1. When hiring a new employee (especially in management or sales), consider including language in the offer letter affirming that the employee has disclosed any restrictive covenants in effect from prior employers, and acknowledging that he/she will not bring any confidential documents, data, or information from previous employers to the company. Such language may protect the company from being sued if a new employee fails to disclose a restrictive covenant, or otherwise engages in a breach of duties owed to a prior employer.
2. If you are considering hiring a group of employees from a competitor, negotiate with each one separately wherever possible. In many states, employees (especially managers) owe a duty of loyalty to their employer. Acting as a go between or actively soliciting for a competitor while still employed with the prior company could raise legal issues. If you are looking to hire a team or group, it is best to hire the point person first, then once aboard that person can set out to recruit the remaining employees to come to your company (assuming that employee has no contractual restrictions on solicitation).
3. Develop a protocol for ensuring that high level departing employees do not download or otherwise misappropriate proprietary information. When notified of a resignation: (1) Conduct a review of work email for transmittal of information to personal email accounts; (2) Identify any suspicious use of removable USB devices; and (3) Conduct an exit interview that consists of asking the employee to affirm that all property has been returned, including all electronic devices and passwords.
4. Handbook policies on confidentiality and the return of company property are appropriate, but a breach of a policy is not actionable, and does not entitle the company to injunctive relief (i.e. an order requiring compliance). Consider requiring a confidentiality agreement for any employees who have access to important company data or property that could be harmful if disclosed to a competitor, and you may want back if not returned.
5. For key personnel, you may need more than a confidentiality agreement to protect the company’s interests. In those cases, consider the use of a non-compete and/or non-solicitation agreement (which can be coupled with the confidentiality portion into one document). A non-compete provision restricts the employee from working for a competitor for a certain period of time in a defined geographic area. Such covenants must be reasonable, and narrowly tailored to protect the client’s interests. A non-solicitation provision does not restrict the employee from working for a competitor, but restricts certain activities for that competitor, usually soliciting company customers or employees for a period of time. Like a non-compete provision, a non-solicitation covenant must be reasonable. For example, the restriction should only apply to customers with whom the employee actually had contact or access to confidential information, as opposed to a restriction from contacting all of the company’s customers.

Non-compete litigation is state specific and the laws can vary widely from state to state. For example, Texas allows reasonable restraints on competition, while California (and recently Massachusetts) outlaw such agreements. It is advisable to have any agreements reviewed for enforceability in the states where such agreements are likely to be enforced.

The NIST guide is divided into five basic categories (identify, protect, detect, respond, and recover) and provides useful worksheets to help identify important types of data. We have reviewed NIST’s guide and supplied an overview of the takeaways:

1. Know the Risks

Hackers and cyber criminals pose one kind of threat to data security, but environmental incidents and equipment failure can be equally devastating to the security of business information. Security threats can come from personnel within a business as well, so vet employees and provide security training.

1. Identify Data

The first step in any risk management plan is to identify what data needs to be protected and understand what vulnerabilities exist. Create a list of all the information a business uses (e.g. customer names, e-mail addresses, banking information, employee information, etc.) and know who has access to such information. Additionally, it is important to identify any vulnerabilities in a business’s systems. It is highly recommended that companies engage an outside consultant to conduct a mock attack to identify any system vulnerabilities.

1. Protect

NIST’s guide provides excellent recommendations on the use of encryption, securing wireless access points and installing network firewalls. However, the easiest and most often overlooked recommendation is to train employees on security policies and establish clear guidelines on how they can best protect business information.

1. Detect

While some security events are easily detectable, many are not. Businesses should consider implementing anti-virus software that is designed to detect intrusions. Additionally, it may be worthwhile to use a program that keeps a log of daily activity that occurs on the network. These logs may show trends that indicate an intrusion has occurred. An outside consultant can be a valuable tool in interpreting these trends as there may be a more serious problem that is not readily apparent.

1. Respond

It is critical that every business develop a response plan to be followed after a security event has occurred. Appoint a person who will implement the plan, include the contact information of all internal personnel who should be notified, as well as directions on how to quarantine infected systems, if necessary. Furthermore, many states require customer notification after a security event. Thus, it is important to know state notification laws and how to properly comply.

1. Recover

After a security event, it is important to evaluate the response procedures. Assess any weaknesses in the plan and make adjustments as needed. If possible, restore backed up data or implement a backup procedure for business data. Companies should also consider cyber insurance as part of any risk management plan.

The full guide can be found here: http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf.

Authors

Matthew J. Siegel
Matthew J. Siegel works in the Global Insurance Department, focusing his practice in the areas of insurance coverage, cyber and technology risks, electronic discovery, construction litigation, and commercial litigation. He also co-chairs the firm’s Privacy, Data and Cybersecurity Industry Team and is a… more

Email:msiegel@cozen.com
Phone: (215) 665-3703
Philadelphia

Taylor P. Widawski
Taylor is an associate in the firm’s Seattle office. Taylor’s practice focuses on litigation with an emphasis on technology and privacy related matters. Taylor has experience defending against consumer class actions as well as litigation involving software licenses and general business disputes. She… more

Email:twidawski@cozen.com
Phone: (206) 224-1285
Seattle

1. Compliance with Chapter 22 of the Texas Labor Code: This law protects from discrimination employees who are absent because if an evacuation order. This law has certain exceptions, including emergency services personnel or those required to provide services for the general public during emergency situations. That said, companies who require such employees to work during a storm must provide emergency shelter.

2. Payment for Employees Who Are Absent Due to Weather: The FLSA treats exempt employees differently from non-exempt. Non-exempt employees must only be paid for actual hours worked. Exempt employees, however, must be paid if the work site is closed or unable to open because of weather for less than a full workweek.

3. On-Call/Waiting Time: Weather events often create unique circumstances that don’t fall neatly into existing policies. Employees may be stuck at work waiting for the weather to clear before they go home – is this compensable time? What if employees are on-call to return to the office after the storm has passed. Is this compensable “on-call time?”

4. Protected Leave Under FMLA: Disasters often create family issues, especially where there are elderly or sick family members who must be moved or cared for during such an event. These situations could trigger protection for absences under the FMLA.

5. Payday: No one wants to miss a paycheck. Make sure your company has a contingency plan in place to communicate with employees and maintain personnel functions like payroll and benefits processing even during a disaster.

Although the Obama administration’s effort will be largely symbolic, and have no legal effect, it is important as it may be the first in a series of steps to apply pressure to states or employers that allow restrictions on employee competition…

Click here for the full original article.

The Final Rule (RIN 1235-AA09) changes the definition of “spouse” in federal regulations, 29 C.F.R. §§ 825.102 and 825.122 (b). Under the new place of celebration test, if an employee was legally married in a state or country that recognizes same-sex marriages but moves to a state that does not, the employee’s marriage is still recognized and the employee can take FMLA leave to care for his/her spouse. This is a change from the prior “state of residence” test, which conditioned FMLA rights for same-sex couples on the law of the state in which the individual resides. This final rule takes effect on March 27, 2015.

The change has its roots in United States v. Windsor, 132 S. Ct. 2675 (2013), in which the Supreme Court struck down Section 3 of the Defense of Marriage Act (DOMA), which defined marriage as the union of a man and woman. After Windsor, employers needed to determine how to treat employees in same-sex marriages for purposes of federal taxes and various other federal employee benefits such as leave rights under the FMLA because many employee benefits are provided through the spousal relationship and state law on marriage equality differed.

In a revenue ruling shortly after Windsor, the IRS declared the state of celebration test would be used to define a marriage for federal taxes: meaning if a same-sex couple got married in a state that legally recognized their marriage, the couple will be considered married for purposes of federal tax laws regardless of whether they moved to a state where same-sex marriage is not recognized. This affected employee benefits as follows: (1) employers with group health plans had to cease imputing income to employees whose same-sex spouse participates in the plans (as employers had previously been required to do); (2) employers were required to allow employees to pay the premiums for their same-sex spouse’s coverage with pre-tax dollars (if other employees with opposite-sex spouses are permitted to do so); and (3) employers with qualified retirement plans needed to treat same-sex spouses as “spouses” for all purposes under their plan (e.g., the spousal consent requirements for beneficiary designations).

In contrast to the IRS and other federal agencies, for purposes of the FMLA, the DOL determined that an individual would only qualify as a same-sex spouse of an employee if the employee resides in a state that recognizes his or her marriage (i.e., the “state of residence” test). Because this test precluded couples who were legally married but moved to states that did not recognize their marriage from applicable rights, in June 2014, the DOL proposed regulations to modify its regulations to adopt the state of celebration test like the IRS. The proposed rule was published in the Federal Register June 27, 2014. The DOL noted that the proposed rule elicited 77 comments representing more than 18,000 individuals. The comments that came from the Human Rights Campaign, labor organizations, employer associations, and a group of 23 U.S. Senators overwhelmingly supported the change.

Today, 37 states and the District of Columbia have full marriage equality and six states have lower court decisions in favor of marriage equality, which are staying pending appellate court review. Additionally, the Supreme Court has accepted certiorari to review the 6th Circuit Court of Appeals decision which upheld same-sex marriage bans in Michigan, Ohio, Kentucky and Tennessee. As of June 2015, we will likely have more clarity nationwide on marriage equality.

The Bottom Line for Employers

For now, under the new rule, provided the employee was married in a state or country where same-sex marriage is recognized, and regardless of the state law in which the employee currently resides or works, an eligible employee will be allowed to take FMLA leave to care for his/her same-sex spouse with a serious health condition, take qualifying exigency leave due to his/her same-sex spouse’s covered military service, or take military caregiver leave for his/her same-sex spouse. If your FMLA policy simply provides for leave for a “spouse” and does not define spouse or improperly limit the definition of spouse, there is no need to change it. However, employers should make sure human resources personnel and managers understand this change and are providing all required leave for legally married same-sex spouses regardless of the law of the state in which the employee currently resides or works.

Auto Populate Could Be the Death of your Career

Computer software seems determined to become increasingly smarter so that it can help us. Just imagine that you start to type someone’s name and as it attempts to help you identify this contact, it accidentally brings up someone else with similar letters, or the first letter but to whom you most recently sent an e-mail. Meanwhile, you do not realize you just sent your biting gender based comment about your boss to her boss (Christina Smith) instead of your pal (Chris Smyth). Not only is it completely embarrassing and awkward, it could be seen as a violation of your company’s policy against harassment in the workplace. This auto populate snafu often happens when someone is forwarding an e-mail to a friend with some form of commentary or forwarding a joke they just received. Good business practice would suggest not forwarding any jokes and limiting your commentary to friends and/or co-workers via a conversation by telephone or in person the next time you see them.

Reply All is an All Together Dangerous Thing

Not only can a “reply all” make you look a bit foolish, but it can publish to everyone on that chain what you thought was a private comment to the original sender of the e-mail. Hot water may follow if your comment was about someone on the chain. It can also arise simply because multiple persons saw it and there are now numerous opportunities for someone to be offended, even if it was not about someone in the chain. Be mindful and aware of what you are doing and what you are saying. Not only could you accidently push “reply all” and become immediately embarrassed, but know that ANY e-mail sent or received on a company computer could be subject to later review or analysis by a company representative. This could also mean review by lawyers if an internal investigation is initiated or litigation arises. Note that the investigation or litigation need not even involve you but your e-mails may be revealed, and again, cause trouble for your career.

Think. Cool Down. And Then, Only Maybe, Do You Hit Send.

It is prudent to wait at least 24 hours before sending a letter that you wrote in anger or under any emotionally taxing situation (or better yet, wait 24 hours and never send it at all). Think of e-mails in the same way. One is well served to think of e-mails as if they are typed letters led for eternity. Given this permanence, it is also prudent to think of them as carrying the same force and eect of putting the proverbial “pen to paper” and sending a letter out for the entire company to see. Think about what you say and how you say it in an e-mail, and proceed as if it will be printed and placed in a le for some future use. Often, once the heat of the moment passes, a revised and much more professional e-mail is a better way to communicate for many reasons, including job security.

EUI = E-Mailing Under the Influence. Don’t Do It!

We’ve all heard stories about drunk dialing. These stories often follow a familiar pattern – funny for the audience, painfully embarrassing for the subject of the story: Freed by alcohol from the restraints of good judgment, someone picks up the phone to dial someone they shouldn’t to say something they would never repeat while sober. Nobody wants to be the subject of that kind of story. The same goes for drunk e-mailing. If you’ve been drinking – don’t e-mail – it is as simple as that! Science has taught us that our inhibitions are lowered with even a small amount of alcohol. With lowered inhibitions, certain things may be said(i.e., typed forever) that you may later regret, especially if you are in a management position. Indeed, jokes or joking around in emails are many times not as humerous from the recipient’s perspective as that of the writer’s who may be a bit(or a lot) tipsy. Comments, whether made  under the guise of kidding around, an inside joke, or even a comment that could be read two different ways, could be viewed as a request of some form of romantic or sexual favor in exchange for advancement or refraining from discipline or demotion. For example, a female manager, after a few glasses of wine at home could respond to a male assisant’s email that “I keep telling you, you need to loosen up. Let’s go out for happy hour tomorrow and try to loosen you up. You don’t want to know what will happen if you say no.” Just consider the possibilities of how this could be construed. The best way to avoid this problem is to put away the phone once work ends, and play begins.

Emails are Brief, But A Lot Can, and Are, Read Into Them

E-mails lack the context imparted by tone, or intonation, that convey the humor and sarcasm we are used to in our daily life. I rarely guarantee much, but I can guarantee three things when it comes to comments made by email. There will come a time when: (1) the humor or playful sarcasm that was meant to be relayed in an e-mail will not be heard by the person receiving the e-mail; (2) an abrasive tone or inappropriate sarcasm will be heard by the person receiving the email when nothing of the sort was intended by the writer; and (3) the difference in what someone wrote and someone heard will lead to problems, if not counseling and discipline, of one or more persons. No surprise, an e-mail gets someone in hot water again!

All federal contractors who do $10,000 or more in business with the federal government in a given year are prohibited from discriminating against an employee or applicant on the basis of sexual orientation or gender identity. The Executive Order requires the Office of Federal Contract Compliance Programs (OFCCP) to prepare regulations to implement the new rules within 90 days and all contracts entered into after those rules are effective must abide by the new rules. Employers who are or may be covered by this new Executive Order should now take steps to ensure their internal policies and manuals reflect the new requirements. The OFCCP expects to issue permanent regulations to enforce the Executive Order by early 2015.

Notably, President Obama rejected suggestions that he create additional exemptions for religiously affiliated contractors in the Executive Order he signed. The only exemption that exists was put in place by President George W. Bush and permits a religiously affiliated contractor to favor individuals of a particular religion when making an employment decision but does not excuse compliance with any other provision of the applicable Executive Order. Whether the Executive Order could and/or will be challenged by closely held, religiously affiliated contractors on the basis of the recent Hobby Lobby decision is an open question at this point.

Employers who contract with the federal government, or who are subcontractors to a federal contractor, should be aware of the president’s action and take this time to review their internal polices and OFCCP compliance practices. Additional information on the proposed regulations from OFCCP will be forthcoming when it is made available. The Executive Order that President Obama signed can be found here and the original Executive Order relating to the employment practices of federal contractors can be found here.

1) Can an employer require an employee to work during a mandatory evacuation? What if the employee does not come back and turns the evacuation into a vacation?

2) Is an employer required to pay employees who miss work because of weather events like a hurricane? Does it matter if they are exempt or non-exempt ?

3) Can an employer require employees to use accrued vacation time if the business is closed for a hurricane?

All of these questions, and more, are answered in Cozen O’Connor’s “HR Guide for Hurricane and Disaster Preparation”, which is linked here. It is important to note that this guide is primarily aimed at Texas employers. If your business operates in multiple states along the Gulf Coast, you should seek legal advice regarding the specific laws in each state which may apply.