A compilation of time-sensitive and trending legal and regulatory issues that general counsels and business leaders should be aware of in 2015.
Employers Should be Aware of Multigenerational Workforce Risk
For the first time, four different generations of employees are working side by side at work. Commentators are quick to note the different characteristics among these generations of workers, such as their expectations regarding career path, their desire for flexible work schedules and locations, their comfort with emerging technologies, their preferred means of communication, and other issues. These differences are not only managerial challenges, but legal risks that can include claims of age discrimination, wage and hour issues associated with “after-hours” use of technology, and the improper use of social media. Employers should be vigilant in protecting their confidential information and customer relationships given the increasing mobility that characterizes a Generation X and Millennial workforce. More than ever, employers should examine their policies and procedures and train their managers to avoid risks associated with the unique dynamics of a multigenerational workforce.
Protecting Privacy a Challenge When Using Cloud Computing Technology
Regardless of the cloud service model—Infrastructure as a Service (“IaaS”), which provides access to servers and network capacity and other resources; Software as a Service (“SaaS”) which provides access to remotely deployed published software; or Platform as a Service (“PaaS”) which provides access to software that is customizable, enterprises are quickly adopting cloud services solutions. But while there are plenty of benefits to using cloud services for customer and company data, there are also privacy and data security risks. You need to make sure your cloud vendor understands the particular privacy rules that apply to your industry, such as HIPAA or the Payment Card Industry Data Security Standards (PCI DSS). You also need to make sure you have the proper indemnity and other risk management clauses in your agreements to minimize potential liability.
Point-of-Sale Transactions Not So Simple Anymore
The payments industry is dynamic. But, historically, much of the innovation within the industry has taken place “behind the scenes.” Upcoming changes at the point of sale, however, will fundamentally alter the way merchants interact with consumers, with significant impacts to the retail, hospitality, and e-commerce sectors. Additionally, regulatory and industry changes with alter how risk is disbursed long after the transaction concludes. Companies must address these changes, including significant revisions to data security standards (PCI DSS); the implementation of chip and pin (EMV) technology and the risks to merchants who fail to adopt EMV capabilities; and how pending litigation may alter merchants’ ability to steer consumers to alternative payment methods.
Employers Should Review Policies, Processes in Light of Immigration Changes
Executive action on immigration has made headlines. Obama’s decision to prioritize enforcement by granting deferred action (and employment authorization) to several million of the estimated 11 million plus undocumented immigrants has sparked debate. Many industries – ranging from high tech to agriculture and construction – will benefit from the increased pool of available workers. But the current legal focus on the authority of the executive branch to prioritize immigration enforcement may affect many more businesses. Would an end to “executive action” in immigration enforcement mean more I-9 audits? Would ICE conduct more worksite raids? Would employers be subject to more fines, including for paperwork violations? (One company had no unauthorized workers and had completed I-9s for every worker, but was still fined in excess of $227,000 for technical I-9 violations.) With such a high level of interest in immigration matters, this is a great time for employers to review compliance policies and practices. Consider an internal I-9 audit and policy changes as necessary.
Properly Managing Personally Identifiable Information (PII) Critical in Avoiding Problems
Every business collects, stores, uses and sometimes even disseminates personally identifiable information (PII). PII may be about your consumer customers; about executives of your business customers; about executives at key vendors or business partners; and certainly, the PII will be about your employees. Do you know how much PII you can collect? What kind of PII? How long you can keep this PII? How you can use this PII? And, of course, who can see it? AGG utilizes a one day diagnostic privacy check to protect clients against business privacy risk.
Companies Struggle to Balance Regulatory Compliance with Growth and Profitability
Two recent surveys of corporate counsel around the globe show heightened concern about regulatory and investigative matters. As indicated In a survey from a large legal services provider, among companies with revenues of at least $1 billion, more than half reported having at least one regulatory procedure pending against them. U.S. companies also lead in regulatory proceedings commenced against other companies. Respondents said they expect the legal complications to increase as more opportunities are pursued in a variety of jurisdictions, each with different rules. Additionally, in the recent 2015 Corporate General Counsel Survey by Grant Thornton, almost two in five believe the current regulatory environment has diverted resources from the company’s core competencies and one in five indicated that the current regulatory environment decreased profits or impeded growth. The most frequent changes indicated to manage their regulatory risk are: strengthening policies and procedures, increasing education and training, engaging outside consultants/advisors and adding internal compliance personnel.