Workforce Bulletin

On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President Biden’s remarks highlighted the $13.6 billion in funding “to address Russia’s invasion of Ukraine and the impact on surrounding countries,” the 2022 Consolidated Appropriations Act contained numerous other laws, including the Cyber Incident Reporting Act, which should not be overlooked. The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities. Critical infrastructure entities should monitor the upcoming rule-making by the Cybersecurity and Infrastructure Security Agency (“CISA”), as the final regulations will clarify the scope and application of the new law.

As featured in #WorkforceWednesday:  This week, we look at how employers can make adjustments to their benefits policies to assist employees who want to offer help and support to Ukraine.

Next month, New Jersey private employers will need to start informing drivers before using GPS tracking devices in the vehicles they operate. A new state law that becomes effective April 18, 2022, requires employers to provide written notice to employees before using “electronic or mechanical devices” that are “designed or intended to be used for the sole purpose of tracking the movement of a vehicle, person, or device.” The notification requirement applies to both employer-owned or -leased and personal vehicles.

As featured in #WorkforceWednesday:  This week, we’re looking at how employment laws and regulations are being impacted by the Biden administration’s recent actions on the international and national stages.

On March 3, 2022, President Biden, as expected, signed the Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act of 2021 (“Act”) into law. As we previously explained, the Act amends the Federal Arbitration Act (FAA) to make pre-dispute arbitration agreements for sexual assault and sexual harassment claims invalid and unenforceable. Parties remain free, however, to mutually agree to arbitration after a claim has been asserted. The new law delegates any disputes regarding the Act, including as to the arbitrability of claims, to the courts, and not an arbitrator, to decide.

While the fate of two COVID-19 vaccination rules by federal agencies were decided in January by the Supreme Court of the United States, millions of employees working for the federal government, whether directly or as a contractor, have been waiting for clarity in the wake of court orders halting Presidential efforts to promote vaccination.  Here is a brief update on the status of litigation challenging the extent of the President’s authority to command the Executive Branch.

The first state to implement workplace health and safety standards for COVID-19 is poised to roll back those requirements. Virginia’s Permanent COVID-19 Employee Health and Safety Requirements (the “Permanent Standard”) established requirements for employers to control, prevent, and mitigate the spread of COVID-19.  However, with the Omicron wave receding, Virginia Governor Glenn Youngkin says the Permanent Standard presents “a significant burden on businesses” and should be reconsidered.

Pursuant to Governor Youngkin’s Executive Order issued on January 15, 2022, the Virginia Safety and Health Codes Board (the “Board”) convened on February 16, 2022, to determine whether the Permanent Standard is still necessary.  Adopting the Virginia Department of Labor and Industry’s (“DOLI”) recommendation, the Board agreed that there is no continued need for the Permanent Standard because the virus, “based on emerging scientific and medical evidence, . . . no longer constitute[s] a grave danger to employees in the workplace.”

The D.C. Council (the “Council”) is poised to further postpone the Ban on Non-Compete Agreements Amendment Act of 2020 (D.C. Act 23-563) (the “Act”). On March 1, 2022, Councilmember Elissa Silverman introduced emergency legislation (B24-0683) that would push back the Act’s applicability date from April 1 to October 1, 2022. Councilmember Silverman simultaneously introduced and the D.C. Council adopted an emergency declaration resolution (PR24-0603) allowing the measure to proceed directly to Mayor Muriel Bowser’s desk for signing after a single reading.

As featured in #WorkforceWednesday:  This week, we look at H.R. 4445, new federal legislation that addresses mandatory arbitration of sexual assault and harassment claims.

The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged a “Shields Up” defense in depth approach, as Russian use of wiper malware in the Ukrainian war escalates. The Russian malware “HermeticWiper” and “Whispergate” are destructive attacks that corrupt the infected computers’ master boot record rendering the device inoperable. The wipers effectuate a denial of service attack designed to render the device’s data permanently unavailable or destroyed. Although the malware to date appears to be manually targeted at selected Ukrainian systems, the risks now escalate of a spillover effect to Europe and the United States particularly as to: (i) targeted cyber attacks including on critical infrastructure and financial organizations; and (ii) use of a rapidly spreading indiscriminate wiper like the devastating “NotPetya” that quickly moves across trusted networks. Indeed, Talos researchers have found functional similarities between the current malware and “NotPetya” which was attributed to the Russian military to target Ukranian organizations in 2017, but then quickly spread around the world reportedly resulting in over $10 billion dollars in damage.[1] The researchers added that the current wiper has included even further components designed to inflict damage.