This issue of Take 5, "Five New Challenges Facing Retail Employers," was written by Susan Gross Sholinsky, a Member of the Firm, and Nancy L. Gunzenhauser, an Associate. Both are based in Epstein Becker Green's New York office.
Retailers face new challenges every day as a result of legislation, litigation, and technology. This Take 5addresses some of these challenges.
Pregnancy Accommodation
Several states and municipalities across the country have recently enacted statutory protections for pregnant workers. Such laws, which generally protect pregnant employees from discrimination and require reasonable accommodations for pregnant workers (regardless of whether the employees are disabled by the pregnancy), particularly impact retailers due to the nature of the work performed by retail employees.
For example, New Jersey recently amended its Law Against Discrimination ("LAD") to add pregnancy as a protected category. For purposes of the LAD, "pregnancy" means "childbirth, or medical conditions related to pregnancy or childbirth, including recovery from childbirth." In addition to prohibiting discrimination against pregnant employees, the statute now requires New Jersey employers to provide reasonable accommodations to pregnant workers. The amended LAD includes several examples of potential accommodations, including bathroom breaks, breaks for increased water intake, periodic rest, assistance with manual labor, job restructuring or modified work schedules, and temporary transfers to less strenuous or hazardous work. Other states with similar laws include Alaska, California, Connecticut, Hawaii, Illinois, Louisiana, and Texas. New York City also recently amended its Human Rights Law to provide for similar protections of pregnant workers.
In light of the new requirements to accommodate pregnant employees, regardless of whether those employees are disabled due to pregnancy, retailers will need to consider what types of accommodations might be appropriate and think about which accommodations will even be possible in their stores. For example, the need to increase water intake might be accommodated by a sales associate being permitted to either carry a water bottle or take additional breaks. Another common request will likely be for rest breaks and the opportunity to sit down. Various factors, such as the size and layout of the store, the number of sales associates on duty, and whether cashiers also walk the floor, will clearly impact the employer's ability to allow employees to take breaks and/or perform duties while seated.
Retailers should be aware that certain jurisdictions also require notice to new (and, in some cases, current) employees of these accommodation requirements.
Furthermore, retailers should keep in mind that, pursuant to recent amendments to the Fair Labor Standards Act, as well as certain state laws, employers must also provide employees returning to work after giving birth with an appropriate place (and reasonable time) to express breast milk. This requirement has proved especially tricky for some retailers, because small stores, for the most part, do not have adequate room or privacy for such activities. Retailers may need to be creative in this regard—if a store is in a mall, perhaps the mall itself may have an office or room that could be utilized for this purpose.
Releases and Other Considerations Attendant to Layoffs
In today's economic climate, many retailers have found themselves moving or consolidating operations, or simply laying off workers. When an employer provides severance in exchange for a release of claims to terminated employees, the employer generally uses a standard separation agreement. Employers may wish to revisit this form, especially in light of a recent lawsuit by the federal Equal Employment Opportunity Commission ("EEOC") against a large retailer over the terms of the retailer's form release agreement.
When employers require a release of claims in exchange for severance, they should consider the EEOC's position that several common provisions in employers' separation and release agreements are unlawful, unenforceable, or otherwise insufficient, in that they allegedly violate the prohibition in Section 707 of Title VII of the Civil Rights Act ("Title VII") against engaging in a "pattern or practice" of denying employees' rights to "enjoyment of any of the rights" provided under Title VII. In particular, in a recent lawsuit, the EEOC challenged:
- the scope of waiver language—i.e., whether an employer can include language requiring employees to waive "any claim of unlawful discrimination of any kind";
- covenants not to sue—i.e., whether these covenants must clearly exclude employees' rights to bring claims with the EEOC and state/local Fair Employment Practices Agencies ("FEPAs");
- non-disparagement and cooperation provisions as being violative of public policy in that they restrict employees from bringing concerns or claims to the EEOC or FEPAs;
- confidentiality provisions, where certain items such as "information concerning the Corporation's personnel" and "wages and benefit[s]" fall within the definition of "confidential information," and may lead an employee to believe that he or she cannot share such information with the EEOC or FEPAs in connection with a claim against the employer; and
- certain provisions in the separation agreement regarding attorneys' fees and other penalties resulting from a breach of the agreement by the employee, as being unlawful and/or chilling.
Additionally, and significantly, the EEOC alleged that a single statement within a five-page release—which said, "Nothing in this paragraph is intended to or shall interfere with employee's right to participate in a proceeding with any appropriate federal, state or local government agency enforcing discrimination laws, nor shall this agreement prohibit employee from cooperating with any such agency in its investigations"—is insufficient to advise employees of their right to communicate with the EEOC and FEPAs and/or initiate claims (even though the employees may properly be precluded from recouping the monetary benefit in connection with such claims).
While the recent lawsuit represents a rather aggressive stance by the EEOC, there is a chance that the court will agree with some or all of the points raised. As such, employers may wish to review some of their own release provisions, with an eye towards the points raised by the EEOC.
While reviewing their form separation agreements, employers should also ensure compliance with the Older Workers Benefit Protection Act ("OWBPA"), an amendment to the Age Discrimination in Employment Act, in the context of a "group termination," which provides employees with certain protections when releasing claims against an employer. Specifically, per the OWBPA, a release of federal age discrimination claims will not be valid unless workers 40 years of age and older are provided with (i) 45 days to consider whether to release claims against the employer, (ii) information regarding the ages and titles of employees who were and were not selected for termination, and (iii) seven days to revoke their signature once they have signed the release. The OWBPA includes other provisions as well, such as requiring an employer to advise an employee to consult with legal counsel regarding the release.
Furthermore, in planning and implementing layoffs, employers should consider whether the planned layoff is large enough to constitute a "plant closing" or "mass layoff" under the federal Worker Adjustment and Retraining Notification ("WARN") Act. If so, covered employers must provide 60 days' advance notice to affected employees. Employers should note that several states maintain their own WARN laws, many of which provide additional protections to terminated employees. For example, in New York, a 90-day notice period is typically required, and the thresholds for employer coverage and the number of terminations that constitute a WARN event are lower. In New Jersey, failure to give notice can result in a requirement to provide "severance" payments to affected workers. It is important to review both federal and state laws before deciding to engage in any terminations that might constitute a WARN event.
Racial Profiling
New York's Attorney General is currently investigating various claims of racial profiling at retailers throughout the region. In recent years, many retailers have increased security measures due to theft, but such procedures have caused major problems when the policies are (or are alleged to be) applied in a discriminatory manner. Several lawsuits have been filed against major retailers for detaining or questioning individuals suspected of theft or fraud on the basis of race.
In response to the public outcry, various retailers have begun to post a Shoppers' "Bill of Rights" within their stores. This document specifically bans the practice of judging and addressing people based on their race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, ancestry, appearance, or any personal or physical characteristics.
New York law provides specific guidelines pertaining to the training of licensed security guards. Such training should include a discussion of the prohibition against discrimination on the basis of unlawful factors. Federal, state, and local laws also prohibit racial profiling in places of public accommodation, including retail stores open to the public. In addition to any required training under applicable law, retailers should train all security personnel, as well as managers and other staff, on diversity, anti-discrimination, and required public accommodation rules, such as those pertaining to service animals and accommodating other visitors with special needs.
Data Security[1]
The Washington Post labeled 2013 the "Year of Cybersecurity," and with good reason: Edward Snowden and massive retail data breaches (among other developments) have ensured that cybersecurity issues remained in the fore. The risks posed by criminals, state-sponsored actors, "hactivists," and corporate insiders (negligent and otherwise) are grave and continue to grow.
The cost, time, and frequency with which organizations must deal with resolving cyberattacks continue to rise year-over-year. Indeed, a recent Poneman Institute report found that the average annualized cost of cybercrime incurred by the United States-based organizations surveyed exceeded $11.5 million—a 78 percent increase over the past four years. According to the report, surveyed organizations collectively experienced an average of 122 successful attacks per week, up from 102 in 2012. The number of cybersecurity events is not only increasing, but such events are increasing in complexity as well.
Large companies are not the only targets of cyberattacks. One recent study reported that, of 1,200 companies with less than $10 million in annual revenue surveyed, 55 percent had experienced the loss or theft of sensitive data. In addition, data breaches are increasingly triggering civil litigation—typically putative class actions—brought by persons allegedly harmed by the breach.
Undoubtedly, the most effective approach to the risks posed by a data breach is to prevent one from occurring in the first place. Organizations should routinely conduct privacy and risk assessments that involve:
- identifying the scope of the risk, including systems and processes;
- identifying and documenting potential threats and vulnerabilities to in-scope systems and processes;
- assessing the adequacy of current security controls;
- determining the likelihood of threat occurrence;
- determining the potential impact of threat occurrence; and
- determining the level of risk.
Once that process is complete, the organization can:
- identify additional security measures to mitigate risks to an acceptable level;
- monitor the progress of mitigation;
- develop policies and procedures and/or review current policies and procedures; and
- train employees on security issues.
Despite the best security efforts, a breach can still occur. When a security incident does occur, employers should be ready to respond quickly and efficiently to review and comply with all applicable legal requirements, which may include:
- preserving digital evidence;
- conducting a forensic analysis of implicated data;
- determining the source of the breach and preventing future loss;
- analyzing the relevant notification requirements;
- preparing notifications through trusted notification agencies;
- negotiating with government agencies and local law enforcement;
- defending against government investigations and litigation; and
- defending class actions brought on behalf of individuals whose personal information may have been compromised.
For additional information regarding this quickly evolving legal minefield, please do not hesitate to contact Epstein Becker Green's Data Breach/Cybersecurity Prevention and Response Team.
Social Media in Hiring
Another hot topic for retailers is the use of social media in the hiring process (both on the recruiting and screening sides). A recent study by Carnegie Mellon University found that between 10 percent and one-third of companies used social media early in the hiring process. Another study by SHRM (the Society for Human Resource Management) found that 77 percent of private employers frequently consulted social media in the hiring process.
On the recruiting side, retailers that use social media to recruit should be aware of certain demographic concerns. According to a 2011 Pew Research Center report, 85 percent of LinkedIn users, 78 percent of Facebook users, and 71 percent of Twitter users were white. Similarly, only 4 percent of LinkedIn users, 6 percent of Facebook users, and 4 percent of Twitter users were over 65 years of age. If the majority of your recruiting is done though these social media sites, consider how it will impact the characteristics of your applicant pool and, therefore, your eventual employee pool.
On the screening side, the use of social media has become almost the new norm. While employers should take care to ensure that social media is not being used to discriminate, employers that are not using social media may be missing out on a valuable tool to determine if a candidate is the right fit for their work environment.
There are various opinions about the extent to which social media should play a role in hiring decisions. Some believe that social media should not be used at all in hiring decisions due to the risk of obtaining legally protected information in connection with viewing such accounts. For example, "Googling" an applicant may reveal that she is pregnant or active in a labor union. Using this information as a basis not to hire her would be unlawful. On the other hand, failure to use social media can cause an employer to overlook publicly accessible information to which customers and other employees will all have ready access. Given these competing concerns, employers may wish to designate a non-decision-maker (e.g., a Human Resources representative or even a third-party provider) to review applicants' social media accounts and other publicly available information and report any relevant information to the hiring manager, who can then consider that information as part of the hiring process.
In any event, it is generally not recommended to require applicants to provide his or her Facebook or other online profile password in connection with his or her application. In fact, such a requirement is unlawful in several states, including California and New Jersey. Some state laws also prohibit "shoulder surfing" whereby an employer requires an applicant to go to his or her Facebook account so that the hiring manager can view it.
If your organization does not have a policy or practice regarding the use of social media in the hiring process—even if an "official" policy is not desired—the above factors should be considered and addressed, and the organization should create a game plan going forward.
[1] This section was prepared by Patricia M. Wagner, a member of Epstein Becker Green's Data Breach/Cybersecurity Prevention and Response Team.
People
- Member of the Firm
- Board of Directors / Member of the Firm
- General Counsel / Chief Privacy Officer