TABLE OF CONTENTS
Compliance Issues Inherent in Bring-Your-Own-Device Programs
DOL Issues Proposed Rule on Government Contractor Minimum Wage
Play or Pay Final Regulations Offer Transition Relief and Compliance Guidance
Employment Law Update
Compliance Issues Inherent in Bring-Your-Own-Device Programs
By: Joshua L. Schwartz
Employees use their own smartphones and tablets to perform a variety of work-related tasks. Even in companies that do not explicitly condone the use of personal devices for work use, employees often connect their devices to work systems. This increased use of personal devices in the workplace has brought with it a host of legal issues. Devices containing corporate or personal data can be lost or stolen. Viruses can infect corporate systems. Employees can use their devices to violate policies or company contracts. As a result, many companies have instituted formal bring-your-own-device (BYOD) programs to set expectations and ground rules for use of these devices. While there is no specific “best practice” when it comes to setting rules, this article will provide some basic considerations and strategies.
Security
The biggest risk to companies from BYOD is a potential breach of security. When a device is lost or hacked, not only is the company’s own sensitive information at risk, but the loss may also breach confidentiality obligations that the company owes to third parties. Employers may choose to implement mobile device management (MDM) tools to manage risk in this area, including mandatory registration of employee devices, mandatory use of password protection, encryption for data sent through the corporate network, and remote wiping in the event a device is lost. Depending on the sophistication of an IT department, this may also limit the number of supported devices, and employees should obviously be made aware of such limits before purchasing any device.
An effective BYOD policy should also contain clear instructions on what activities are permitted on devices that have access to corporate information systems. Keep in mind that tools such as Siri or other standard smartphone applications retain instructions and information in the cloud for up to two years even if employees are not intentionally backing up to a cloud-based service. In addition, employees may be required to give their passwords over to an Apple store technician or even leave their devices overnight on some occasions. Employers, therefore, may want to take precautions to prevent sensitive information—especially information protected by HIPAA, financial regulations, or other state or federal law—from being downloaded into a device in the first place, or at least ensure that it is walled off from other information. Employers may also set rules limiting access of certain websites, backing up work-related information to cloud-based private services, letting friends or family use work devices, or connecting to work through unsecured wireless networks.
Consent
Consent is a key component to any BYOD program. Employees should understand that employers have the right to access, review, and delete data on their personal devices and that they have no expectation of privacy if they choose to use their devices for work purposes. At the same time, there are limits to what employers can monitor. Federal and state laws prohibit unauthorized access to certain electronically-stored information, including Social Security or driver’s license numbers, and other personally identifiable information. Employers must also never install anything on an employee’s personal device without first obtaining consent. All notices and requests for consent should be clearly written and should cover all potential needs an employer might have to access data on the device.
Litigation and Discovery
One of the reasons employers may need to gain access to personal devices is to comply with court orders or discovery requests. Organizations cannot object to producing information stored on personal devices on the basis that they have become comingled with an employee’s personal information. To the extent possible, employers should adopt procedures to separate work and personal data at the outset, ensuring that work data (and only work data) is periodically backed up.
Other Legal Compliance Issues
This article will not address each and every challenge that might arise from a BYOD program. Nonetheless, beyond the right-of-access issues described above, any BYOD policy should include provisions addressing the following issues:
- Consider the tax consequences of reimbursements for devices, and make sure employees are aware of these consequences.
- Consider who will be responsible for lost or stolen devices and who will be responsible for malware or virus attacks associated with an employee’s device. Relatedly, consider what kind of IT support the company will provide to personal devices in the event of malfunction.
- Make clear that policies concerning harassment and discrimination apply equally to conduct over mobile devices.
- Prohibit nonexempt employees from performing work “off the clock.” Keep in mind that any work conducted on a personal device counts as “hours worked” for purposes of the Fair Labor Standards Act.
- Review the scope of software licenses before permitting employees to access the software from their personal devices. Some licenses limit access and use to devices owned by the company. By the same token, ensure that employees are not inappropriately using third-party software they download on their own for business use if only noncommercial use is permitted.
- Prepare for an employee’s departure from the company. If an employee’s device contains sensitive information, obtain advance consent to wipe this information before discharge. Of course, if the employees’ device is subject to a legal hold as part of ongoing litigation, preserve any necessary information before wiping the device.
BYOD programs create significant risks for companies and require investment in technology to mitigate those risks. Failure to create clear policies regarding use of personal devices, however, can lead to even bigger risks. Once you have determined the contours of your BYOD plan, we can work with you to draft clear policies and procedures for a successful and efficient program.
DOL Issues Proposed Rule on Government Contractor Minimum Wage
By: Jennifer Craighead Carey
On June 18, 2014, the U.S. Department of Labor issued a Notice of Proposed Rulemaking to implement President Obama’s February 12, 2014 Executive Order establishing a minimum wage for government contractors.
By way of background, on February 12, 2014, President Obama signed Executive Order 13658 to raise the minimum wage to $10.10 per hour for all workers on federal construction and service contracts. The President claims that increasing wages will lower turnover, increase morale, and lead to higher productivity on federal contracts. As part of his Executive Order, the President directed the Department of Labor to issue regulations implementing the Order.
The proposed rule clarifies the types of contracts subject to Executive Order 13658. Specifically, the minimum wage would apply to all contracts issued or awarded on or after January 1, 2015 if the contracts fall under the following criteria:
(1) The wages of the employees fall under the Fair Labor Standards Act (FLSA), the Service Contract Act (SCA), or the Davis-Bacon Act (DBA); and
(2) The contract falls into one of four categories:
(a) a procurement contract for construction covered by the DBA;
(b) a procurement or non-procurement contract exceeding $2,500 that is subject to the SCA;
(c) a contract for concessions, including those excluded under the SCA; or
(d) a contract in connection with federal property or lands and related to offering services for federal employees, their dependents, or the general public.
The Executive Order and the proposed rule exclude from coverage certain types of contractual agreements, including grants, any construction procurement contracts that are not subject to the DBA (i.e. construction procurement contracts under $2,000), and service contracts exempt from SCA coverage. The Executive Order also does not apply to contracts for the manufacturing or furnishing of material, supplies, articles, or equipment to the federal government.
The proposed rules further clarify that all employees of a contractor who perform work on the contract or provide support work for the contract would be subject to the minimum wage. The proposed rules also make clear that workers cannot waive their rights under the Executive Order. And, importantly, covered contractors would be required to include the minimum wage contract clause in every subcontract and require that subcontractors include the clause in any lower-tiered subcontract as a condition of payment.
The final regulations are expected to be published in October of 2014.
Play or Pay Final Regulations Offer Transition Relief and Compliance Guidance
By: David J. Ledermann
With publication of final regulations under the Affordable Care Act’s employer mandate (“play or pay”), the Internal Revenue Service has made available certain transition relief to ease the burden on employers during the first years of the mandate’s operation. The regulations also provide guidance concerning various compliance issues arising in connection with the mandate. The guidance includes assistance for employers who engage workers under arrangements with temporary staffing agencies and for academic employers with respect to their adjunct faculty, as well as additional guidelines for other mandate-related rules.
Transition Relief from Play or Pay
Under play or pay, as originally promulgated (and once fully implemented), employers with 50 or more full-time employees (or “full-time equivalent employees,” after taking into account hours worked by part-time personnel) must provide health plan coverage to at least 95 percent of their full-time employees and their dependents or risk liability for penalties. A full-time employee is one who works an average of 30 hours or more per week. The mandate was initially to become effective January 1, 2014, but was delayed a full year pursuant to IRS guidance announced last July.
The final regulations provide that employers of between 50 and 99 full-time equivalent employees, based on their 2014 head count, may be exempt from the employer mandate in 2015, as well. To qualify for the exemption, an organization must employ on average fewer than 100 full-time equivalent employees on business days during 2014. Additionally, the employer must certify in writing by early 2016 that it did not reduce the size of its workforce or its employees’ overall working hours, other than for business reasons unrelated to the exemption, and that it did not eliminate or materially reduce the health coverage, if any, previously offered to the organization’s employees. A material reduction includes any reduction in the percentage of the premium the employer pays or more than a five percent reduction in the dollar amount of the employer’s premium contribution. Organizations qualifying for exemption from the employer mandate in 2015 will only become subject to it beginning in 2016.
While the employer mandate will be effective in 2015 for employers with 100 or more full-time equivalent employees, the final regulations nevertheless offer a measure of relief to these organizations. Specifically, the minimum percentage of full-time employees who must be covered by the employer’s health plan in 2015 will be 70 percent instead of 95 percent. Additionally, if the organization did not offer dependent coverage for 2013 or 2014, penalties forfailing to offer coverage to the dependents of full-time employees in 2015 will generally not apply. The final regulations confirm that employees’ spouses, foster children, and stepchildren can be excluded from health plan coverage even in years after the transition relief expires.
That being said, meeting the 70 percent coverage threshold in 2015 will not necessarily relieve a large employer from penalties, particularly if the coverage is not “affordable” or does not provide “minimum value,” as defined under previously released IRS guidance. The penalties, however, will generally be less than—and can never exceed—the penalty amount for failing to offer coverage to the minimum threshold percentage of full-time employees. Beginning in 2016, the minimum threshold percentage increases from 70 percent to 95 percent.
Staffing Agency Employees
An organization that utilizes the services of individuals engaged through a temporary help or other staffing agency may need to include those individuals as its own employees for purposes of the play or pay rules. If the client organization is the common law employer (generally the case if the organization has the right to direct and control the individual’s performance), health plan coverage offered to an individual by the staffing agency may be deemed the client’s offer of coverage. For the client organization to be treated as having made an offer of coverage, the organization must be required to pay a higher fee for the services of an individual who is enrolled in the staffing agency’s health plan than the organization would pay for an individual not enrolled in the agency’s plan.
Adjunct Faculty Hours
The final regulations also include guidance regarding how colleges and universities that employ adjunctfaculty determine the status of these individuals for purposes of the play or pay rules. Acknowledging the difficulties inherent in counting service hours for adjunct faculty members, the IRS stated that it will allow, until further guidance is issued, crediting hours of service for an adjunct faculty member of 2.25 hours per week for each hour of scheduled classroom time, plus one hour per week for each additional hour outside the classroom performing other required duties (such as maintaining office hours, attending faculty meetings, etc.). While another reasonable method may be used to count an adjunct faculty member’s hours, this method is offered as a “safe harbor,” which the IRS will not challenge.
Importantly, the 2.25 safe harbor multiplier includes hours spent in the classroom, not in addition to them. For example, an adjunct faculty member with nine hours per week of scheduled classroom time would be credited, using this method, with 20.25 hours of service for the week attributable to those nine hours of classroom time (9 x 2.25 = 20.25). If this same faculty member is also required to maintain at least five in-office hours per week, those hours would be added to the hours attributable to classroom time, for a total of 25.25 hours of service per week. Thus, the adjunct faculty member in this example would not be deemed a full-time employee for purposes of the employer mandate.
Other Issues Addressed
The final regulations provide new guidance on many other issues, including further elaboration of the detailed guidance previously released on methods for determining the full-time or part-time status of variable-hour employees. Among other topics, the guidance discusses transition relief, enabling employers to utilize a measurement period in 2014 of as little as six months to establish a 12-month stability period in 2015 during which employees determined to be part-time (based on the measurement period) may be excluded from coverage without exposing the employer to potential penalty liability. Other parts of the guidance concern how to treat seasonal employees, the crediting of hours for on-call employees, rules governing status determinations for rehired employees and employees with a break in service from employment, and safe harbors for establishing whether employer-provided coverage is affordable for purposes of the play or pay rules.
Though not as accommodating as some would have liked, the final regulations offer employers welcome assistance on a number of significant compliance questions, while providing at least temporary relief from some of the Affordable Care Act’s more onerous requirements.
Employment Law Update
By: Jennifer Craighead Carey, David J. Ledermann and Joshua L. Schwartz
In this issue:
Compliance Issues Inherent in Bring-Your-Own-Device ProgramsDOL Issues Proposed Rule on Government Contractor Minimum WagePlay or Pay Final Regulations Offer Transition Relief and Compliance Guidance
Compliance Issues Inherent in Bring-Your-Own-Device Programs
By: Joshua L. Schwartz, Esquire
Employees use their own smartphones and tablets to perform a variety of work-related tasks. Even in companies that do not explicitly condone the use of personal devices for work use, employees often connect their devices to work systems. This increased use of personal devices in the workplace has brought with it a host of legal issues. Devices containing corporate or personal data can be lost or stolen. Viruses can infect corporate systems. Employees can use their devices to violate policies or company contracts. As a result, many companies have instituted formal bring-your-own-device (BYOD) programs to set expectations and ground rules for use of these devices. While there is no specific “best practice” when it comes to setting rules, this article will provide some basic considerations and strategies.
Security
The biggest risk to companies from BYOD is a potential breach of security. When a device is lost or hacked, not only is the company’s own sensitive information at risk, but the loss may also breach confidentiality obligations that the company owes to third parties. Employers may choose to implement mobile device management (MDM) tools to manage risk in this area, including mandatory registration of employee devices, mandatory use of password protection, encryption for data sent through the corporate network, and remote wiping in the event a device is lost. Depending on the sophistication of an IT department, this may also limit the number of supported devices, and employees should obviously be made aware of such limits before purchasing any device.
An effective BYOD policy should also contain clear instructions on what activities are permitted on devices that have access to corporate information systems. Keep in mind that tools such as Siri or other standard smartphone applications retain instructions and information in the cloud for up to two years even if employees are not intentionally backing up to a cloud-based service. In addition, employees may be required to give their passwords over to an Apple store technician or even leave their devices overnight on some occasions. Employers, therefore, may want to take precautions to prevent sensitive information—especially information protected by HIPAA, financial regulations, or other state or federal law—from being downloaded into a device in the first place, or at least ensure that it is walled off from other information. Employers may also set rules limiting access of certain websites, backing up work-related information to cloud-based private services, letting friends or family use work devices, or connecting to work through unsecured wireless networks.
Consent
Consent is a key component to any BYOD program. Employees should understand that employers have the right to access, review, and delete data on their personal devices and that they have no expectation of privacy if they choose to use their devices for work purposes. At the same time, there are limits to what employers can monitor. Federal and state laws prohibit unauthorized access to certain electronically-stored information, including Social Security or driver’s license numbers, and other personally identifiable information. Employers must also never install anything on an employee’s personal device without first obtaining consent. All notices and requests for consent should be clearly written and should cover all potential needs an employer might have to access data on the device.
Litigation and Discovery
One of the reasons employers may need to gain access to personal devices is to comply with court orders or discovery requests. Organizations cannot object to producing information stored on personal devices on the basis that they have become comingled with an employee’s personal information. To the extent possible, employers should adopt procedures to separate work and personal data at the outset, ensuring that work data (and only work data) is periodically backed up.
Other Legal Compliance Issues
This article will not address each and every challenge that might arise from a BYOD program. Nonetheless, beyond the right-of-access issues described above, any BYOD policy should include provisions addressing the following issues:
- Consider the tax consequences of reimbursements for devices, and make sure employees are aware of these consequences.
- Consider who will be responsible for lost or stolen devices and who will be responsible for malware or virus attacks associated with an employee’s device. Relatedly, consider what kind of IT support the company will provide to personal devices in the event of malfunction.
- Make clear that policies concerning harassment and discrimination apply equally to conduct over mobile devices.
- Prohibit nonexempt employees from performing work “off the clock.” Keep in mind that any work conducted on a personal device counts as “hours worked” for purposes of the Fair Labor Standards Act.
- Review the scope of software licenses before permitting employees to access the software from their personal devices. Some licenses limit access and use to devices owned by the company. By the same token, ensure that employees are not inappropriately using third-party software they download on their own for business use if only noncommercial use is permitted.
- Prepare for an employee’s departure from the company. If an employee’s device contains sensitive information, obtain advance consent to wipe this information before discharge. Of course, if the employees’ device is subject to a legal hold as part of ongoing litigation, preserve any necessary information before wiping the device.
BYOD programs create significant risks for companies and require investment in technology to mitigate those risks. Failure to create clear policies regarding use of personal devices, however, can lead to even bigger risks. Once you have determined the contours of your BYOD plan, we can work with you to draft clear policies and procedures for a successful and efficient program.
DOL Issues Proposed Rule on Government Contractor Minimum Wage
By: Jennifer L. Craighead, Esquire
On June 18, 2014, the U.S. Department of Labor issued a Notice of Proposed Rulemaking to implement President Obama’s February 12, 2014 Executive Order establishing a minimum wage for government contractors.
By way of background, on February 12, 2014, President Obama signed Executive Order 13658 to raise the minimum wage to $10.10 per hour for all workers on federal construction and service contracts. The President claims that increasing wages will lower turnover, increase morale, and lead to higher productivity on federal contracts. As part of his Executive Order, the President directed the Department of Labor to issue regulations implementing the Order.
The proposed rule clarifies the types of contracts subject to Executive Order 13658. Specifically, the minimum wage would apply to all contracts issued or awarded on or after January 1, 2015 if the contracts fall under the following criteria:
(1) The wages of the employees fall under the Fair Labor Standards Act (FLSA), the Service Contract Act (SCA), or the Davis-Bacon Act (DBA); and
(2) The contract falls into one of four categories:
(a) a procurement contract for construction covered by the DBA;
(b) a procurement or non-procurement contract exceeding $2,500 that is subject to the SCA;
(c) a contract for concessions, including those excluded under the SCA; or
(d) a contract in connection with federal property or lands and related to offering services for federal employees, their dependents, or the general public.
The Executive Order and the proposed rule exclude from coverage certain types of contractual agreements, including grants, any construction procurement contracts that are not subject to the DBA (i.e. construction procurement contracts under $2,000), and service contracts exempt from SCA coverage. The Executive Order also does not apply to contracts for the manufacturing or furnishing of material, supplies, articles, or equipment to the federal government.
The proposed rules further clarify that all employees of a contractor who perform work on the contract or provide support work for the contract would be subject to the minimum wage. The proposed rules also make clear that workers cannot waive their rights under the Executive Order. And, importantly, covered contractors would be required to include the minimum wage contract clause in every subcontract and require that subcontractors include the clause in any lower-tiered subcontract as a condition of payment.
The final regulations are expected to be published in October of 2014.
Play or Pay Final Regulations Offer Transition Relief and Compliance Guidance
By: David J. Ledermann, Esquire
With publication of final regulations under the Affordable Care Act’s employer mandate (“play or pay”), the Internal Revenue Service has made available certain transition relief to ease the burden on employers during the first years of the mandate’s operation. The regulations also provide guidance concerning various compliance issues arising in connection with the mandate. The guidance includes assistance for employers who engage workers under arrangements with temporary staffing agencies and for academic employers with respect to their adjunct faculty, as well as additional guidelines for other mandate-related rules.
Transition Relief from Play or Pay
Under play or pay, as originally promulgated (and once fully implemented), employers with 50 or more full-time employees (or “full-time equivalent employees,” after taking into account hours worked by part-time personnel) must provide health plan coverage to at least 95 percent of their full-time employees and their dependents or risk liability for penalties. A full-time employee is one who works an average of 30 hours or more per week. The mandate was initially to become effective January 1, 2014, but was delayed a full year pursuant to IRS guidance announced last July.
The final regulations provide that employers of between 50 and 99 full-time equivalent employees, based on their 2014 head count, may be exempt from the employer mandate in 2015, as well. To qualify for the exemption, an organization must employ on average fewer than 100 full-time equivalent employees on business days during 2014. Additionally, the employer must certify in writing by early 2016 that it did not reduce the size of its workforce or its employees’ overall working hours, other than for business reasons unrelated to the exemption, and that it did not eliminate or materially reduce the health coverage, if any, previously offered to the organization’s employees. A material reduction includes any reduction in the percentage of the premium the employer pays or more than a five percent reduction in the dollar amount of the employer’s premium contribution. Organizations qualifying for exemption from the employer mandate in 2015 will only become subject to it beginning in 2016.
While the employer mandate will be effective in 2015 for employers with 100 or more full-time equivalent employees, the final regulations nevertheless offer a measure of relief to these organizations. Specifically, the minimum percentage of full-time employees who must be covered by the employer’s health plan in 2015 will be 70 percent instead of 95 percent. Additionally, if the organization did not offer dependent coverage for 2013 or 2014, penalties forfailing to offer coverage to the dependents of full-time employees in 2015 will generally not apply. The final regulations confirm that employees’ spouses, foster children, and stepchildren can be excluded from health plan coverage even in years after the transition relief expires.
That being said, meeting the 70 percent coverage threshold in 2015 will not necessarily relieve a large employer from penalties, particularly if the coverage is not “affordable” or does not provide “minimum value,” as defined under previously released IRS guidance. The penalties, however, will generally be less than—and can never exceed—the penalty amount for failing to offer coverage to the minimum threshold percentage of full-time employees. Beginning in 2016, the minimum threshold percentage increases from 70 percent to 95 percent.
Staffing Agency Employees
An organization that utilizes the services of individuals engaged through a temporary help or other staffing agency may need to include those individuals as its own employees for purposes of the play or pay rules. If the client organization is the common law employer (generally the case if the organization has the right to direct and control the individual’s performance), health plan coverage offered to an individual by the staffing agency may be deemed the client’s offer of coverage. For the client organization to be treated as having made an offer of coverage, the organization must be required to pay a higher fee for the services of an individual who is enrolled in the staffing agency’s health plan than the organization would pay for an individual not enrolled in the agency’s plan.
Adjunct Faculty Hours
The final regulations also include guidance regarding how colleges and universities that employ adjunctfaculty determine the status of these individuals for purposes of the play or pay rules. Acknowledging the difficulties inherent in counting service hours for adjunct faculty members, the IRS stated that it will allow, until further guidance is issued, crediting hours of service for an adjunct faculty member of 2.25 hours per week for each hour of scheduled classroom time, plus one hour per week for each additional hour outside the classroom performing other required duties (such as maintaining office hours, attending faculty meetings, etc.). While another reasonable method may be used to count an adjunct faculty member’s hours, this method is offered as a “safe harbor,” which the IRS will not challenge.
Importantly, the 2.25 safe harbor multiplier includes hours spent in the classroom, not in addition to them. For example, an adjunct faculty member with nine hours per week of scheduled classroom time would be credited, using this method, with 20.25 hours of service for the week attributable to those nine hours of classroom time (9 x 2.25 = 20.25). If this same faculty member is also required to maintain at least five in-office hours per week, those hours would be added to the hours attributable to classroom time, for a total of 25.25 hours of service per week. Thus, the adjunct faculty member in this example would not be deemed a full-time employee for purposes of the employer mandate.
Other Issues Addressed
The final regulations provide new guidance on many other issues, including further elaboration of the detailed guidance previously released on methods for determining the full-time or part-time status of variable-hour employees. Among other topics, the guidance discusses transition relief, enabling employers to utilize a measurement period in 2014 of as little as six months to establish a 12-month stability period in 2015 during which employees determined to be part-time (based on the measurement period) may be excluded from coverage without exposing the employer to potential penalty liability. Other parts of the guidance concern how to treat seasonal employees, the crediting of hours for on-call employees, rules governing status determinations for rehired employees and employees with a break in service from employment, and safe harbors for establishing whether employer-provided coverage is affordable for purposes of the play or pay rules.
Though not as accommodating as some would have liked, the final regulations offer employers welcome assistance on a number of significant compliance questions, while providing at least temporary relief from some of the Affordable Care Act’s more onerous requirements.
