Compliance Corner [April 2025]
Here is what is new in
April 2025
Updates to AI Compliance Requirements
Balancing DEI Requirements
Recent Effects of the New Administration
No BOIs Allowed
2 More Paid Leave States Added
I-9 Update
Simplification of ACA Reporting? Not so much…
California Investigating Location Data Industry
The Cost of Not Protecting Data
The Problem of Not Obtaining Data
New Formal Ohio Pay Record Requirement
AI Compliance Requirements Continue…
Despite the fact that a number of guidance documents regarding AI have been removed from some federal agency websites (espec. EEOC and DOL) because of the roll-back of the “responsible AI” program, many AI regulations are still in place in both the federal government and state governments, with which compliance is still required, particularly in employment law. Because the federal emphasis is now on AI dominance, it is expected that the states – and perhaps local jurisdictions as well – will move to “fill the gap.” Therefore, the counsel from “those in the know” is that employers should continue any AI compliance programs they have already started so they do not have to start from scratch when a new requirement pops up.
…But Some DEI Requirements Don’t
Equal opportunity is still the law – that has not changed. What has changed is the legality of certain preferences. Presently, employers are faced with a balancing act regarding DEI. Many provisions of federal law, including Executive Order 11246, have been repealed in favor of a return to merit-based employment decisions, but fairness must still be maintained. Regarding DEI, that advice from a panel from the “Meltzer Center for Diversity, Inclusion and Belonging” is not to say too much or too little. Examples are the following:
Saying too much includes statements that say or imply that an organization supports Preferences for Protected classes that can provide a “Palpable benefit” (their so-called “3 P’s”) in hiring, promotion or placement can fun afoul of the new regulations. Similarly, statements about recruiting specifically at minority schools or for candidates “from underrepresented racial or ethnic backgrounds” can be interpreted to imply reverse discrimination. Safer statements would be that the company recruits at diverse colleges; or that it strives for a diverse mix of candidates but that all employment decisions are made without regard to race, sex, or other protected characteristics; or that it looks for candidates of any background who will advance its culture of diversity, equity, and inclusion. On the other hand,
Saying too little includes failing to state that equitable treatment of all employees and providing equal opportunities are key principles or values of the company. Stating aspirational goals of the company is also considered safe territory.
Based on their title, the “Meltzer Center” has a view of DEI that may be more favorable than others might be. It is incumbent upon employers to determine how best to treat their employees fairly and equitably, avoiding bias in either direction. One suggestion is to develop a written statement about how the company supports/approaches equitable treatment and how that commitment influences its practices relating to outreach, recruitment, onboarding, retention, and promotion.
Managers who are not normally involved with compliance issues must also be made aware of what they can and cannot say in this regard. In the meantime, the dispute continues: a Maryland judge enjoined at least some provisions of the Executive Order banning DEI programs in February, but that ruling was just overturned on appeal. And so it goes….
The bottom line is that discrimination of any kind in either direction is illegal, plus it is harmful to the well-being of any organization, and we want all partners of VBS to conduct their business safely and successfully. In the meantime, 16 states are disputing the EO and may enact their own ordinances.
Effects of the New Administration
EEOC Drops Gender Identity Bias Lawsuits
In concert with the new Administration’s directive and subsequent guidance from OPM, EEOC has requested that at least six of its pending lawsuits based on gender identity discrimination be dismissed.
Possible Presidential Oversight for Independent Regulatory Agencies
President Trump has signed an Executive Order that Independent Regulatory Agencies, such as the NLRB, EEOC and possibly others, be subject to more oversight from the White House on budgetary and regulatory matters. It also would limit the legal positions they can take. Legal challenges are expected, so it will be interesting to see how that develops.
DoorDash Shut
DoorDash in New York will pay $16.75 million to settle a claim that the company used the tips given to delivery personnel to subsidize their base pay. Their manipulation counted the tip against their base pay; the company would then pay whatever part of the base that was not covered by the tip. This settlement covers approximately 63,000 delivery personnel for the period of May 2017 through September, 2019, and includes a restructuring of their pay scheme and transparent communication thereof.
10 Things Employers Should Know about OSHA
1 – Walkaround Representatives
Employers and employees have the right to have representatives present during an OSHA site inspection. No specific qualifications are required for employer or employee representatives who are employed by the employer.
2 – Be Present in Manager Interviews
OSHA has the right to interview folks as part of an investigation. Whether a company representative and the company attorney can also attend an interview depends on the position of the person being interviewed: If the person to be interviewed is a non-managerial employee, OSHA can conduct the interview in private, outside the presence of the employer or the employer’s representatives. However, if OSHA wants to interview a management-level employee, the employer has the right to have a company representative and/or attorney present.
3 – Employees Have Rights When It Comes to OSHA Interviews
Although OSHA has the right to conduct private, one-on-one interviews with a company’s non-managerial employees, those same employees have rights too, including the following:
a. The right to refuse to participate in an interview with OSHA;
b. The right to end the interview at any time;
c. The right to refuse to allow OSHA to audio or video record the interview;
d. The right to refuse to sign a written statement created by OSHA (but if the employee refuses to sign it, the investigator may not give you, the employer, a copy of it);
e. The right to refuse OSHA’s request for private contact information (i.e., they do not have to give OSHA their private telephone number or email);
f. The right to demand an interpreter if English is not their primary language;
g. The right to request that a union representative be present during the interview, if applicable;
h. The right to request that the employee’s own personal attorney be present during the interview; and
i. The right to have the interview conducted at the employer’s workplace.
4 – OSHA Must Issue a Citation Within Six Months
OSHA has a time limit on issuing citations. It must issue a citation within six months of the occurrence of any violation. The only exception to this rule is where the employer has concealed the violative condition or misled OSHA. In that case, OSHA must issue the citation within six months from the date that OSHA learns, or should have known, of the condition.
5. – OSHA Can Issue Citations for Unsafe Work Conditions That Have Not Resulted in an Employee Injury
Most frequently, employers do not hear from OSHA unless there is a reported workplace injury. When a reported workplace injury occurs, OSHA performs a walkthrough inspection of the worksite and may ultimately issue a citation for hazardous conditions OSHA believes may have caused or contributed to the incident. However, OSHA is not limited to issuing citations for hazardous conditions that may have caused or contributed to a workplace injury. Rather, OSHA can cite employers for any and all hazardous conditions to which workers may have been exposed regardless of whether the cited condition was in any way related to the incident.
6. – But No One Was There? OSHA Can Still Cite for Unsafe Work Conditions Where Workers Were Not Exposed
Employers sometimes say, “OSHA can’t cite me because I didn’t employ the injured worker.” Unfortunately, this statement is often untrue. Under OSHA’s Multi-Employer Doctrine, employers on a worksite where other companies are also performing work (e.g., construction sites and oil/gas well sites), can be subject to citation for workplace hazards to which other companies’ employees are exposed. OSHA created this Multi-Employer Doctrine in recognition that there are many circumstances in which multiple employers will be working on a single worksite at the same time thereby affecting the working conditions to which all workers are exposed.
7 – OSHA Can Issue Citations for Unsafe Work Conditions That Do Not Violate Any Specific OSHA Standard
Many employers have a false notion that OSHA cannot issue a citation if there is no specific standard violated. The reality is that OSHA has a catchall/gap filler provision that allows it to cite an employer even if no specific standard was violated: the “General Duty Clause,” Section 5(a)(1) of the Occupational Safety and Health Act. OSHA can cite employers for violations of the General Duty Clause if a recognized serious hazard exists in the workplace and the employer does not take reasonable steps to prevent or abate the hazard. The General Duty Clause is used only where there is no standard that applies to the particular hazard.
8 – Employers Have 15 Working Days to Contest a Citation but Have the Option to Negotiate a Settlement with OSHA Before That Deadline
If OSHA issues a citation and the employer does not agree with any or all of it, they have 15 working days from the date they receive the citation to contest the citation in writing, the proposed penalty, and/or the abatement date.
9 – The Particulars on OSHA Violations: Required Notice Contents
According to Section 9(a) of the Occupational Safety and Health Act, an OSHA citation must include citation(s) that “describe with particularity the nature of the violation, including a reference to the provision of the Act, standard, rule, regulation, or order alleged to have been violated.”
This statutory mandate is designed to ensure that OSHA properly informs employers of alleged violations so they can correct hazards promptly and avoid unnecessary litigation. However, the Occupational Safety and Health Review Commission and the courts have consistently interpreted this requirement to mean that citations need only provide employers with “fair notice” of the violation. In other words, as long as an employer is put on notice that a particular condition may violate OSHA standards, additional specifics can be obtained through discovery. As a result, OSHA often issues citations with broad language rather than granular detail.
10 – Unlocking the Secrets of OSHA Inspections Through FOIA Requests
Employers can request files from OSHA. Under the Freedom of Information Act (FOIA), employers, employees, and third parties have the right to request documents from OSHA’s inspection files. These records provide valuable insight into the evidence and reasoning behind OSHA’s decisions, including citations issued during site inspections. They can also be critical in legal proceedings, including lawsuits related to workplace safety.
No BOIs Allowed
On March 2, the Treasury Department announced that it was no longer requiring the infamous Beneficial Ownership Information (BOI) report that has been required by FinCEN under the Corporate Transparency Act (CTA). Treasury will rework the requirement to apply to foreign-reporting companies and businesses that pose “the most significant law enforcement and national security risks,” they said.
2 More Paid Leave States
Alaska and Nebraska are the two most recent states to enact employee paid leave laws. The Alaska law will be effective July 1, 2025, and that of Nebraska will be effective October 1, 2025.
I-9 Update
In 2024, DHS and USCIS released a new version of the I-9 form, along with new regulations for its completion. The latest version is available on the USCIS website at https://www.uscis.gov/sites/default/files/document/forms/i-9.pdf.
Fines for incorrect forms were doubled and can range from $272 to $2710 per incorrect form. Investigations by ICE have increased in number as well, given what they have been up against, so ensuring accurate compliance is strongly recommended.
Simplification of ACA Reporting? Not So Much…
The so-called “Employer Reporting Improvement Act” allows for the electronic delivery of the ACA form 1095-C to employees, but the “strings” attached have actually made it more complex because of the recordkeeping requirements. Paper forms must be requested by employees and then delivered by the later of January 31 or within 30-days of the request. Request, eligibility, delivery and change request data must now be retained for 6 years, (the duration of the employer’s liability for the “Shared Responsibility Penalty”) so that the employer can respond to any penalty notices received during that time.
Employers in California, New Jersey, Rhode Island and the District of Columbia are still required to furnish the paper form 1095-C to employees. The federal law does not change that requirement.
California Investigating Location Data Industry
The Office of the Attorney General of California is conducting an “investigative sweep” into the location data industry in connection with the California Consumer Privacy Act (CCPA). The Federal Trade Commission obtained consent orders from 4 data brokers/aggregators, and there is new legislation being proposed in CA to protect residents’ location data from exposure to telemarketers, etc. The California Consumer Privacy Act (CCPA) mandates that residents be able to opt out of sharing private data, including location, and the methods used by those location aggregators were not in compliance.
The Cost of Not Protecting Data
Eyeglass manufacturer Warby Parker has been fined $1.5 million for failure to protect customer records. Health information on approximately 200,000 individuals was compromised in a cyberattack via “credential stuffing” (the large-scale automated use of stolen credentials to access additional systems).
TRICARE health benefits program administrator Health Net Federal Services Inc. (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to the Department of Justice to settle claims that HNFS falsely certified compliance with cybersecurity requirements under a contract with the Department of Defense. It appears that no actual losses occurred as a result of the falsification, but service members were jeopardized nonetheless.
The California Privacy Protection Agency (CPPA) has settled with American Honda Motor Co. for “multiple violations of consumer rights.” The investigation by the CPPA started in 2023 covering the overall vehicle industry and their handling of consumer data. Honda in particular was found to be in violation of four different aspects of their customers’ rights: (1) they required excessive personal data; (2) their online privacy rights platform made it easy “for consumers to opt into data sales” but made it difficult for them to opt out; (3) they failed to “provide a user-friendly process for consumers to authorize third parties, known as “authorized agents,” to exercise privacy rights on their behalf”; and (4) Honda “failed to produce contracts with its ad tech providers that included the required privacy safeguards.” As a result of the foregoing, Honda agreed to pay a fine of $632,000. In addition, Honda is required to implement 8 different changes/improvements to its security and privacy management systems and policies.
The Problem of Not Obtaining Data
Employers are still liable for ensuring non-discrimination in their policies and workplaces, so despite the order against DEI and the repeal of EO11246, the obligation to obtain employee data is still very relevant. The “Uniform Guidelines on Employee Selection Procedures” (UGESP) are still in effect and are useful for a variety of employment measures and practices – including defense of same. State and local employment requirements have not changed, so the data gathered in what have been normal employment processes are still very relevant. A new wrinkle is that those data can serve as a double-check on decisions made by AI systems in order to prevent inadvertent discrimination.
New Formal Ohio Pay Record Requirement
The new Ohio requirement fulfills one that is probably already being met by employers (certainly those using a payroll processing company): that of providing a record of employees’ pay, deductions, pay rate, hours worked, etc. for each pay period.