Workforce Bulletin

Seeking to prevent San Francisco’s return-to-work program from reigniting a surge of COVID-19 cases, the city’s Board of Supervisors (“Board”) has passed the “Healthy Buildings Ordinance” (“Ordinance”). This temporary emergency measure, which Mayor London Breed signed on July 17, 2020, and which is effective immediately, (i) establishes cleaning and disease prevention standards in tourist hotels and large commercial office buildings; (ii) mandates employee training on these standards and various protections employers must provide for workers as they ...

Featured in #WorkforceWednesday:  As enterprises continue to weigh the decisions and risks related to workplace transition, CLOs play a crucial role in addressing everything from leading the legal team and functions remotely, to the heightened organizational data privacy and security risk or the tax and immigration concerns that have arisen from these employee transitions.

Special guests Lori Lorenzo, Research and Insights Director of Deloitte’s Chief Legal Officer Program at Deloitte Transactions and Business Analytics LLP, and David Garland, Chair of the ...

While businesses and their employees continue to operate in the “new frontier” of working-from-home during the COVID-19 pandemic and the gradual reopening of the economy, a serious risk continues to present itself: the threat of cybercrime. The increased use of remote access to work systems and related applications has made businesses a prime target for those unscrupulous individuals seeking to encroach on companies’ cyber-landscape. Flaws in VPNs, firewalls, and videoconferencing, for example, have exposed many companies’ electronic infrastructures to these incursions. Similarly, the at-home workforce has increasingly been subjected to social engineering attacks often cloaked as communications purporting to provide information about pandemic-related issues.

In addition to the technical measures necessary to confront these threats, businesses would be well-advised to ensure that their cyber insurance is up to date and responds to this challenging new environment. Such coverage may be found in a variety of insurance, including property policies, commercial crime bonds or in stand-alone cyber risk policies. Regardless of where it resides, cyber insurance typically provides coverage for data breaches, ransomware attacks and employee wrongdoing, and for loss of business income occasioned by covered occurrences.

While the jurisprudence related to these issues continues to develop, some recent cases provide insight into how courts may decide cyber coverage questions in the current environment. 

Ransomware - Covered

Earlier this year the U.S. District Court for the District of Maryland considered the issue of how first-party “computer coverage” responded to data loss resulting from a ransomware attack. In National Ink & Stitch, LLC v. State Auto Property & Casualty Ins. Co., No. SAG-18-2138, 2020 WL 374460 (D. Md. Jan. 23, 2020), the insured was an embroidery and screen printing business that stored business-related art, logos, designs and graphics software on a server that became compromised by a ransomware attack. Id. at *1. As a result, the insured needed to recreate stored data that it was unable to access because of the incursion. Id. Further, after the software was replaced and reinstalled by experts, there remained a likelihood that remnants of the virus lingered on the system, leaving the insured with the unpalatable choice of either “wiping” the entire system or purchasing a new server. Id.

The policy at issue responded to “direct physical loss of damage to Covered Property at the premises…caused by…any Covered Cause of Loss.” Id. “Covered Property” included electronic data processing, recordings or storage media such as film, tapes, disks, etc. in addition to data stored on such media. Id. at *1-2. Software was included as “covered property” in the policy. Id. at *1. The insurer denied the claim on the basis that the insured had not experienced direct physical loss or damage to its computer system to justify reimbursement of the cost of replacing the entire system. Id. at *2. That is, because the insured “only lost data and could still use its computer system,” the insurer took the position that there was no “direct physical loss” and, therefore, no coverage. Id.

In finding that the insured should be reimbursed for its losses, the court determined that the plain language of the policy “contemplates that data and software are covered and can experience ‘direct physical loss or damage’” Id. at *3. The court refused to credit the insurer’s argument that a loss of software and its related functionality was not a direct loss to tangible property simply because the insured could still use the system albeit in a diminished fashion. Id. Instead, relying on relevant case law, the court it recognized that the insured’s computer system, while still functional, had been rendered inefficient and its storage capability was damaged in a way that its data and software could not be retrieved. Id. at *4. Accordingly, the court ruled that the policy did not require the computer system to be completely unable to function in order to constitute covered “physical loss or damage”. Id. at *5.

In granting summary judgment in favor of the insured, the court viewed the system’s loss of use and reliability and impaired function to be consistent with the “physical loss or damage to” language in the policy. Id. This was so because “not only did [insured] sustain a loss of its data and software, but [it] is left with a slower system which appears to be harboring a dormant virus, and is unable to access a significant portion of software and stored data.” Id.

On July 27, 2020, Virginia became the first state in the nation to implement workplace safety and health standards for COVID-19.  The Safety and Health Codes Board adopted § 16VAC25-220, an Emergency Temporary Standard for Infectious Disease Prevention: SARS-CoV-2 Virus That Causes COVID-19 (the “Temporary Standard”), which is designed to supplement and enhance existing Virginia Occupational Safety and Health (“VOSH”) laws, rules, and regulations that may apply to the prevention and control of COVID-19 in the workplace.  Virginia imposed these standards because ...

As we previously reported, the COVID-19 pandemic has affected employers and employees across the globe.  Since the outbreak of COVID-19, governments have implemented measures to address the economic impact of the pandemic, including job retention schemes and promoting remote work.  Many employers have reconsidered the need for employees to return to the office at all.  In response, Barbados and Estonia have taken a dynamic approach to these changes and have introduced digital nomad visas that allow individuals to live in the country while they work for foreign employers.

Digital ...

Employers that are fiduciaries of participant-directed individual account plans (such as 401(k) plans) subject to the Employee Retirement Income Security Act of 1974, as amended (‘Plans” and “ERISA”, respectively) should be pleased with the position taken by the Department of Labor (“DOL”) in an information letter dated June 3, 2020 (the “Letter”) addressing the use of private equity investments in designated investment alternatives offered in Plans.  The DOL states that, subject to the standards and considerations set forth in the Letter (and summarized ...

Featured in #WorkforceWednesday: This week, Virginia became the first state to issue workplace safety standards, but with guidance still varying widely, many nationwide businesses have begun requiring masks.

Video: YouTube, Vimeo, MP4, Instagram.

On July 20, 2020, the Wage and Hour Division (“WHD”) of the U.S. Department of Labor (“DOL”) published new guidance for businesses reopening amid the COVID-19 pandemic. The guidance is in the form of additions to the WHD’s existing Frequently Asked Questions (“FAQs” or “Guidance”) and addresses issues arising under two leave laws—the Family and Medical Leave Act (“FMLA”), and the Families First Coronavirus Response Act (“FFCRA”)—and wage and hour matters governed by the Fair Labor Standards Act (“FLSA”).

New FMLA FAQs

The WHD added the ...

In recent years, wage discrimination has been a hot topic and with it, the question of whether employers may rely on a worker’s salary history to justify a pay disparity between male and female employees. In a 2018 case involving the federal Equal Pay Act (“EPA”), Rizo v. Yovino, (about which we wrote here), the U.S. Court of Appeals for the Ninth Circuit (“Ninth Circuit”) ruled that employers may not rely on prior salary to excuse unequal pay. On petition, the Supreme Court vacated the decision and remanded the case on a technical ground (i.e., because the judge who ...

Tracking diversity and inclusion efforts on a global basis is often a challenging task for in-house legal, human resources, and diversity and inclusion teams.  While employers may be interested in collecting applicants’ and/or employees’ diversity information for worthy reasons, such an effort is a fertile ground for potential litigation involving data privacy violations and discrimination claims.

Risks of Violating Data Privacy Requirements

Globally, diversity information typically constitutes personal data (and, in many jurisdictions, sensitive personal ...