By Tammy Gallinger
In addition to the constant research employers must to do to remain competitive in their industry, employers must also remember to keep an ear to the ground for the constant changes and amendments to state and municipal laws that might go otherwise unnoticed. Two laws have recently been passed affecting employers in the Virginia and D.C. area, described below. If you think your organization could use a tune up or if you think you might may be out of compliance, contact us today to find out how we can help you.
New Data Breach Notification Requirements for Employers and Payroll Service Providers
Currently, individuals or entities that own, maintain or possess personal information of Virginia residents, and who have a reasonable belief that such personal information has been compromised through access or acquisition by an unauthorized individual or entity, must report the breach to the Office of the Virginia Attorney General. Notification must also be provided to each affected Virginia resident.
Effective July 1, 2017, any employer or payroll service provider that owns or licenses computerized data relating to income tax withheld under Virginia state law, must notify the Office of the Attorney General after the discovery or notification of unauthorized access and acquisition of unencrypted and un-redacted computerized data containing taxpayer identification number(s) and income tax withheld for that taxpayer that:
- Compromises the confidentiality of the data
- Creates a reasonable belief that an unencrypted, un-redacted version of such information was accessed and acquired by an unauthorized person or entity
- Causes (or the employer/provider reasonably believes has caused or will cause) identity theft or other fraud
Affected employers or payroll service providers must provide the Office of the Attorney General with the name and federal employer identification number of the affected employer.
With respect to employers, this provision regarding income tax data applies only to information regarding the employer’s employees, and not the employer’s customers or other non-employees.
Employers in the District of Columbia Be Aware – Fair Credit in Employment Amendment Act
On February 15, 2017, D.C. Mayor Muriel Browser signed into effect B21-0244, “The Fair Credit in Employment Amendment Act of 2016” which amends the D.C. Human Rights Act of 1977.
Employers, including employment agencies and labor organizations, are prohibited from taking discriminatory action against prospective and current employees based on their credit information. Specifically, employers are prohibited from directly or indirectly requiring, requesting, suggesting or causing any employee to submit credit information and from using, accepting, referring to or inquiring into credit information except where the particular position is exempt from the law’s explicit prohibitions.
Employers are permitted, in certain, limited circumstances to make an inquiry into an applicant’s or employee’s credit history if the position in question falls under one of the following exemptions:
- The employer is required by D.C. law to require, request or cause the employee to submit credit information, or use, accept, refer to or inquire into an employee’s credit information;
- The employee is applying for a position as or is employed as a police officer, as a special police office or campus police officer, or in a position with a law enforcement function
- For employees within the Office of the Chief Financial Officer of D.C.
- The employee is required to possess a security clearance under D.C. law
- Financial institutions where the position involves access to personal financial information
- An employer requests or receives credit information by virtue of a lawful subpoena, court order or law enforcement investigation
Impact to Employers
Employers found to have violated the law may be subject to fines ranging from $1,000-$5,000. More significantly, individuals will also have a private right of action to file a lawsuit for violations of the Act.
What to Do Now
D.C. employers should review their recruitment and hiring practices to ensure compliance with the new requirements, including that their employment practices do not directly or indirectly request credit information unless an exemption is met, as described above. For employers who seek credit information for positions that fall into one of the exemptions, will also want to review the new requirements for compliance and additional guidance around the process. Review current employment applications and other employment-related documentation to ensure that there are no references to the procurement or use of credit information.