The First Three of Compliance

My small business clients give me skeptical looks.  I imagine that they are thinking “do I really need to worry about that?” or “my people will never sue me, they love me.” I love these looks because they show that my clients are balancing risk. They are weighing whether they need to worry about compliance (i.e. spend money on an attorney) against whether their failure to be 100 percent compliant will ever rear its ugly (and expensive) head.  I knock on wood with them that the ugly head will remain hidden while preparing for the worst.

No one likes to prepare for the worst, but often we have to.  For employers, the worst includes a lawsuit brought by an employee or an investigation by a government agency. Preparing for the worst includes spending just enough to be compliant and protect the business and its number one asset, employees.  So, for even modest resources, employers need to start somewhere to protect themselves.  Here’s what to start with:

  1. An employee handbook. Every employment lawyer will tell you that the employee handbook is one of the most important documents in any employment or labor law dispute. It is always an exhibit to a deposition. Besides its litigation importance, the handbook contains the most important policy that every employer must have – the harassment policy.   The handbook also describes the work culture both good and bad and sets employee expectations. It is an essential document no matter what type of business you’re in.
  1. Manager training. As I’ve said before, managers need to know enough. They need to know what their role is, what their responsibilities are, what’s in the handbook, and when they need help.  For the smallest companies (under 10 employees), this training doesn’t need to take more than two hours, but it should happen.  There are too many new laws (even the “blacklisting” kind) that could stop a small business from doing business if managers don’t know what they are doing.
  1. Performance management. I know, performance management is a huge topic.  At its core, performance management is simply setting expectations and holding employees accountable.  Large organizations spend millions on fancy apps and software, develop multi-step processes to bring automation and consistency to setting expectations.  Small businesses don’t need to do all that.  When you’re small, you can be more informal.  Set expectations, communicate those expectations, and measure employees against them.  Eventually, you may need to terminate someone for poor performance and if you haven’t set and communicated expectations, you expose your business to more scrutiny, including the lawsuit kind.

Of course, employers need to worry about I-9s, personnel files, proper classification of employees, sick leave requirements, and many, many other things.  But if we have to start somewhere, these three can protect an employer from many risks.  As business takes off, we can dig into all of those other areas.

By the way, my response to the looks is to be as straightforward as I can.  “I’ll help you worry a bit less,” and “Of course they love you, but everyone hires someone who could sue them eventually.”  I promise.

Image from Cindy Tang available at

A Shaky Relationship: FCRA & Data Analytics

This past weekend, the New York State Bar Association has asked me to speak about data analytics in human resources at their fall conference.  This is one of my favorite topics, particular since data analytics have a huge impact on HR now and will to continue to in the future. This post and many others in the future will cover data analytics, its impact on HR, and how compliance can get tricky with the technology.

Big data, data analytics, HR analytics, people analytics, talent analytics – no matter what you call it – is changing how HR operates.  Vendors, like Gild, Pocket Recruiter, HireVue, and many, many others, offer algorithm-based technology to make traditional HR pain points as simple as a few clicks.  In the few clicks and the algorithm itself lies the potential for violations of various employment and labor laws.

Let’s start with the Fair Credit Reporting Act.  FCRA governs consumer reporting agencies in how they gather and report on particular individuals, including job applicants, even when these consumer reporting agencies are collecting public information.  In the employment context, these reports include criminal background checks, credit checks, and even social media searches when the reports are compiled by third parties and provided to employers.

In order to gather the information and get authorization from a job candidate, employers must follow strict disclosure requirements, give candidates notice that a report will be generated, and provide avenues for candidates to dispute information they believe is inaccurate.  Simply put, it can be incredibly easy to run afoul of FCRA.

One data analytics vendor, Joberate, has created an algorithm that takes publicly available data, like social media usage, and allows recruiters to determine whether a particular candidate could be interested in a new job.  Joberate generates a J-Score that can tell a recruiter whether an individual is in engaged in job-seeking behavior – the more job-seeking behavior, the more likely the individual would be interested in speaking with the recruiter.  By knowing individual J-Scores, recruiters aren’t wasting their time contacting passive candidates who aren’t really candidates at all.  They can be focused only on individuals who are ready to make a career change.

So what does FCRA have to do with this?  Potentially, a lot.  When a third party does any kind of search that includes information that may “serve as a factor in determining a person’s eligibility for employment” and gives that information to an employer, the Federal Trade Commission takes note.  Whether an individual is truly engaging in job seeking behavior may be considered a factor on whether a recruiter reaches out to that particular candidate and whether the individual is considered a candidate for employment.  So does an employer violate FCRA by using Joberate?

Loving Your Managers Means Training Your Managers

Last week, I had the privilege of presenting to two different groups on two very different topics.  The first was for the Marsh & McLennan Agency on the Bermuda Triangle of employment law – FMLA, ADA, workers’ compensation, and other leave issues.  The second was at MRA’s Minnesota HR Conference on investigations into sexual harassment and workplace bullying.  Both groups had great questions and were super fun.  Yet, even though the topics were different, one issue cropped up in both – manager training.

Manager training is crucial.  Managers are on the front line of production, products, marketing, and many other business aspects of any organization.  They are also on the front line of employment law issues.  For example, a manager who denies an employee’s request to alter her shift due to insomnia issues could be launching an employer headfirst into an ADA claim.  Or, a manager to engages in sexual banter with employees could create strict liability for a sexual harassment claim.  These exemplify why this training is downright essential.

Yet, it is hard to get managers together to learn about compliance issues.  First, they’re busy people.  Second, it’s compliance.  And, even when you do get them together and try to (gently) beat these issues into them, more often than not, they may forget or cannot recall the ins-and-outs of FMLA leave or the intricacies of your benefit plan.  This isn’t because managers don’t want to remember all of this information – it would just be impossible to do so.  They’re human.

Instead of rote memorization, managers need to know enough – enough to know when they need step into a situation and enough to know who to talk to.  This is all.

So how do you get to enough?  In my humble opinion, it takes real world examples and lots of time for questions.  With simulations and questions, managers get some experimental learning so they can identify when they need help.  It’s kinda like giving managers spidey sense.  As soon as they see, hear, or otherwise learn about a situation, we want manager’s spidey sense to go off and know what to do and who to talk to.  Good training can do this.

Here are the key ingredients for an effective manager training:

  • Managers need to understand their roles and responsibilities to prevent and stop inappropriate behavior (even if that behavior wouldn’t technically be unlawful).
  • Managers need to know enough about compensation, benefits, and other privileges employees may have (think leave and reasonable accommodations) to answer basic questions.
  • Managers need to know how to explain performance and conduct expectations and how to seek improvement of both.
  • Managers need to know who to talk to when issues arise and who to send employees to when they have questions the manager can’t answer.

Managing is really hard.  Employers succeed when they recognize this and equip managers with the training and development they need.

Photo credit: Helloquence available at 

HR Technology: A Pledge

It’s no secret I love technology.  I order Apple products at midnight, I try all sorts of widgets and gizmos, and I regularly speak on the impact of technology in the workplace.  Technology can do some amazing things.

What technology brings to the workplace is both awesome and downright creepy.  Employers can have employees turn in DNA samples to get a customized wellness program, seize the power of analytics to source candidates over the interwebs, and monitor employee engagement through badging technology.  All of these uses come with a proven and legitimate return on investment for an employer.  However, for each HR department who purchases this technology, an employment attorney loses an hour of sleep.

For example, the DNA-testing wellness program described above saved one employer over $1,400 per employee.  That’s nothing to shake a stick at.  Yet, the program screams Genetic Information Nondiscrimination Act violation.  Under GINA, employers are prohibited from requesting genetic information from employees and their families. So if an employer requests a DNA sample in hopes that eventually health care costs go down, does the employer violate GINA?  In pure lawyer-speak, it depends.  Is the wellness program truly voluntary under EEOC regulations?  Can the third-party wellness vendor make the request and keep the genetic and other health information from the employer?  Can the employer reap the benefits without getting any health information from the employee?  If the answers to these questions are yes, we may be able to implement the program in a GINA-compliant way – reap the benefits and minimize risk.

Analytics provide another great example.  Xerox reduced customer service representative attrition by 2o percent by using analytics!  That’s so cool.  But analytics can be inherently discriminatory.  An algorithm discriminated against minority beauty pageant contestants.  The bot Microsoft tested on Twitter turned into a Nazi in less than 24 hours.  What does this mean when we turn these technologies loose in HR?  Will we able to avoid discrimination and potential biases?  Will the correlations analytics find be job-related and business necessity or will other factors and doctrines apply?  Will we have the records available to protect an employer?  These are considerations every HR department should think about before finding a big data solution because these risks are real, and the EEOC is paying attention.

As both an employment attorney and a technology aficionado, I get the conundrum that employers face.  You want the benefits, not the risk.  If you don’t adopt the technology, you may not be as competitive because your competitors are using this tech.  The cost-benefit analysis may favor the purchase and the results, but before you make the purchase, are there ways to make the tech just a bit safer, reduce the risk even a little?  I think so.

So here’s my pledge:

I solemnly pledge I will never say no to implementing new technology, strategy, policy, or process with a legitimate return on investment.  What I will say (and do) is help your organization put a metaphorical seat belt or airbag on the new stuff to better protect the organization should questions (and litigation) arise later.  A safer policy, piece of technology, or process is a better one.

If an employer had zero risk, it would have zero employees.  When employers implement new technology, they take on even more risk.  Let’s talk about minimizing that risk.