tort of harassment.

  1. The inherent wrongful nature of harassment as it is classified as a criminal act.
  2. The availability of existing legal remedies in the form of restraining orders, affirming the justiciability of harassment related issues.
  3. Harassment as a common law tort does not impede the legislature from creating a statutory cause of action or indicating that harassment is non-actionable.
  4. The inadequacy of the current tort law framework in addressing the harms inflicted by harassment.

The court referenced the criminal definition of harassment in establishing the elements that must be proven to establish the new tort of harassment:

  • The defendant engaged in repeated communications, threats, insults, stalking or other forms of harassing behaviour, either in person or through various means;
  • The defendant knew, or ought to have known, that their conduct was unwelcome;
  • The plaintiff’s dignity was impugned, causing a reasonable person to fear for their safety or the safety of their loved ones or reasonably foreseeing emotional distress as a result; and
  • The plaintiff suffered harm as a direct consequence of the defendant’s conduct.

In Alberta Health Services the Court awarded $100,000 in general damages for harassment.

This decision is contrary to a number of British Columbia decisions as well as the Ontario Court of Appeal decision. In British Columbia our courts have concluded that there is no common law tort of harassment in British Columbia or Canada. The Ontario Court of Appeal in Merrifield (2019 ONCA 205) also held that the tort of harassment does not exist in Ontario and they were not persuaded that the tort should be recognized.

The impact of the Alberta Health Services decision is yet to be seen. It is under Appeal so the Alberta Court of Appeal will have an opportunity to weigh into the debate of whether an independent tort of harassment should be recognized or not. The test established by the Court lays the groundwork for litigants in other provinces to continue to push the courts to expand tort law to recognize an independent tort of harassment.

Click Here for the Original Article


The Rise of US-Style Class Actions in the UK and Europe

Class actions have been a feature of the litigation landscape in the USA for decades. Claimant-friendly procedures combined with an aggressive and well-funded plaintiffs’ bar have created fertile ground for these large, long-running and often high-profile cases.

See Publication on the link below for more information:

Click Here for the Original Article

EEOC Releases New Guidance on Harassment in the Workplace

On September 29, 2023, the U.S. Equal Employment Opportunity Commission (the “EEOC”) released its draft guidance concerning harassment in the workplace. The updated guidance reflects notable changes in law, including the U.S. Supreme Court’s decision in Bostock v. Clayton Cnty., Georgia, the #MeToo movement, and emerging issues, such as virtual or online harassment.  This is the EEOC’s first attempt to issue enforcement guidance on workplace harassment since 2017.  The guidance was published in the Federal Register on October 2, 2023.  The public can submit comments regarding the guidance through this link until November 1, 2023.

The updated EEOC guidance contains examples that reflect different scenarios of harassment, includes up to date case law on workplace harassment, and discusses how digital technology and social media can contribute to a hostile work environment.

Harassment on the Basis of Sexual Orientation and Gender Identity

The U.S. Supreme Court in Bostock held that discrimination based on sexual orientation or gender identity is a form of sex discrimination under Title VII.  Although Bostock was a discrimination case and not a harassment case, the EEOC states that “sex-based harassment includes harassment on the basis of sexual orientation and gender identity, including how that identity is expressed.”  In light of the U.S. Supreme Court’s ruling in Bostock, the EEOC listed examples of sexual harassment based on an individual’s sexual orientation and gender identity in its guidance such as:

  1. Stating epithets regarding sexual orientation or gender identity;
  2. Physical assault due to an individual’s sexual orientation or gender identity;
  3. Harassment because an individual does not present in a manner that would stereotypically be associated with that person’s gender;
  4. Intentional and repeated use of a name or pronoun inconsistent with the individual’s gender identity (misgendering); and
  5. The denial of access to a bathroom or other sex-segregated facility consistent with the individual’s gender identity.

Harassment on the Basis of Pregnancy, Childbirth, and Related Medical Conditions

In addition to harassment on the basis of sexual orientation and gender identity, the EEOC notes that sex-based harassment includes harassment on the basis of pregnancy, childbirth, or related medical conditions, including lactation.  This includes harassment based on a woman’s reproductive decisions, such as decisions about contraception or abortion.

Digital Technology and Social Media

The EEOC notes that conduct within a virtual work environment can contribute to a hostile work environment.  For example, this can include sexist comments made during a video meeting, racist imagery that is visible in an employee’s workplace while the employee participates in a video meeting, or sexual comments made during a video meeting about a bed being near an employee in the video image.

Further, the EEOC took artificial intelligence and digital technology into account when drafting its updated guidance.  The EEOC notes that given the proliferation of digital technology, it is increasingly likely that the non-consensual distribution of real or computer-generated intimate images using social media can contribute to a hostile work environment if it impacts the workplace.

What is the Effect of EEOC Guidance?

EEOC guidance does not have the force of law.  Courts may give deference to this EEOC guidance in assessing harassment claims, or they may reject it altogether.  However, this guidance provides employers with helpful information about how the EEOC will interpret and enforce federal anti-harassment laws when investigating charges of discrimination and handling its own litigation matters, including claims under Title VII, the Age Discrimination in Employment Act, the Americans with Disabilities Act, and the Genetic Information Nondiscrimination Act.

Either way, employers should be aware of recent changes in the EEOC’s guidance and review their current practices and policies concerning harassment in the workplace with these changes in mind.  When a question arises, it is always best to contact an experienced employment law attorney.

Click Here for the Original Article

Requiring an Employee to Pay for a Leadership Program May Be Discrimination

Following its recent decision that an “adverse employment action” under Title VII need not be an “ultimate employment action” (as discussed in our August 2023 E-Update), the U.S. Court of Appeals for the Fifth Circuit has now provided a further example of what kind of employment action is sufficient to support a discrimination claim.

In Harrison v. Brookhaven School District, the school district typically paid the fees for a leadership training program for prospective school superintendents. A black educator and school administrator was accepted into the program, but the school superintendent reneged on his promise to pay her fees and offered to pay for her to attend in two years. However, because she had been accepted for the coming year, she paid the fees herself. She sued, arguing that the school district had engaged in discrimination because it refused to pay her fees while paying for white males to attend. The federal district court dismissed her claim on the basis that failing to pay for a leadership program was not an “ultimate employment action.”

The Fifth Circuit, however, referenced its recent decision that rejected the “ultimate employment decision” standard. Consequently, it found that the refusal to pay for the program could be discrimination in the “terms, conditions, or privileges” of the administrator’s employment. In addition, the Fifth Circuit quoted the Supreme Court that, “A benefit that is part and parcel of the employment relationship may not be doled out in a discriminatory fashion, even if the employer would be free under the employment contract simply not to provide the benefit at all.” And keeping in mind that Title VII is not a “general civility code,” the Fifth Circuit reiterated that de minimis (or minimal) injuries do not rise to the level of a Title VII violation – however, in this case, the employee was required to pay approximately $2000 out of her own pocket, which the Fifth Circuit found to be more than a de minimis injury.

This case reinforces the need for employers to be thoughtful and consistent – not only with what were formerly known as “ultimate employment actions” like hiring, promotions, pay increases, and terminations – but also with less significant, but still impactful, benefits and actions.

Click Here for the Original Article

10-Step Plan for Employers Using Artificial Intelligence in Employment Processes

Artificial intelligence has transformed the way we live, work and even think. While AI offers seemingly endless potential benefits in the workplace – including improvements in efficiency, cost cutting and innovation – employers must balance those benefits with the legal risks of using AI tools in employment processes. Employers using these tools also must attempt to keep up with regulatory and technological developments in a rapidly evolving space.

Below, we’ve outlined a 10-step plan for employers using AI-based tools in employment decision-making and related processes to best mitigate against the risks of using such tools. We’ve focused on the broad umbrella of tools powered by AI, including those using machine learning and/or natural language processing, that are used in employment processes. These tools have become the center of focus from agencies such as the US Equal Employment Opportunity Commission (EEOC), due to some tools’ incorporation of software that uses algorithmic decision-making at different stages of the employment process.

  1. Identify the technology

As a preliminary matter, employers need to identify existing AI technology used in the employment decision-making process, including how they are using it, and what technologies they may want to implement in the future. According to EEOC Chair Charlotte Burrows, more than 80% of employers use AI in some of their employment decision-making processes, but many employers might not realize the ubiquity and broad scope of tools using such technologies. For example, AI technology may be used in sourcing and screening candidates, interviewing, onboarding, performance management, succession planning, talent management, and even diversity, equity and inclusion (DEI) activities. Some examples include résumé scanners, employee engagement/monitoring software, virtual training programs, “virtual assistants” or “chatbots,” video interviewing software, “job fit” or “cultural fit” testing software, and trait- or ability-revealing applicant gaming systems.

  1. Understand the role of human oversight

It is critical for employers to understand the role of human oversight in the use of AI tools. Employers should ensure that a tool does not replace human judgment and any final decisions continue to be made by HR or management. Human oversight is not only advisable from a legal perspective, but it also may mitigate distrust and employee morale issues arising from concerns of overreliance on AI technologies in employment decision-making.

  1. Vet vendors, tools and data

Vetting the vendor

The explosion of AI tools designed for use in employment processes means that vendors will need to be carefully vetted as a threshold matter. Employers may want to consider whether the vendor’s developers receive any training on detecting and preventing bias in the design and implementation of such tools. Employers also may wish to consider whether vendors regularly consult with diversity, labor, or other outside experts to address and prevent bias issues, and they should be wary of any claims of “bias-free” or “EEOC-compliant” tools, as these representations have no legal effect. In addition, employers should take a close look at any purchasing contracts made with vendors, with particular focus on how potential liability in connection with the tool’s use will be allocated.

Vetting the tool

Employers should thoroughly vet any tool they wish to implement, including understanding how the tool works and how it makes any recommendations or conclusions. As a preliminary matter, employers should consider the track record of the tool, including if and how long the tool in consideration has been used by other employers and the purposes for which they have been utilized. Employers also should understand if and how the tool was developed for individuals with physical and mental disabilities – and ask whether any interface is accessible to individuals with disabilities, whether materials presented are available in alternative formats, and whether vendors attempted to determine whether using an algorithm disadvantages individuals with disabilities, such as where characteristics measured by the tool are correlated with certain disabilities. Some tools may improperly “screen out” individuals with disabilities (including visual disabilities), and employers should ask vendors how the tool mitigates or provides accommodations for that issue. In addition, screen outs can occur if tools, such as chatbots, are programmed to reject all applicants who have gaps in their employment history, when such gaps may have resulted from disability-based reasons.

Vetting the data

Understanding the data that the AI tool has been trained on is a critical part of vetting any AI tool. Prior to using a tool, employers should mitigate any risk that a tool is a “proxy” for impermissible discrimination. Such discrimination can occur where the data a tool is trained on is itself biased (e.g., an employer’s existing nondiverse employee population), leading to potentially biased results (i.e., the “garbage in, garbage out” problem). Employers also may consider what statistical analyses have been run on the tools and how such analyses were selected.

  1. Assemble the right team

Several federal agencies recently asserted that many automated systems operate as “black boxes” whose “internal workings are not clear to most people and, in some cases, even the developer of the tool” and this “lack of transparency often makes it all the more difficult for developers, businesses, and individuals to know whether an automated system is fair.” To mitigate against this asserted black box problem in the workplace, employers should ensure that they assemble a multidisciplinary team tasked with implementing and monitoring any AI tool. This team should not only comprise members from human resources, legal, communications, marketing and DEI functions, but also members of IT, including those with backgrounds in software or data engineering. Assembling the right team with the appropriate experience will help ensure all players understand, are aligned on, and are able to explain the business goals tied to using AI tools and how the tool reaches particular decisions or predictions. Employers may want to designate a team member tasked with monitoring trends and technology developments in this evolving space.

  1. Know the applicable laws

While federal government regulation, for the most part, is still playing catch-up to the rapid advancement of AI technologies, employers using such technologies already are subject to numerous federal and state anti-discrimination, intellectual property, cybersecurity and data privacy laws. In the employment space in particular, federal anti-discrimination laws – including Title VII of the Civil Rights Act of 1964, the Americans with Disabilities Act, and the Age Discrimination in Employment Act – collectively prohibit disparate treatment discrimination (intentional discrimination against members of a protected class) and disparate impact discrimination (facially neutral policies or practices that discriminate in practice against members of a protected class). In addition, US states and local jurisdictions may impose more protective anti-discrimination laws. The use of AI tools in certain instances can trigger compliance risks under other federal employment laws, such as the National Labor Relations Act and the Fair Credit Reporting Act. Federal contractors should note that the Office of Federal Contract Compliance Programs recently revised its scheduling letter and itemized listing to require employers to provide information and documents relating to the use of “artificial intelligence, algorithms, automated systems or other technology-based selection procedures.”

Some jurisdictions specifically regulate certain AI technologies used in the workplace. For example, as we reported in a May 2023 client alert, New York City recently began enforcing the City’s Automated Employment Decision Tools (AEDT) Law, which imposes several requirements for employers using a qualifying AEDT, including conducting an independent bias audit of the AEDT and making available certain information about data collected by the tool. The Illinois Artificial Intelligence Video Interview Act also imposes notification, consent, deletion and reporting requirements for jobs based in Illinois. Maryland House Bill 1202 similarly requires applicant consent for employers to use facial recognition technology during pre-employment job interviews. Employers navigating this complex area will need to ensure that their use of AI tools complies with all applicable laws.

  1. Have appropriate policies in place

Employers should consider whether to implement policies identifying and addressing appropriate use of AI technologies in employment processes. In a policy, employers should be transparent about how the tool operates, what data is being used, and how – if at all – the tool assists with decision-making processes. With clear language identifying how such tools are used, employees and applicants can be better informed, and employment decisions such as hiring and promotion can be perceived as more fair. Any applicable policies should be communicated and updated regularly.

  1. Implement training and education

Any AI use policies should be communicated to employees, preferably through training and education programs. Management-level employees also should receive education and training on AI tools, including applicable legal requirements regulating the use of such tools, the potential for tools to perpetuate bias or discrimination if used improperly, the importance of human oversight, and concerns regarding incorrect or misleading outputs.

  1. Ensure accommodations are available

Employers using AI tools should prepare their managers and HR teams to recognize and evaluate accommodations requests from applicants and employees. Even though some laws, such as New York City’s AEDT Law, do not explicitly require that employers provide an accommodation (only that individuals are provided notice that they may request an accommodation or alternative selection process), accommodations are required under the federal ADA and New York City and state human rights laws. The EEOC and the White House have cautioned against screening out candidates based on inaccessibility to a human alternative to an AI tool.

  1. Conduct regular testing and audits

Once deployed, AI tools should be evaluated and regularly monitored to ensure that business objectives for using the tool continue to be met, the tool is implemented in a fair and unbiased manner, and any adjustments may be made. Even if the tool has been subject to an audit prior to being used, employers should continue to conduct such audits at least on an annual basis, as the implementation of the tool in any particular workforce can result in unforeseeable issues. For instance, the White House’s Blueprint for an AI Bill of Rights suggests that automated systems be regularly monitored for “algorithmic discrimination that might arise from unforeseen interactions of the system with inequities not accounted for during the pre-deployment testing, changes to the system after deployment, or changes to the context of use or associated data.” Audits also should be conducted in coordination with legal counsel.

  1. Pay attention to the rapidly evolving AI landscape

Employers, especially those operating in multiple jurisdictions, need to stay up to date on potential laws and regulations regarding AI in employment processes. For example, new laws similar to – or even more stringent than – NYC’s AEDT law have been proposed in New York state, New Jersey, California, Massachusetts and Washington, DC, while other states have created task forces to advise and propose regulations governing such tools in the employment context. In California, a new state agency – the California Privacy Protection Agency – is tasked with addressing automated decision-making technology. Although there is no current comprehensive federal legislation, several bills and frameworks are in consideration, such as Senate Majority Leader Chuck Schumer’s SAFE Innovation framework and the No Robot Bosses Act.

Click Here for the Original Article

NY State Education Department Bans Facial Recognition Technology

In late September, the NY State Education Department issued a two-page order providing that NY public schools may not purchase or utilize facial recognition technology. The Department relied on a report issued by the NY Office of Information Technology Services in August that was critical of the privacy implications of facial recognition technology, but left open the door for the use of other types of biometric technology in schools.

The Department’s actions followed on litigation that began in 2020 after an upstate school district began implementing a facial recognition system intended to identify potentially threatening non-students on school premises. After the litigation began, the state legislature enacted a moratorium on facial recognition technology while the State Education Department and Office of Information Technology Services conducted further research and issued a final decision.

In its report, the Office of Information Technology Services focused heavily on potential impacts to student privacy as well as equity concerns, noting that research on facial recognition technology has noted the possibility of higher rates of incorrect identification on people of color, non-binary and transgender individuals, women, the elderly, and, importantly, children.  The report likewise expressed significant concerns over the possibility of breaches to biometric databases that would be needed to make the facial recognition technology work, noting that because biometric information generally cannot be changed, the disclosure of biometric data could potentially put users at permanent risk.

Ultimately, the report was less critical of non-facial recognition biometric technology, such as the use of digital fingerprinting.  The Department’s order potentially allows for the use of such technology, as it authorizes school districts to “determine whether to use biometric identifying technology other than facial recognition technology at the local level.”

Similar debates are taking place at the local level in other states, too.  Montana, for example, has recently begun to utilize facial recognition technology for security purposes in several small school districts.  Though there is no over-arching federal policy on the use of facial recognition technology in schools, the Federal Educational Rights and Privacy Act (“FERPA”) does require certain protections for “biometric records” of students, which can include, among other things, “retina and iris patterns” and “facial characteristics.”  That said, FERPA does not have highly built-out requirements in relation to privacy and data security (in the way that, for example, HIPAA does in the health context), and the potential for data breaches to occur figured heavily in the Department’s analysis as well as other state-level debates about facial recognition.

We expect these debates will continue as schools continue to search for technologies that enhance security on campus, while attempting to balance the need for security with the various other issues presented by facial recognition technology.

Click Here for the Original Article