View as Web Page

Compliance News Flash – March 16, 2020

Arnall Golden Gregory LLP is pleased to provide you with the Compliance News Flash, which includes current news briefs relevant to background screening, immigration and data privacy, for the benefit and interest of our clients as well as employers and consumer reporting agencies generally.

  • Florida passed a bill (S.B. 664) that will require private employers in the state to verify employment eligibility by, either, using the E-Verify system or completing the Form I-9. All private employers, regardless of the number of employees they have, must either use the federal E-Verify program or complete the Form I-9. State officials may enforce the new requirements and noncompliance will be tied to an employer’s state business license. Employers are not required to verify the employment eligibility of current employees, only those hired after the date the employer registers with an electronic employment verification system. If signed by the governor, the law will take effect July 1, 2020 with employers required to comply by January 1, 2021. Click here to read the bill. NOTE: to avoid confusion, it is important for Florida employers to remember that under federal law, completion of the Form I-9 within three business days of hire is mandatory. Use of E-Verify is voluntary (unless required by federal contract or because the employer is in a state that mandates its use). In order to create a case in E-Verify an employer needs information from the Form I-9. Therefore, all employers must complete a Form I-9 for each new hire. They cannot use E-Verify as a standalone compliance tool. If E-Verify is used, it is used in combination with the Form I-9.  
  • In response to the outbreak of COVID-19, President Trump has suspended the entry of immigrants and nonimmigrants who have been present within the Schengen Area during the 14-day period preceding their entry to the U.S. The Schengen Area is comprised of 26 European countries and does not include England and Ireland. President Trump announced the suspension will remain in effect for 30 days, starting March 14. The suspension is subject to several exceptions including U.S. citizens and lawful permanent residents, although it will bar entry for non-immigrants in H-1B, L, and E status. The suspension is in keeping with the United States’ prior suspension of entry from those who have been present in China and Iran. For more details on the ban, click here. Also, over the weekend the Trump Administration announced similar restrictions on travel to the United States for those in the UK and Ireland.  
  • Overturning the Kansas Supreme Court, the U.S. Supreme Court, in a 5-4 vote, held that federal immigration law does not preempt state identity theft prosecutions. In the instant case, Kansas v. Garcia, three restaurant workers who were not authorized to work in the United States used Social Security numbers that were not their own on the Forms I-9 and federal and state tax-withholding forms they submitted to their employer. The State of Kansas subsequently prosecuted the workers for identity theft and fraud for falsifying their tax forms and the workers were found guilty. The Kansas Supreme Court later voided the convictions, finding that the federal Immigration Reform and Control Act (IRCA) limits the use of information contained in the Form I-9 to federal law enforcement purposes, and thereby preempts states from prosecuting the submission of fraudulent employment verification forms. The U.S. Supreme Court ultimately reversed the Kansas Supreme Court, finding that the tax forms, upon which the state’s prosecution was based, were separate from the Forms I-9, and therefore the state’s prosecution was not in violation of IRCA. Click here to read more.
  • The California Office of the Attorney General (OAG) has published a second set of modifications to its proposed regulations under the California Consumer Privacy Act (CCPA). The proposed regulations were first published on October 11, 2019. On February 10, 2020, the OAG released its first set of modifications to the proposed regulations. This second set of modifications, published on March 11th, though minimal, does make a notable deletion and addition. It deletes the clarification regarding IP addresses set forth in the first set of modifications. Specifically, the statement that the term “personal information” does not include IP addresses that cannot reasonably be linked to a particular consumer or household, has been removed. The second set of modified regulations also adds guidance for businesses that do not directly collect personal information, stating that “[a] business that does not collect personal information directly from a consumer does not need to provide a notice at collection to the consumer if it does not sell the consumer’s personal information.” The California OAG will accept comments on this second set of modified regulations until Friday, March 27, 2020 at 5:00 p.m. Click here to access all versions of the OAG’s proposed regulations.
  • The New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act goes into effect March 21, 2020. The Act, signed into law on July 25, 2019, requires any organization that owns or licenses computerized data that includes private information of New York State residents, to implement a comprehensive cybersecurity program. The requirements of such program are set forth in the Act and include training employees in cybersecurity practices, selecting vendors who are obligated under contract to meet cybersecurity standards, and implementing various technical and physical safeguards. The Act’s definition of “private information” includes biometric information such as fingerprints and retina images, as well as a username or email addresses in combination with a password or security question and answer. The Act expands the definition of “security breach” to include unauthorized access of private information, in addition to unauthorized acquisition of private information. The law also requires a credit reporting agency that suffers a breach of Social Security numbers to offer consumers identity theft prevention and mitigation services. Click here to read the Act.

If you have any questions or need assistance on any point raised in this Compliance News Flash please contact:


Montserrat C. Miller
Partner, Atlanta Office


Erin E. Doyle
Associate, Atlanta Office


The information presented provides a general summary and/or recent legal and regulatory developments. It is not intended to be, and should not be relied upon as legal advice.
 ©2020. Arnall Golden Gregory LLP. All Rights Reserved. Atlanta | Washington DC

Manage your Subscription  | Forward to a Friend  | Unsubscribe