The wait is over!  U.S. Citizenship and Immigration Services (USCIS) has issued an updated M-274, Handbook for Employers which provides guidance on completion of the Form I-9 and an overview of unlawful discrimination and penalties related to completion of the Form I-9.

New sections include guidance on (i) automatic extensions of employment authorization documents (EAD) in certain circumstances (page 13); (ii) failure of an employee to present acceptable documents (page 26); and (iii) correcting the Form I-9 (page 29).

Click here to view the updated M-274, Handbook for Employers.  Remember — all employers must be using the updated version of the Form I-9 as of January 22, 2017.  The form is available on USCIS’s website.

I would like to congratulate a partner and colleague at my firm — Tom Pahl — who although he is leaving us, is leaving for a very good reason.  Federal Trade Commission (FTC) Acting Chairman Maureen Ohlhausen announced this week that she has appointed Tom Pahl, a partner at the Washington, D.C. law firm of Arnall Golden Gregory LLP, to be the Acting Director of the FTC’s Bureau of Consumer Protection.  This is a big deal!!  Tom replaces Jessica Rich who is leaving the FTC later this month.

To read the FTC’s press release click here.  To read more about Tom’s appointment click here, and here, and here.

Congratulations Tom!

Additional Executive Orders (“EO”) are apparently circulating among administration officials, including more related to immigration and one specifically related to business immigration. It is unclear when or exactly what President Trump will sign but one such draft order is entitled “Executive Order—Protecting American Jobs and Workers by Strengthening the Integrity of Foreign Worker Visa Programs.” The scope of this EO, as presently drafted, will affect foreign worker visa programs (e.g., workers in E, H-1B, H-2A and L status).  It also affects the J-1 exchange visitor program and student visa reform, and orders L-1 site visits.  These are just some highlights of what such this EO could cover.

The focus of this particular EO is to prioritize “the protection of American workers…and the jobs they hold.” The EO requires the Security of Homeland Security to, within 90 days, review all regulations that allow foreign nationals to work in the United States to determine if they are in the national interest or should be rescinded.

Of greatest interest for purposes of this blog is what it says about E-Verify – “within 90 days of the date of this order, submit to the President a list of options for incentivizing and expanding participation by employers in E-Verify, including by conditioning, to the maximum extent allowed by law, certain immigration-related benefits on participation in E-Verify.” Could this mean something akin to the situation where in order for an employee to apply for an extension of their work authorization under STEM OPT their employer must participate in E-Verify?

This E-Verify mandate is in line with then presidential candidate Trump’s “10 Point Plan to Put America First.”  Point #9 was, “Turn off the jobs and benefits magnet. Many immigrants come to the U.S. illegally in search of jobs, even though federal law prohibits the employment of illegal immigrants.”  For this point to be fulfilled, President Trump is pushing for an expansion of the E-Verify program.  Which, by the way, an expansion of E-Verify to make it mandatory is not necessarily a controversial item on Capitol Hill.  I expect that legislation will be taken up this year on Capitol Hill making E-Verify mandatory for all employers in the United States.

Know Before You Hire: 2017 Employment Screening Trends is the title of a good article by Roy Maurer at SHRM.  Roy interviews multiple industry experts, including myself, asking for their opinions on what is trending in employment background screening.  Some of the trends you will read about include the increase in Ban the Box measures affecting employers, background screening of contingent workers, as well as the use of social media in the hiring process. To read the entire article click here.

Annually my law firm publishes a checklist of legal issues we believe will be relevant in 2017.  To view the list click here.

In no particular order of importance this year’s list includes the following, with brief write-ups by AGG lawyers:

  1. Wage and Hour
  2. Non-GAAP Financial Measures
  3. Ban the Box
  4. EU-U.S. Privacy Shield
  5. Immigration Compliance – Form I-9 and E-Verify
  6. Robust Compliance Programs
  7. Blockchain and Digital Transactions
  8. Cyber Security and M&A Transactions
  9. Online Advertising Practices
  10. Wellness Programs
  11. Tax Reform
  12. The Consumer Financial Protection Bureau
  13. E-Discovery and Defense Costs

Please join me and my colleague, Teri Simmons, for a free webinar on January 24th at noon EST during which time we’ll discuss immigration compliance issues relevant to employers.  We’ll also cover what organizations can expect in 2017 under the new Administration.

Teri and I will cover topics related to the Employment Eligibility Verification form (the “Form I-9”), E-Verify, government investigations and penalties related to the Form I-9, and on-site audits when petitioning for H and L nonimmigrant status.  Click here to register and learn more about the topics we’ll address.

The webinar is pending CLE credit approval by the State Bar of Georgia.

 

The U.S. and Swiss governments have finalized a Privacy Shield agreement to allow the cross-border transfer of personal data from Switzerland to the United States.

First, let’s jump in our proverbial time machine and go back in time.  Prior to the EU – U.S. Privacy Shield framework hammered out post-implosion of the EU – U.S. Safe Harbor framework due to the European Court of Justice’s decision in Schrems in 2015 (read about that here), we had both a Safe Harbor framework for the cross-border transfer of personal data for the European Union at large to the United States, and separately for transfers from Switzerland to the United States.  Enter the EU – U.S. Privacy Shield agreement finalized last year, which addressed transfers of personal data from the European Union to the United States, but not Switzerland.  In fact, it wasn’t entirely clear what the Schrems decision meant for the Swiss – U.S. Safe Harbor agreement since the Swiss seemed to be saying that it too was no longer relevant post-Schrems but yet the U.S. Department of Commerce said they would continue to administer the program.  And now, let’s return to the present.

There is a new Swiss – U.S. Privacy Shield framework which can serve as a mechanism to lawfully transfer personal data from Switzerland to the United States. Companies can begin self-certification under this program on April 12, 2017. This new framework will replace the Swiss – U.S. Safe Harbor framework.  Here is what the Swiss are saying, “At its meeting today, the Federal Council took note that a new framework, Privacy Shield, has been established for the transfer of personal data from Switzerland to the USA. Privacy Shield replaces the Safe Harbor Agreement between Switzerland and the USA, which the FDPIC had declared inadequate and which the Federal Council has now formally terminated. The FDPIC welcomes the introduction of the new framework.”  Read more of this press release from the Swiss Federal Data Protection and Information Commissioner (FDPIC) by clicking here. To read the press release issued by the U.S. International Trade Administration, click here.

Happy New Year!

The (some would say unexpected) results of the presidential campaign have led us down a path where president-elect Trump will be sworn in January 20, 2017.  While the dust is still settling, and will continue to settle over the coming weeks and months, employers should prepare for the potential impact this Administration could have on immigration compliance.  What do I mean by immigration compliance?  I’m talking the new Employment Eligibility Verification form (the “Form I-9”), mandatory E-Verify, and increased government investigations. While today’s hype may be about border security, vetting of refugees, and deporting criminal aliens, I believe immigration compliance is an area that will take on greater importance under this Administration.  I’m doing two (because it’s that important) free webinars with colleagues on this topic and I hope you will join us.

The first one–Understanding the New Form I-9 and the Election’s Potential Impact on Immigration Reform–is sponsored by Equifax Workforce Solutions on January 19, 2017 at noon EST.

Click here to register.

I’ll post information on the second webinar, which will be hosted by my firm on January 24, 2017, at a later date.

Los Angeles is the latest major city to pass a Ban the Box measure (Ordinance 184652) applicable to private employers. It will become effective January 22, 2017 and will be enforced beginning in July 2017. Other major cities with Ban the Box laws include:

And don’t forget that eight states have Ban the Box measures on their books which are applicable to private employers — HI, IL, MA, MN, NJ, OR, RI, VT.

What is Ban the Box?  In its most basic form it means that an employer cannot ask on the job application about criminal history (i.e., arrests or convictions).  Generally, an employer must wait until a conditional offer of employment has been extended to inquire about criminal history and conduct a background check.  Ban the Box moves the criminal history inquiry until later in the process to afford ex-offenders the opportunity to be judged on their merit and not their past. At least in theory that’s what is supposed to happen as a result of Ban the Box measures, which are often referred to as fair hiring policies.

But, nothing in life is simple. Often, Ban the Box measures go beyond simply requiring employers remove the criminal history question from the job application and they include additional requirements, such as requiring:

  • Employers conduct an individualized assessment if criminal history is discovered during an background check (e.g., Austin, San Francisco, Los Angeles).
  • Employers advise the applicant the reason for their decision to not hire if it includes criminal history information (e.g., Chicago, Portland, San Francisco, Seattle, Washington, DC).
  • Employers provide a specific amount of time to allow the applicant to review and respond to criminal history information discovered as a result of a background check (e.g., Philadelphia, San Francisco).
  • Employers provide disclosures about the law (e.g., Philadelphia, San Francisco, Washington, DC).
  • Employers cannot have restrictive language in their advertisements (e.g., Seattle).
  • Important Although above bullet points cover some of the key requirements, they are not exhaustive as Ban the Box measures are similar but not identical.
  • And, and, and (yes, I meant three and’s), don’t forget that as a private employer you must also comply with the federal Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.) if you receiving background check reports from a third-party background screening company.

For employers in a jurisdiction that has a Ban the Box law it’s important to understand what your obligations are. A comprehensive background screening policy will assist any employer seeking  compliance with federal and state law.  If that is on your “to do” list for 2017, we can assist in developing policies and procedures.

Companies that transfer personal data from the European Union (“EU”) to the United States should be working toward their compliance with the EU’s General Data Protection Regulation (“GDPR”) (Regulation (EU) 2016/679) which will go into effect May 2018.  Oh, but how silly, that’s, like, over a year away!  Why should you care?  If you transfer personal data from the EU to the US there’s a lot to know about the GDPR and it takes time.  I’m going to focus on the Data Protection Officer (“DPO”) requirement today.

Organizations that process personal data related to EU nationals may be either a “controller” or “processor,” or both.  Let’s say you are a background screening company and you’ve been hired to conduct a background investigation or check on an individual who lives, or previously lived and worked, in the EU. You’ll very likely need to transfer data to the United States from the EU and the bottom line is that whenever an organization transfers personal data related to EU nationals to the United States, you need to consider the GDPR in order to ensure compliance.  You also need to consider whether you have a legitimate cross-border onward mechanism, but that’s for another blog posting.

Let’s talk about the DPO.  Article 37(1) of the GDPR requires the designation of a DPO by a controller or processor (i) where the processing is carried out by a public authority or body; (ii) where the core activities of the controller or the processor consist of processing operations that require regular and systematic monitoring of data subjects on a large scale; or (iii) where the core activities of the controller or the processor consist of processing on a large scale of special categories of data (as defined in Article 9) and (or) personal data relating to criminal convictions and offenses (as described in Article 10).

Special categories of data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data and information related to a person’s sex life or sexual orientation.

The DPO can be an internal employee or can be hired as an outside consultant, if you will.  The role and tasks of the DPO are described in Articles 38 and 39 of the GDPR.

And, in case you are wondering the cost of non-compliance?  It’s steep.  A violation of the obligation of a controller or processor related to the designation of a DPO can subject a company to administrative fines of up to 10 million Euros or up to 2% of the “total worldwide annual turnover of the preceding financial year.” (Article 83(4)(a)).

For recent guidelines from the Article 29 Data Protection Working Party on the role of the DPO, click here.

So, if you find your company in this situation and are doing a Google search of GDPR at this time, the privacy team here at AGG can help.  Just shoot me an email at montserrat.miller@agg.com.