By Danielle Kays and James Nasiri

Seyfarth Synopsis: On November 30, 2022, the Illinois Second District Appellate Court reversed the trial court’s grant of summary judgment in Defendant’s favor in a case entitled Mora v. J&M Plating, Inc. The lawsuit was initiated by a former employee of the Defendant metal finisher, alleging that Defendant violated the Illinois Biometric Information Privacy Act (“BIPA”) by collecting employees’ fingerprints without first implementing a written retention and destruction schedule for biometric data. The trial court initially dismissed Plaintiff’s claims but the Appellate Court reversed, finding that the BIPA requires employers to have a retention and destruction schedule in place before they possess any biometric data.

Background on Mora v. J&M Plating, Inc.

Defendant J&M Plating, Inc. hired Plaintiff Trinidad Mora in July 2014, and shortly thereafter, the company began having employees clock into work using a finger scanner. In May 2018, the company implemented a written retention and destruction schedule for biometric data. Plaintiff signed this policy, thereby consenting to the collection of his biometric identifiers (i.e., his fingerprints). Defendant subsequently terminated Plaintiff’s employment in January 2021, and pursuant to its written biometric policy, Defendant destroyed Plaintiff’s alleged biometric data approximately two weeks after his termination.

One month later, Plaintiff filed a class action lawsuit alleging that the company violated Sections 15(a) and (b) of the BIPA by collecting employees’ biometric data without first providing notice, obtaining informed consent, or issuing a retention and destruction policy.

The company initially secured dismissal of Plaintiff’s Section 15(b) claim for failure to obtain written consent before allegedly obtaining biometric information, as the trial court held this claim was time-barred under the applicable five-year statute of limitations because the claim first accrued in September 2014. Defendant later filed a motion for summary judgment on the Section 15(a) claim for failure to maintain a BIPA collection and retention policy, arguing that this Section does not contain a timing requirement and ultimately, Plaintiff’s biometric data was properly destroyed pursuant to a destruction and retention policy. The trial court granted summary judgment for the company, and Plaintiff subsequently appealed.

Illinois Appellate Court Reverses Trial Court’s Dismissal

On appeal, Plaintiff relied on the legislative intent behind the enactment of the BIPA to support his interpretation that covered entities must publish a written schedule before collecting or possessing biometric data. To that end, Plaintiff emphasized the Illinois Legislature’s goal of protecting individuals’ biometric privacy rights through the BIPA, and that the company had six years before Plaintiff was hired to comply with the Act (which was enacted in 2008).

The company responded that Section 15(a) contains no timing component, as its primary concern is to ensure that entities have policies in place to destroy biometric data once the purpose for which the data was collected has ended. Because the company had a retention and destruction schedule in place when Plaintiff’s employment ended (and consistent with BIPA, when the need for using Plaintiff’s data ended), the company argued that any harm suffered by Plaintiff was purely hypothetical.

The Appellate Court reversed the trial court’s decision, finding that the lower court incorrectly interpreted the relevant section of the Act. More specifically, the Appellate Court cited the plain language of Section 15(a), which provides that “[a] private entity in possession of biometric identifiers or biometric information must develop a written policy . . . .” The Court thus reasoned that the implementation of a written policy is triggered by the entity’s possession of biometric data.

The Appellate Court also looked to Section 15(b) to reinforce its holding, as this Section requires that entities obtain an individual’s informed consent before collecting biometric data. Finally, with respect to the company’s argument regarding Plaintiff’s lack of harm suffered, the Court relied on the Illinois Supreme Court’s Rosenbach decision to reason that actual harm is not required to file suit under the Act, as the BIPA was enacted for “preventive and deterrent purposes.” Accordingly, the Court reversed the grant of summary judgment and remanded the case for the trial court to reassess Plaintiff’s claims under Section 15(a).

Implications for Employers

Even in situations where, as in Mora, a company implements a written policy and properly destroys biometric data, a company defendant may be liable for failing to implement the policy before possessing such data. As a result, Illinois businesses should ensure that their biometric privacy practices are entirely in compliance with the Act before beginning to collect any sort of biometric data.

For more information about the Illinois Biometric Information Privacy Act and how this decision may affect your business, contact the authors Danielle Kays and James Nasiri, your Seyfarth attorney, or Seyfarth’s Workplace Privacy & Biometrics Practice Group.

By Ada Dolph, Annette Tyman, Danielle Kays, Sam Schwartz-Fenwick, Sara Fowler, and Tom Posey

About the Progam
A lot can change in a year, especially during an election year! On a national level, as well as a state and local level, there have been many recent labor and employment law changes and even more changes going into effect in 2023. Having (almost) made it to the end of 2022 and through mid-term elections, not only do employers need to be aware of changes in law, but there are also significant and important considerations for employers in the wake of the potential shifting political climate.

During this program we will be discussing important and significant changes in state and local law in the mid-west and beyond, perspectives on labor trends and the impact of the NLRB changes, government initiatives and enforcement around discrimination in the workplace, and the current status and possible future of abortion rights and reproductive healthcare laws. 

Join the Labor & Employment attorneys of Seyfarth Shaw as we take a look back on 2022 and all what’s to come in 2023, including:

Midwest State and Local Legal Updates and Changes in the Law
Traditional Labor Developments and Trends
Employment Discrimination – Federal Government Initiatives and Enforcement
Updates and Potential Future State of Abortion Rights and Reproductive Healthcare Laws

When and Where: Tuesday, December 6th, 2022, at 8:30 a.m. to 10:30 a.m.
Seyfarth Shaw LLP
233 S Wacker Drive, Suite 8000
Chicago, IL 60606
Register Here
If you have any questions, please contact Sarah Gschwind at sgschwind@seyfarth.com and reference this event.

By Minh N. Vu

Seyfarth Synopsis:  UC Berkeley and the DOJ resolve an 8-year investigation with a comprehensive Consent Decree that requires UC Berkeley to make virtually all the content on its online platforms accessible to people with disabilities within three years and adopt comprehensive policies and procedures to ensure accessible online content.

After eight years, the U.S. Department of Justice (DOJ) finally concluded its investigation into UC Berkley’s online content-related accessibility policies and practices with a 16-page Consent Decree that is awaiting approval by the federal court in the Northern District of California.  The investigation started in 2014 when the National Association of the Deaf (NAD) complained to the DOJ that free online courses, conferences, lectures, performances and other programming in audio or video formats offered by UC Berkeley did not have closed captioning.  NAD alleged that the failure to provide closed captioning violated Title II of the ADA which requires state entities to provide equal access to their services, programs, and activities.

The DOJ’s investigation expanded beyond access for people with hearing-related disabilities. The Consent Decree reflects this scope by requiring access to UC Berkley’s online content for people with all types of disabilities.  Although the Consent Decree is based on UC Berkeley’s obligations under Title II the ADA, it nonetheless provides a useful framework for private universities seeking to ensure their own website accessibility policies and procedures comply with Title III of the ADA.  We note, however, that a good compliance program does not have to be exactly like the one outlined in the UC Berkeley Consent Decree.

There is a lot to unpack in this Consent Decree, but here are some of the most significant takeaways:

  1. UC Berkeley must report to DOJ on the state of its compliance with the Consent Decree every six months during the Consent Decree’s 42-month long term.
  2. The Consent Decree covers the activities of the “Berkeley Entities”, defined as “the central administration of UC Berkeley and any UC Berkeley school, college, department, program, or academic unit.”  The Consent Decree specifically excludes individual students and student groups from coverage.
  3. The UC Berkeley platforms covered by the Consent Decree are:  (a) UC Berkeley’s Massive Online Open Course (“MOOC”) platform referred to as UC BerkeleyX; (b)  http://www.berkeley.edu/ (and any subdomain of www.berkeley.edu that may be accessed by the general public and that is controlled by a Berkeley Entity); (c) any podcast channel or account controlled by a Berkeley Entity that is hosted on a third-party platform (e.g. Apple Podcasts and Spotify); and (d) any other audio or video channel or account controlled by a Berkeley Entity that is hosted on a third-party platform (e.g. YouTube).
  4. UC BerkeleyX Platform.  Within nine (9) months of the date the Court approves the Consent Decree, UC Berkeley must ensure that all online content, including audio and video content, on this platform conforms to WCAG 2.0, Level AA. 
  5. Main Website.  Within eighteen (18) months of the date the Court approves the Consent Decree, UC Berkeley must ensure that all content on http://www.berkeley.edu/ and subdomains conforms to WCAG 2.0, Level AA, except for audio and video content which is subject to a different timeline. 
  6. New Audio and Video Content.  Within nine (9) months of the date the Court approves the Consent Decree, UC Berkeley will ensure that all audio and video content on the following platforms created or made publicly available after the date the Court approves the Consent Decree conforms to WCAG 2.0 Level AA:  http://www.berkeley.edu/ and subdomains, any podcast channel or account controlled by a Berkeley Entity that is hosted on a third-party platform (e.g. Apple Podcasts and Spotify), and any other audio or video channel or account controlled by a Berkeley Entity that is hosted on a third-party platform, such as YouTube.
  7. Existing Audio and Video Content: Within thirty-six (36) months of the date the Court approves the Consent Decree, UC Berkeley will ensure that:

A. all audio and video Content on http://www.berkeley.edu/ and subdomains that was made publicly available prior to the Effective Date conforms to WCAG 2.0, Level AA;

B. all audio and video content on UC Berkeley’s podcast platforms (e.g. Apple Podcasts, Spotify) that was made publicly available prior to the Effective Date conforms to WCAG 2.0, Level AA; and

C. all other audio and video content on any other audio or video channel or account controlled by a Berkeley Entity that is hosted on a third-party platform (e.g. YouTube) that either (1) was created or made publicly available within the two (2) years preceding the Effective Date; or (2) has at least 750 views as of the effective date, conforms to WCAG 2.0, Level AA.

The Consent Decree also requires UC Berkeley to adopt very detailed web accessibility procedures, appoint a web accessibility coordinator, create a very specific process and notice to the public for receiving and promptly responding to feedback and requests from users concerning web accessibility, and provide website accessibility training to individuals whose duties include uploading and managing online content on a UC Berkeley platform on behalf of a Berkeley Entity.  Furthermore, the Consent Decree requires UC Berkeley to not only continue its own internal accessibility testing of its online content, but also hire an external auditor to test the various covered platforms 9, 21, and 33 months into the Consent Decree. 

There is nothing particularly surprising about these comprehensive terms, other than the fact that the DOJ only required conformance with WCAG 2.0 AA, as opposed to the more demanding  WCAG 2.1 AA.  DOJ has required compliance with WCAG 2.1 AA in recent website accessibility agreements, even though DOJ itself is only required by law to comply with WCAG 2.0 AA for its own online content.  The longer timeline to bring existing audio and video content into compliance with accessibility standards is also noteworthy.  DOJ apparently recognized that requiring the addition of closed captioning and audio description to the many thousands of existing videos and audio files on UC Berkeley’s platforms could be cost-prohibitive and may result in their permanent removal. 

The Consent Decree is an example of the Biden’s Administration’s commitment to website accessibility enforcement, even if it seems to be in no hurry to issue regulations on this topic.

Edited by Kristina Launey

By Danielle Kays and Danny Riley, Law Clerk

Seyfarth Synopsis: BNSF Railway seeks a new trial following the verdict against it in the first ever jury verdict in an Illinois Biometric Information Privacy Act (“BIPA”) class action.  BNSF contends that the verdict, which resulted in a court award of $228 million in damages, is unconstitutional and unreasonable given the class members suffered no actual harm.

As a refresher, under BIPA, biometric information is any information “regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.” 740 ILCS §14/10. The Act provides a private entity may not “collect, capture, purchase, receive through trade, or otherwise obtain” this information without informed consent. 740 ILCS §14/15(b).  To comply with this state law, companies must provide informed, written consent before the capture, use and storage of biometric information, as well as notices specifying the company’s data collection practices. Damages for each negligent violation can rise to $1,000, with reckless or intentional violations being capped at $5,000.

Last month, a Chicago jury heard the first ever jury trial of a BIPA class action in the case Rogers v. BNSF Railway Company.  At issue was whether–and to what degree–BNSF could be held vicariously liable under the BIPA for conduct by a third-party vendor that operated finger scanning technology.  Despite BNSF’s argument that the railway’s vendor was the entity that collected the employees’ biometric data (and not the railway), the jury found that the railway was liable for approximately 45,600 reckless or intentional violations.  Now, in its motion for a new trial, BNSF argues that the “unprecedented judgment awarding plaintiff and the class a nine-figure windfall despite their admission that they suffered no actual harm was not supported by the evidence at trial.”

While BNSF claims that the ruling is unconstitutional, it also argues that the evidence proposed to the jury was not enough to support a finding of liability.  The railway argues that even in the case that there is a finding of liability, any violations would constitute negligence, rather than reckless or intentional violations.  Should BNSF successfully argue that its violations were negligent, damages may still be upwards of $45 million.

BNSF also noted the Illinois Supreme Court’s pending decision in Cothron v. White Castle, which will decide whether BIPA claims accrue “each time a private entity scans a person’s biometric identifier and each time a private entity transmits such a scan to a third party, respectively, or only upon the first scan and first transmission.” 20 F.4th 1156, 1167 (7th Cir. 2021).  If the Illinois Supreme Court sides with the defendant in White Castle, BNSF argues that the plaintiff’s claim will be dismissed and the class decertified.

Should the Court deny BNSF’s motion for a new trial, the railway previously said it plans to appeal the verdict.

The time is now for employers to conduct internal audits to make sure they are BIPA compliant.

BIPA Compliance

•           Obtain a written consent form from individuals if you intend to collect, use, store, or disclose any personal biometric information.

•           Notify individuals in writing that the information is being collected or stored and the purpose and length of time for which the biometric identifier will be collected, stored, and used.

•           Create and maintain a retention schedule for biometric data retention and guidelines for permanently destroying biometric information.

For more information about the Illinois Biometric Information Privacy Act, and how this development may affect your business, contact the authors, your Seyfarth attorney, or Seyfarth’s Workplace Privacy & Biometrics Practice Group.

By Linda C. Schoonmaker and Darien C. Harris

Seyfarth Synopsis:  The Dallas County Sheriff’s Department gives its detention officers two days off per week.  Prior to April 2019, the schedules were based on seniority, with most officers preferring to take their two days off during the weekend.  Sometime in April 2019, the Sheriff’s Department enacted a scheduling policy that prohibited its female detention officers from taking the full weekend off, allowing them to only take two weekdays off or one weekday and one weekend day off.  By contrast, it allowed the male officers to take the full weekend off. 

When the female officers asked their sergeant how scheduling was determined, the sergeant minced no words in confirming that the scheduling policy was indeed gender-based.  He insisted that it would be safer for the male officers to be off during the weekends as opposed to during the week.  Notably, the male and female officers performed the same tasks and the number of inmates during the week was the same as the number on weekends.  The female officers reported the scheduling policy to their sergeant, lieutenant, chief, and human resources to no avail.  Consequently, they filed a charge of discrimination with the Equal Employment Opportunity Commission and received Notice of Right to Sue Letters.

On February 10, 2020, the female officers sued for violations of Title VII and the Texas Employment Discrimination Act (“TEDA”).  Dallas County moved to dismiss the lawsuit, claiming that the female officers failed to state a plausible claim for relief because they did not suffer an adverse employment action.  The female officers responded that the gender-based scheduling policy harmed their work conditions and made their jobs objectively worse.  The trial court granted the County’s motion, despite acknowledging that the County’s scheduling was an unfair, facially discriminatory policy that could plausibly make the female officers’ jobs objectively worse because “binding precedent of this [c]ircuit compel[led]” it to hold that the female officers did not suffer an adverse employment action.

On appeal, the female officers argued that the trial court was wrong in considering whether the County’s scheduling policy constituted an adverse employment action rather than applying the statutory text of Title VII and the TEDA.  With an almost remorseful tone, the Fifth Circuit affirmed the trial court’s dismissal of the lawsuit, holding that the dismissal was correct under the Fifth Circuit’s definition of adverse employment action.  Despite clearly being discriminated against, the female officers had not shown that they suffered an adverse employment action – a  dispositive factor in attaching liability – because the Fifth Circuit has consistently defined “adverse employment action” to include only ultimate employment decisions such as hiring, granting leave, discharging, promoting, or compensating.  The appellate court was bound by a rule it developed one-score and seven years ago in Dollis v. Rubin, 77 F.3d 777 (5th Cir. 1995) in which it adopted language from a Fourth Circuit case regarding a different provision of Title VII:  “Title VII was designed to address ultimate employment decisions, not to address every decision made by employers that arguably might have some tangential effect upon those ultimate decisions.”  Even though its definition was at odds with that of several of its sister circuits, the Fifth Circuit panel was stuck with precedent.

Considering that this was a case of undisputed gender discrimination, the Fifth Circuit decided that the case was an ideal vehicle to reconsider its prior precedent, which can only be done by the entire court in this circumstance.  For that reason, the full Fifth Circuit has agreed to review the ultimate employment decision requirement to harmonize its future decisions with the spirit and letter of Title VII’s protection against sex discrimination. 

TAKEAWAYS

If the ultimate outcome of this case is the expansion of the Fifth Circuit’s definition of “adverse employment action”, employers in the Fifth Circuit may face more litigation because unhappy employees or former employees will no longer be as restricted in pursuing their claims.  Therefore, employers should confirm that any policies and practices which are expressly or implicitly discriminatory are supported by legitimate reasons even if applying the policy would result in an adverse employment action.

For more information on this or any related topic, please contact the authors, your Seyfarth attorney, or any member of the Workplace Counseling & Solutions Team.

By Loren Gesinsky and Alex J. Reganata, Senior Fellow

Seyfarth synopsis: Employee sustained an injury in a work-related accident. Based on New York’s Workers’ Compensation Law he was classified as having a nonschedule permanent partial disability. He received an award of $500 per week, and pursuant to a statutory cap could not receive this amount past 350 weeks. Employee died from unrelated causes after 311.2 weeks, and employee’s minor son sought accrued unpaid amounts of father’s award, as well as amount that employee would have received if he reached the statutory cap. New York’s highest court held that unaccrued portions of nonschedule awards under WCL may not pass to beneficiaries of injured employees who die from causes unrelated to the work injury.

Background

Eric Watson sustained an injury in a work-related accident. Pursuant to New York’s Workers’ Compensation Law (WCL), an employee who suffers an injury that results in a permanent partial disability can receive one of two categories of awards: a “schedule loss of use” award or a nonschedule award. New York courts have described a schedule loss of use award as being designed to compensate for loss of earning power, rather than the time that an employee actually loses from work of the injury itself. A nonschedule award aims to reimburse the injured employee for earnings lost due to injury.

According to the WCL, nonschedule awards are payable while the permanent partial disability exists, but the amount payable is subject to reconsideration as to the degree of the impairment. Nonschedule awards are measured at 66.67% of the difference between the average weekly wage of the employee and his or her wage-earning capacity in the same employment or otherwise afterward. It wasn’t until 2007 WCL amendments that a statutory cap was placed on unscheduled awards. Before the amendments, the payments were unlimited. Schedule awards, on the other hand, were set at 66.67% of the employees average weekly wages and were paid for a fixed period set by the statute.

Eric Watson received a nonschedule award. He passed away due to unrelated causes after 311.2 weeks. His minor son sought to recover unpaid amounts during the 311.2 weeks, and also an award for the remaining 38.8 weeks between Watson’s death and the maximum period allowed by statute of 350 weeks. A WCL Judge awarded Watson’s minor son only the unpaid amounts that accrued during the 311.2 weeks preceding Watson’s death. The Appellate Division modified the award, ruling that Watson’s minor son was also entitled to the 38.8 weeks left in the statutory maximum period. The Workers Compensation Board appealed.

The Appellate Division – Missing The Point

The Appellate Division found that a nonschedule award was “established, set and fixed at the time of classification.” It concluded that, because both nonschedule and schedule awards were contained in the same subdivision that allowed an award made to a claimant to pass to a minor child, the statute did not distinguish between the two and therefore both schedule and nonschedule awards had the ability to pass to a minor child.

The Appellate Division viewed the 2007 WCL amendments making nonschedule awards limited like schedule awards as indicative of a legislative intent to achieve “parity” between the two categories of awards, thus requiring that the awards be treated the same in the context of ability to pass to a minor child.

Where The Appellate Division Went Wrong – A History Lesson and the Finality of Death

The Court of Appeals took the Appellate Division to school in a sense. The Court of Appeals described how it “urged recognition” of the differences between the two awards over 100 years ago. It also recognized that courts have awarded posthumous benefits for schedule awards countless times.

The Court of Appeals also held that the Appellate Division misunderstood the legislative intent of the 2007 amendments. The Court of Appeals cited to legislative history stating that the amendments’ purpose was to eliminate the possibility of a set duration of benefits for some claimants and lifelong benefits for others. Thus, the intent was not to eliminate all distinctions between the two awards, but rather reduce the unfairness that resulted from a potentially unlimited nonschedule award in comparison to a limited schedule award. The Court of Appeals reinstated the original holding of the Workers Compensation Board, which held that, with the death of a claimant to an unscheduled award, there is no additional award payable because the nonschedule award compensates for time lost due to the permanent partial disability — and with death, there is no time left to lose.

For more information on this or any related topic, please contact the authors, your Seyfarth attorney, or any member of the Workplace Counseling & Solutions Team.

By Linda C. Schoonmaker and Elizabeth L. Humphrey

Seyfarth Synopsis: Railroad companies spend millions of dollars and thousands of hours developing their risk management systems. When a plaintiff aims to discover risk management data, companies understandably balk at the prospect of revealing information they have gone to great lengths to collect, categorize, and assess  for the purpose of mitigating litigation risk. A recent opinion from the Alabama Supreme Court suggests that companies need not worry about disclosing their risk management data.

Christopher Ellis worked for CSX Transportation, Inc. as a remote-control foreman at CSX’s Montgomery yard. While riding on the ladder of a railcar during the course of his employment with CSX, Ellis was struck in the torso by the broken door handle and latch assembly of a railcar on an adjacent track. The impact of the blow knocked Ellis off the railcar on which he was riding, causing him to suffer significant injuries. On November 17, 2020, Ellis sued CSX asserting claims under the Federal Employers’ Liability Act (“FELA”) and the Safety Appliance Act (“the SAA”). Ellis propounded 25 multipart interrogatories and 62 requests for production to CSX with his complaint. While Ellis’s initial discovery requests seemed innocuous, in a subsequent motion to compel it became clear that Ellis sought information in CSX’s risk management system (“RMS”), which CSX claimed to contain confidential work-product. The trial court ultimately agreed with Ellis, granted his motion to compel, and ordered CSX to produce information contained in its RMS.

CSX petitioned the Alabama Supreme Court for a writ of mandamus directing the trial court to, among other things, vacate its order granting Ellis’s motion to compel discovery and either enter an order denying Ellis’s motion to compel or a protective order barring production of materials CSX contends to be protected work product or patently irrelevant. The Supreme Court granted the petition for mandamus relief in part and directed the trial court to vacate its order to the extent that it requires the production of materials contained in the company’s RMS in violation of the work-product doctrine. The Court denied the petition in all other respects.

The Court relied on two pieces of evidence to support its finding that the risk management materials are protected under the work-product doctrine. First, the Court noted that CSX received a letter from plaintiff’s counsel three days after Ellis’s accident advising CSX that they represented Ellis in his claims relating to injuries he suffered from his on-the-job injury. The Court found that this letter notified CSX that Ellis intended to seek damages for his injuries and provided a reasonable basis for CSX to assume Ellis would seek those damages through litigation.

The Court also found persuasive an affidavit from CSX’s senior director of risk management, which described the structure, processes, functions, and outputs of the company’s risk management department (“RMD”). The senior director of risk management testified that the RMD is classified as part of CSX’s legal department and that the RMD is managed and supervised by CSX’s general counsel. He explicitly stated that the RMD investigates potential and actual claims asserted by employees in anticipation of litigation and in consultation with CSX’s legal counsel. Those investigations include factual information detailing the employee’s medical condition, lost wages, witness statements as well as claim analysis discussing the merits of the employee’s claim, potential past and future lost wages, and the employee’s ability to return to work. The RMD discusses the results of its investigation with legal counsel to evaluate the claim and, if appropriate, arrive at a reasonable settlement value of the claim.  That information is then entered into the RMS.

In light of that testimony, the Court found that the materials contained in the RMS were prepared because of the prospect of litigation in consultation with CSX’s counsel and therefore are privileged work-product. The Court further found that some of the RMS materials consist of the RMD personnel’s mental impressions, conclusions, and opinions, which are entitled to nearly absolute immunity and are discoverable only in “very rare and extraordinary circumstances.” Even had Ellis made a showing of substantial need for and an inability to otherwise obtain the work-product, the RMD personnel’s opinion work product would not be discoverable.

Takeaways

Although the company here was a railroad, this case provides guidance to any company with a risk management system.  A company’s risk management department should be nestled within the company’s legal department. The risk management team should report to the company’s general counsel and work in consultation with company attorneys to evaluate employee claims, regardless of whether the employee has notified the company that he or she intends to file suit for on-the-job injuries. If a company receives a letter of representation, or is otherwise notified that an injured employee intends to file suit, it should begin a risk management investigation immediately.

Companies should consider adopting a policy stating that  investigations of employee injuries are conducted in anticipation of litigation and in consultation with the company’s legal department. That policy should include language stating that their risk management system contains the mental impressions, conclusions, and opinions regarding the merits and value of, as well as potential defenses to, employee injury claims. Make sure that all opinions related to claims evaluation are actually entered into the company’s risk management system to ensure all information subject to a potential work-product challenge are organized and easily accessible.

Companies should regularly review their policies regarding risk management investigations and data retention considering the hefty investment that that they have made laying the groundwork for their risk management systems.

For more information on this or any related topic, please contact the authors, your Seyfarth attorney, or any member of the Workplace Counseling & Solutions Team or the Workplace Policies and Handbooks Team.

By Nick A. Lussier and Andrew M. McKinley

Seyfarth Synopsis: On October 13, 2022, the Supreme Court of Virginia analyzed whether individuals may be joint employers under Virginia’s Wage Payment Act. Answering in the negative, the Court held that the statute defined “employer” more narrowly than the FLSA, and thus extended joint employment liability only to entities, not individuals, acting in the interest of an employer.

In Cornell v. Benedict, two licensed therapists had brought a state-law collective action against the practice alleging violations under the Virginia Wage Payment Act after they and similarly situated therapists never received the commissions owed to them. Although they had sued the financially-strapped practice, they also asserted claims against two members of the practice’s management team alleging that, because they had acted in the interest of CPS, they qualified as joint employers under Virginia law.

In assessing whether individuals could qualify as joint employers within the meaning of the Wage Payment Act, the Virginia Supreme Court compared the language of the Wage Payment Act to that of  the FLSA and concluded that the Virginia legislature defined “employer” more narrowly. To reach that conclusion, the Court observed the FLSA defined “employer” to include “any person” acting in directly or indirectly in an employer’s interest. The Virginia legislature, however, had replaced “any person” with “any similar entity.”

The Court applied ordinary canons of statutory interpretation in assessing this textual difference. Indeed, other Virginia labor statutes had included the FLSA’s “any person” language, leading the Court to conclude that the Court’s use of “any similar entity” was intentional and required that the statute be given a correspondingly different interpretation. Thus, because joint employment extended only to an “entity” under the Wage Payment Act, the Court determined that the members of the practice’s management team could not qualify as joint employers.

Implications for Employers

This case is one of the first to interpret the recent amendments to the Virginia Wage Payment Act and confirms that employment under the act is not coterminous with the FLSA. It is a significant victory for high-level officers and employees who are typically named as alleged co-employers in wage-and-hour actions for little reason other than to manufacture settlement pressure. The case also serves as a reminder that significant differences exist between various federal and state wage-and-hour laws on issues as basic as when an employment (or joint employment) relationship exists. Similarly, under the FLSA, meaningful differences exist in the standards applied by federal courts, and regulatory efforts at establishing uniformity have yet to produce lasting results. Thus, businesses should regularly examine their relationships with their workers, and those of entities with which they contract for labor, to assess potential exposure under both federal and state law.

By Danielle Kays and James Nasiri

Seyfarth Synopsis: On October 17, 2022, the U.S. District Court for the Western District of Washington granted Microsoft’s motion for summary judgment on the plaintiffs’ unique class action claims in a case entitled Vance v. Microsoft Corp. The plaintiffs, and Illinois residents, uploaded several pictures of themselves to popular photo-sharing site Flickr, which then became part of a “Diversity in Faces” digital dataset that was subsequently downloaded by two individuals associated with Microsoft. The plaintiffs claimed that Microsoft downloaded the dataset without their consent under the procedures set forth under the Illinois Biometric Information Privacy Act (“BIPA”) and therefore violated the BIPA as to individuals in the photos. Microsoft countered that the plaintiffs’ BIPA claims lacked the requisite connection to Illinois, and the Court agreed. By dismissing the plaintiffs’ claims, the Court issued an important BIPA win for companies, and also set forth favorable precedent for out-of-state businesses hit with BIPA lawsuits.

Background on Vance v. Microsoft

The Vance matter has a relatively complicated history, spanning back almost 20 years and involving a number of different companies and key players. The core of this dispute is the Diversity in Faces (“DiF”) Dataset, which is a set of approximately one million human facial images designed to encapsulate the diversity of the human race. Early versions of facial recognition software apparently struggled to accurately identify “individuals who were not male and did not have light colored skin tones.” In response to this issue, International Business Machines Corp. (“IBM”) compiled and created the DiF Dataset in order “to advance the study of fairness and accuracy in facial recognition technology.”

Separately, the plaintiffs in this case — Steven Vance and Tim Janecyk — were Illinois residents and active members of Flickr, a photo-sharing website later purchased by Yahoo!. Starting in 2008, the plaintiffs began uploading dozens of photos of themselves to Flickr. Then, in 2014, Yahoo! publicly released a dataset containing millions of public pictures, many of which were subsequently used in IBM’s DiF Dataset. Therefore, the plaintiffs’ photos originally uploaded to Flickr ended up becoming part of the DiF Dataset. 

IBM made its DiF Dataset public in 2019, and shortly after, two individuals associated with Microsoft downloaded the Dataset. The first individual, a consultant hired by Microsoft to assist with evaluating facial recognition technology, downloaded the DiF Dataset while in Washington state. The second individual at issue was a student intern for Microsoft who downloaded the DiF Dataset while in New York, in order to assist with her research on facial recognition systems.

The plaintiffs brought the present class action lawsuit alleging that, even though Microsoft’s two agents downloaded the Dataset outside of Illinois, Microsoft’s data management process involved saved data being “chunked (i.e., divided into non-overlapping packets of data bits),” encrypted, and stored in a data center in Chicago, Illinois. Consequently, the plaintiffs alleged that Microsoft violated the BIPA by: 1) collecting and obtaining their biometric data without satisfying the requisite process and obtaining written releases; and 2) unlawfully profiting from their biometric data. The plaintiff also asserted a claim of unjust enrichment relative to the Microsoft consultant using the DiF Dataset to evaluate facial recognition products that Microsoft was considering buying.

District Court Grants Microsoft’s Motion for Summary Judgment

Microsoft filed its motion for summary judgment in May 2022, arguing that the plaintiffs could not lawfully move forward with their BIPA or unjust enrichment claims. Specifically, the company contended that the BIPA cannot apply to conduct extraterritorial of Illinois, and thus, applying the BIPA to Microsoft’s conduct would violate the Commerce Clause of the U.S. Constitution. Microsoft also argued that, even if the plaintiffs satisfied their jurisdictional hurdle, they cannot satisfy all necessary elements of their BIPA claim or their unjust enrichment claim.

On October 17, 2022, the Court granted Microsoft’s motion on both of the plaintiffs’ claims. With respect to the out-of-state application of the BIPA, the Court first noted that, because the Act does not contain an extraterritorial provision, the conduct at issue must have “occurred primarily and substantially in Illinois.” To that end, the plaintiffs stated that  because they are Illinois residents, their injuries occurred in Illinois. They also emphasized that Microsoft may have encrypted and stored “chunked” copies of the DiF dataset on the company’s servers in Illinois. Microsoft responded by pointing out that the BIPA only regulates an entity’s collection of data, rather than its encryption and storage of such data after the original acquisition.

Ultimately, the Court agreed with Microsoft by finding that all relevant conduct took place in Washington and New York. Specifically, the Court reasoned that the Company could not be held liable under the BIPA where other entities (i.e., Flickr, Yahoo!, and IBM) actually collected the biometric data at issue. The Court therefore held that “even if Microsoft’s systems ‘chunked,’ encrypted, and stored the DiF Dataset on a server in Illinois, any connection between Microsoft’s conduct and Illinois is too attenuated and de minimis for a reasonable juror to find that the circumstances underlying Microsoft’s alleged BIPA violation ‘occurred primarily and substantially in Illinois.’”

In terms of the unjust enrichment claim, the plaintiffs alleged that Microsoft received a monetary benefit by downloading the DiF Dataset, without providing adequate compensation to the plaintiffs. Namely, they pointed to the conduct of Microsoft’s consultant, who downloaded the Dataset to evaluate facial recognition software that the Company was considering for purchase. The Court firmly rejected the plaintiffs’ arguments here, holding that the plaintiffs failed to show that Microsoft actually used — and benefitted from — one consultant’s download of the DiF Dataset. Accordingly, the Court granted Microsoft’s motion without reaching the merits of the plaintiffs’ BIPA claim.

Implications for Employers

The Washington federal court’s decision in Vance creates favorable BIPA case law for companies as it relates to the Act’s out-of-state applicability. The Vance decision sets forth some protection for businesses outside of Illinois that collect or store biometric data. Importantly, the Court establishes that an out-of-state business that merely stores part of its encrypted biometric data on an Illinois-based server cannot be held liable under Section 15(b) of the BIPA. For more information about the Illinois Biometric Information Privacy Act and how this decision may affect your business, contact the authors Danielle Kays and James Nasiri, your Seyfarth attorney, or Seyfarth’s Workplace Privacy & Biometrics Practice Group.

By Ilana MoradyPatrick D. JoyceCoby TurnerLiz Watson and Juan Rehl-Garcia 

Seyfarth Synopsis: Two big changes are on the horizon for California employers:
(1) changes to the COVID-19 general exposure notification requirements and (2) a proposed “permanent” Cal/OSHA COVID-19 standard to take effect January 1, 2023-2025.

The fall season signals change between the warmth and sun of summer and the cold and wet of winter. This year, fall also includes upcoming changes to the regulatory landscape in California as it pertains to COVID-19. Specifically, the passage of AB 2693 in late September and a recent round of edits to a proposed permanent Cal/OSHA COVID-19 standard have given employers new things to consider. Both of these new provisions are set to be effective January 1, 2023.

General Exposure Notice Changes

Methods of Notification

As California employers are well aware, legislation enacted early in the pandemic requires that written general exposure notification be provided to employees who were at the same worksite at the same time as a person with COVID-19, advising them that they “may have been exposed” to COVID-19, providing information about available benefits, and providing information the employer’s cleaning and disinfection plan. That legislation was set to expire at the end of 2022. However Governor Newsom just signed a new bill—AB 2693—which extends the general exposure notification requirement until January 1, 2024.

But there’s good news too: AB 2693 significantly reduces the burden on employers by allowing an option for the notice of potential exposure to be posted at the worksite, or on an employee portal if other workplace notices are posted on the portal. Like the notice required under the current legislation, it must be posted within one business day from when the employer learns of the COVID-19 case, and remain posted for at least 15 calendar days.

Employers still have the option to provide written notice to covered workers, and the employers of subcontracted workers, if they prefer. But, employers must still provide a written notice to the exclusive representative, if any, of the COVID-19 case(s) and any employees who had close contact.

Records of the written notices provided and a log of the dates of the notices posted must be maintained for 3 years.

Content of the Notice

The information required in the notice is also changing. Now, employers do not need to notify employees or other workers on site that “they may have been exposed.”

Rather, the new version of the notice has been streamlined, and now requires the following be included:

  1. The dates on which an employee, or employee of a subcontracted employer, with a confirmed case of COVID-19 was on the worksite premises within the infectious period.
  2. The location of the exposures, including the department, floor, building, or other area, but the location does not need to be so specific that it would allow individual workers to be identified.
  3. Instead of providing detailed information on the specifics, employers now only need to provide contact information for where employees may receive information regarding COVID-19-related benefits they may be entitled under applicable federal, state, or local laws, as well as antiretaliation and antidiscrimination protections of the employee.
  4. As a reminder, these benefits may include categories such as workers’ compensation, COVID-19-related local or emergency leave, company sick leave, state-mandated leave, recently extended COVID supplemental sick leave (which we recently blogged about here), or negotiated leave provisions.
  5. As a best practice, companies should ensure that their HR, Safety, or designated management personnel are prepared to provide this information upon request and are familiar with the local options for both paid and unpaid leave.
  6. Likewise, employers now only need provide contact information for where employees may receive the cleaning and disinfection planthat the employer is implementing per the guidelines of the CDC and the Cal/OSHA standards.
  7. Note: Workplace cleaning and disinfection plans are not currently part of CDC guidelines or Cal/OSHA requirements, so many employers will likely refer to their normal cleaning and/or disinfection protocols that may be independent of COVID-19 mitigation measures.

AB 2693 also requires the notice to be in English and the language understood by the majority of the employees.

Proposed Permanent COVID-19 Cal/OSHA Standard

Another major change is looming in the horizon. On January 1, 2023, a new 2-year “permanent”, or “non-emergency”, COVID-19 standard will likely replace the existing Emergency Temporary Standards which we have extensively written about in the past.

Several variations on the proposed rules have already been circulated ahead of a December 15th CAL/OSHA public meeting, during which the Cal/OSHA Standards Board is widely expected to pass the new standard in advance of the December 31, 2022 expiration of the current ETS.

Much of the ETS has carried over into the new proposed standard, but there are also some major changes that employers should be aware of.

Highlights from the Proposed Non-Emergency Standard

  • Definition changes. The proposed permanent standard makes changes to many of the definitions we have seen in the ETS. Some of the more significant changes include:
    • “Close Contact” – Instead of a single definition for close contact, the proposed standard distinguishes between two scenarios based on workplace size. (Note that this new definition already applies in workplaces covered by the ETS because it was changed by an Order issued by CDPH on October 13, 2022).
      • In indoor spaces of 400,000 cubic feet or less, a close contact results from sharing the same indoor space for 15 or more cumulative minutes within 24 hours during the infectious period. Here, six feet of distance does not matter.
      • In indoor spaces of greater than 400,000 cubic feet, a close contact results from being within six feet of a COVID case for a cumulative total of 15 minutes or more within 24 hours during the infectious period.
      • Importantly, each room with floor-to-ceiling walls makes up a distinct indoor space for purposes of this rule. Employees wearing a respirator during this time are not close contacts.
    • “Exposed Group” – The new standard makes a few changes here. Most importantly, places where individuals momentarily pass through without congregating, regardless of whether they are wearing a face covering, are not considered for the purpose of determining if a group has been exposed.
      • Under the current ETS, everyone in the space had to wear a face covering, even with respect to momentary exposures, or else they would be considered part of an exposed group.
    • “Infectious Period” – Under the proposed permanent standard, the definition of infectious period is less stringent and allows for a shorter time frame.
      • For symptomatic cases, the infectious period may now end five days (down from 10 days) after the arrival of symptoms if the individual tests negative on that day and has not had a fever for over 24 hours without medication.
      • For asymptomatic cases, the infectious period may also end five days after a positive test if a negative test is produced on the fifth day.
    • “Returned Case” – Instead of a 90-day period following the initial onset of symptoms or positive test, the proposed rules changes this to 30 days, after which time someone who returned to work following a COVID-19 related absence is no longer considered a returned case.
      • This shortened time period means that employers may be required to provide COVID-19 testing to a larger number of employees, as returned cases under the ETS are exempt from the requirement.
  • Exclusion pay. One of the most notable differences between the current ETS and the proposed permanent standard is the absence of exclusion pay.
    • Currently, employers must continue and maintain employees’ earnings, seniority, rights, and benefits if they have been excluded from the workplace due to COVID-19 exposure or illness contracted at work. Employers have to provide exclusion pay under the ETS before requiring employees to exhaust other forms of potential paid leave, like Supplemental Paid Sick Leave.
    • The proposed permanent standard eliminates this provision. Instead, employers must only provide information to confirmed cases and close contacts about COVID-19 benefits they may be entitled to under local and federal law.
  • Notice requirements. The notice requirements have also been somewhat streamlined.
    • The ETS requires employers to provide written notice to all employees present at a worksite during the infectious period of a COVID-19 case within one business day of when they learn of the case. Notice must also be sent to independent contractors and other employers whose employees were on the premises during this period.
    • The proposed permanent standard includes similar notice requirements, but changes the time frame for notice to “as soon as possible,” so long as the employer is able to meet any potential exclusion requirements. It also defers to Labor Code 6409.6 for the content and form of notice, which means employers would be allowed to do posting instead of providing notices in writing, in light of recent amendments mentioned above.
  • Reporting and recordkeeping. Reporting and recordkeeping requirements have changed to reflect increasing priorities on cases and large outbreaks, rather than exposures or isolated cases.
    • Employers no longer have to report information about workplace COVID-19 cases and outbreaks to their local health department. (Though employers need to be aware that local health departments may still promulgate their own requirements on reporting.)
    • Additionally, while employers must keep a record of COVID-19 cases for two years, they no longer have to keep records of close contacts.
    • The requirement that employers document the steps taken to implement a separate COVID-19 Prevention Program has also dropped away, meaning employers can generally rely on their standard Injury and Illness Prevention Program (IIPP), as long as the IIPP adequately addresses employee health and safety policies and procedures related to COVID-19.
    • The proposed permanent standard adds that in a major outbreak setting, employers must report the outbreak to Cal/OSHA. The proposed rule does not specify a time frame within which the report must be made.
  • Face coverings. In many ways, the rules remain the same. There are, however, some important distinctions:
    • Under both the current and proposed standards, employees who are exempted from a mandatory face covering requirement due to medical, disability, or mental health reasons must wear “an effective nonrestrictive alternative” if possible. But, if a face covering is not possible, the proposed permanent standard no longer mandates any sort of testing for these employees.
    • Employers are required to ensure employees wear face coverings when required by a CDPH regulation or order.
  • Outbreaks. Currently, the ETS outbreak rules come in play once three or more COVID-19 cases in an exposed group visit a work site during their infectious period within a 14-day window, and last until there are no new cases detected in a 14-day period. The proposed permanent standard contains various key changes to these rules. Most notably:
    • The provisions concerning outbreaks no longer apply once there have been one or fewer cases detected in an exposed group within a 14-day period. This change may slightly decrease the amount of time that an employer has to follow the more stringent procedures in the event of an outbreak.
    • Currently, during an outbreak employers must evaluate whether HEPA or other filtration units would reduce the risk of transmission. The proposed standard requires employers to utilize HEPA units upon an outbreak whenever ventilation is inadequate to reduce transmission.
    • Provisions on major outbreaks still apply when there are more than 20 cases detected in a 14-day period, and employers need to comply with those provisions as long as there is more than one case detected in the exposed group within a 14 day period.
    • Finally, and very importantly, during a major outbreak, employers must report the outbreak to the Division. This is not a requirement under the current emergency standard.
  • Return to work criteria. The criteria for when a COVID-19 case may return to work is largely the same, but under the proposed rule, there is no difference in the standard for those whose symptoms, other than a fever, remain. Thus, under the proposed permanent standard, the continued presence of symptoms is irrelevant if on the fifth day a negative test is produced, unless one of the symptoms is a fever.
  • Ventilation. Currently, employers are required to evaluate how existing ventilation systems may be modified to maximize ventilation with outdoor air. The proposed rule eliminates this language.
    • Instead, the proposed non-emergency standard obligates employers to “develop, implement, and maintain” a prevention plan that incorporates at least one of the following:
      • Maximizing outdoor air when ambient conditions do not pose a hazard.
      • Filtering circulated air through a MERV-13 filter or as much filtration as the existing ventilation system will permit.
      • Using HEPA filtration units in indoor spaces when ventilation is inadequate.
  • Employer-provided housing. Unlike the ETS, the proposed rule would not require employers to prioritize housing assignments in a particular order. Instead, it merely directs employers to consider distinct cohorts in housing assignments.
  • Employer-provided transportation. Many of the requirements of the ETS pertaining to transportation have been dropped. In their place, the proposed standard instructs employers to comply with the general provisions applicable to workplaces.

The rules highlighted here represent the most substantive differences between the ongoing ETS and the proposed permanent standard set to replace it at the start of 2023. The Division is accepting comments by email (oshsb@dir.ca.gov) on the most recent version of the proposed standard until October 31st. It remains possible that the proposed “permanent standard” that ultimately goes into effect may be different in some regards than what’s currently proposed.

Workplace Solutions

Stay tuned for updated guidance and developments on the workplace safety front in California. Seyfarth will be closely monitoring the outcome of the December 15 meeting on the proposed permanent standard, and will be updating our readers here. Don’t hesitate to reach out to your favorite Seyfarth attorney should you have any questions.