Quick Hits

• California and New York are implementing stringent measures to curb “stay or pay” contracts.
• A Florida appellate court ruled the state’s open carry ban unconstitutional, allowing open carry throughout the state.
• Maryland issued final regulations for its mini-WARN Act, which includes provisions for remote employees.
• New pay transparency laws in New Jersey, California, Delaware, and Washington require employers to disclose pay and benefits information in job postings, with violations resulting in warnings and civil penalties.

Stay-or-Pay Contracts in Flux

Significant changes in employment law are on the horizon, particularly concerning “stay or pay” contracts, and retailers must stay alert. These agreements require employees to reimburse their employers for benefits like sign-on bonuses or educational and training expenses if they leave the job within a specified period. Such contracts are increasingly facing scrutiny.

Spearheading this movement are California and New York, which have introduced stringent measures to curb the use of such contracts. California’s newly enacted law (Assembly Bill 692), effective January 1, 2026, is one of the strictest bans on employment-related debt, aiming to prevent employers from using repayment agreements that can deter workers from changing jobs. New York has also proposed a similar law (Bill A564C), which is currently awaiting the governor’s signature. These state-level initiatives emerge as federal regulators, including the Federal Trade Commission and National Labor Relations Board, have retreated from efforts to regulate these contracts nationwide under the new administration.

What implications does this hold for retailers? Many retailers depend on high‑volume hiring and frequently use sign‑on bonuses, onboarding training, and certification programs to prepare associates for the floor. Repayment provisions that once helped to reduce early attrition may be restricted or even unenforceable in key markets. 

Florida’s New Open Carry Law

On September 10, 2025, a Florida appellate court ruled that the state’s open carry ban is unconstitutional. This ban made it unlawful for individuals to openly carry firearms or electric weapons, with some limited exceptions. The recent ruling effectively allows open carry throughout Florida, even though it technically only applies to the counties within the First District Court of Appeals. Following the ruling, the Florida Attorney General advised that open carry should be considered lawful statewide, and the Florida Sheriffs Association instructed deputies not to enforce the prior ban, except in specific prohibited areas such as government buildings, schools, and places where conduct is inconsistent with permitted open carry.

This decision does not prevent private employers from prohibiting open carry in the workplace, nor does it change existing laws that permit employees to store secured firearms in their vehicles. Retailers can still control the presence of weapons in the workplace and prohibit weapons on their properties, with violations potentially resulting in charges of armed trespass. However, the decision may complicate the enforcement of these policies due to increased media attention, political contention, potential reluctance from front-line employees, and public pressure through social media.

In response, retailers should consider several strategic actions when implementing or reaffirming policies related to firearms. These include clearly notifying employees and the public about the policies, particularly any prohibitions on carrying firearms, and ensuring these notifications are prominently displayed. It is also important to outline expectations and provide comprehensive training to employees, especially those on the front lines, to help them understand how to enforce these policies safely and effectively.

Maryland Enacts New Mini-WARN Act

Maryland recently issued final regulations for its mini-WARN Act, which requires employers with at least fifty employees provide sixty days’ written notice before making significant reductions in operations. These reductions are defined as either relocating a part of the operation or shutting down part of a workplace that affects at least 25 percent of the workforce or fifteen employees, whichever is greater.

Initially, the notice provisions were voluntary, but they became mandatory in 2020, with enforcement delayed until the final regulations were issued. These regulations, now in effect, closely align with federal WARN Act requirements and include specific provisions for remote and telework employees. However, unlike the federal WARN Act, Maryland does not recognize an exception for unforeseeable business circumstances.

Employers must notify all affected employees, unions, the State Dislocated Worker Unit, and the chief elected official of the political subdivision where the workplace is located, with penalties for non-compliance. Before any reduction in force, retailers operating in Maryland should consult with legal counsel to determine whether they meet the necessary thresholds, including considerations for remote employees assigned to Maryland locations.

EEOC Is Back in Business

With the U.S. Equal Employment Opportunity Commission’s (EEOC) quorum restored, employers can expect more high-profile investigations, broad data requests, and litigation targeting hiring, promotion, compensation, diversity, equity, and inclusion (DEI) programming, and accommodations.

Recent developments at the EEOC, aligned with the administration’s policy priorities, suggest an acceleration of cases targeting DEI programs focused on race and sex, along with a renewed prioritization of religious rights in the workplace. While commissioner charges (including leaked charges) increased during the period when the EEOC lacked a quorum and could not officially act, employers can anticipate an uptick in high-profile investigations, public prelitigation demands with broad data requests, and systemic lawsuits.

On November 6, 2025, President Donald Trump named Andrea R. Lucas as chair of the EEOC. The next day, the U.S. Senate confirmed Brittany Bull Panuccio as commissioner of the EEOC, restoring a quorum of three commissioners.

As the newly configured EEOC advances the president’s America First agenda, employers may want to reevaluate their DEI programming to ensure that initiatives are grounded in individualized, job-related criteria. Employers should consider reviewing their policies that address gender identity, access to facilities, and pronoun usage to ensure compliance with current federal, state, and local law. Furthermore, employers may want to reassess selection procedures, testing methods, and artificial intelligence tools for validation and defensibility, as well as audit accommodation and leave policies in alignment with potential revisions to the Pregnant Workers Fairness Act.

Employers may also want to prepare for increased attention to claims alleging religious discrimination, majority discrimination, or national origin discrimination and ensure that documentation and training support nondiscriminatory decision-making.

A Flurry of New Pay Transparency Laws

Employers looking to hire workers in New Jersey will need to comply with the state’s new pay transparency requirements. The New Jersey Department of Labor and Workforce Development issued proposed regulations under the New Jersey pay transparency law on September 15, 2025, which provide some (though not complete) clarity about the law’s pay and benefit disclosure requirements. The law, which went into effect on June 1, 2025, has two broad requirements (along with several exceptions): (1) an employer must disclose pay and benefits information in postings for “new jobs and transfer opportunities,” and (2) an employer must give notice of “promotional opportunities” to current employees in the affected department.

In October, California’s governor signed legislation (Senate Bill 642) that sets the statute of limitations for civil actions alleging violations of the state’s pay transparency requirements at three years, with a six-year “look-back” period to obtain relief for existing violations. In addition, the new law defines the “pay scale” that employers must disclose in job postings as a “good faith estimate” and expands the definition of “wages” to include all forms of compensation, including stocks and stock options.

On September 26, 2025, Delaware’s governor signed into law legislation (House Substitute No. 2 for House Bill No. 105) requiring employers in Delaware to include wage or salary ranges and information on benefits offered in job postings, making it the latest state to enact a pay transparency law. Employers found to have violated this law will receive a “written warning” for a first offense and could face civil penalties ranging from $500 to $10,000 for each subsequent violation.

The Washington State Supreme Court recently ruled that job applicants can sue for violations of the state’s pay transparency law without needing to prove they applied for the job in good faith or were otherwise “bona fide” applicants. In Branson v. Washington Fine Wine & Spirits, the plaintiffs brought a class action against a retailer that did not disclose pay information in job postings. In a 6-3 majority decision, the state’s high court held that an individual does not have to show that they are a “bona fide” or “good faith” job applicant. Instead, the court found that a job applicant is any individual who “submits a formal application or request for a job,” regardless of the applicant’s subjective intent to obtain employment.

Employers in these states may wish to carefully review their existing and future job postings to ensure compliance with state pay transparency laws.

Staying up to date with evolving employment laws is essential for retailers to ensure compliance. As regulations continue to change—particularly in areas such as “stay-or-pay” contracts, firearm policies, and mini-WARN laws, retailers must remain vigilant and proactive. By understanding and adhering to these legal requirements, retailers can mitigate risks, avoid penalties, and maintain a positive reputation with both employees and customers.

Ogletree Deakins’ Retail Industry Group will continue to monitor developments and will provide updates on the Retail blog as additional information becomes available.

The Ogletree Deakins Client Portal tracks developments and provides real-time updates on pay transparency. Full law summaries are available for Premium-level subscribers. Snapshots and Updates are available for all registered client-users. For more information on the Client Portal or a Client Portal subscription, please reach out to clientportal@ogletree.com.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The EEOC, the DOL, the U.S. Department of Justice’s Civil Rights Division, and the U.S. Department of Homeland Security’s U.S. Citizenship and Immigration Services are coordinating efforts related to national origin discrimination and anti-American bias.
• As part of Project Firewall, the DOL and EEOC plan to share data, align enforcement tools, and facilitate referrals addressing discriminatory hiring and potential H‑1B program abuses.
• Given this coordination, employers may see and potentially should anticipate inquiries or involvement from more than one agency investigating alleged national origin discrimination or anti-American bias.

The new formal partnership builds on the EEOC’s recent technical assistance and educational updates, which emphasize that Title VII of the Civil Rights Act of 1964 protects all workers—including American workers—from national origin discrimination.

That one-page guidance from the EEOC states that potential business rationales, such as labor costs, customer preferences, or stereotypes, do not justify discriminatory practices. Additionally, the EEOC’s one-pager and updated national origin resources flag several high‑risk areas: visa‑status preferences in job ads (e.g., “H‑1B only” or “H‑1B preferred”); disparate treatment in application and promotion processes that make it harder for U.S. workers to advance; and retaliation or harassment tied to national origin. Notably, the EEOC’s recent materials previewed a multiagency enforcement posture—now reinforced by the DOL’s Project Firewall announcement.

Project Firewall operationalizes that multiagency approach by facilitating information sharing “as permitted by law,” clarifying employer obligations, and aligning enforcement pathways so that potential Title VII violations can proceed in tandem with DOL actions addressing H‑1B misuse and related program compliance. The partnership also involves the U.S. Department of Justice’s Civil Rights Division and the U.S. Department of Homeland Security’s U.S. Citizenship and Immigration Services (USCIS), signaling a whole-of-government focus on practices that may prefer foreign workers or visa holders over qualified Americans.

Next Steps

In light of the federal enforcement agency coordination, employers may wish to assess how their recruiting and hiring practices reference or rely on visa status, particularly where postings or screening criteria could be perceived as favoring nonimmigrant visa holders. Employers might also consider reviewing their practices against the themes noted in recent EEOC technical assistance and determining whether conducting attorney-client privileged audits of selection, promotion, and pay practices can help ensure practices are neutral, job-related, and applied consistently. Training appropriate stakeholders on Title VII’s protections as they relate to national origin, as well as creating and maintaining contemporaneous documentation of merit-based and legitimate, nondiscriminatory reasons, can assist in responding to agency questions that may arise.

Ogletree Deakins’ Diversity, Equity, and Inclusion Compliance, Government Contracting and Reporting, Immigration, Pay Equity, and Workforce Analytics and Compliance Practice Groups will continue to monitor developments and will provide updates on the Diversity, Equity, and Inclusion Compliance, Employment Law, Government Contracting and Reporting, Immigration, Pay Equity, and Workforce Analytics and Compliance blogs as additional information becomes available.

This article and more information on how the Trump administration’s actions impact employers can be found on Ogletree Deakins’ Administration Resource Hub.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The European Union’s “Equal Treatment Framework Directive” (Directive 2000/78/EC) also protects employees, who are not themselves disabled, from discrimination by association on grounds of disability, such as parents who care for a child with a disability and are disadvantaged as a result.
• In such cases, employers must provide reasonable accommodation, such as adjustments to working hours or to the workplace, insofar as doing so would not cause a disproportionate burden.

The Case—From Working Time Adjustment to the Referred Question

The CJEU’s judgment (September 11, 2025, Case C‑38/24) arose from a case in Italy. An employee worked shifts as a supervisor in a subway station. At home, she cared for her minor son with a severe disability, who had to attend a treatment program at fixed times in the afternoon. To ensure her child’s treatment, she asked her employer to allow her to work permanently at fixed morning hours and, in addition, to be assigned to a fixed place of work. The employer granted her request for a fixed workplace but refused to limit her working hours permanently to the mornings. The employee considered this discriminatory and sued. After divergent decisions by the Italian labor courts, the Italian Court of Cassation referred a question to the CJEU to resolve a central issue not yet fully addressed in the case law of the European courts: Does an employee without a disability fall under the anti-discrimination protection provided by EU law, when caring for a child with a disability?

The Judgment—Anti-Discrimination Protects the Parents

The CJEU clarified that the prohibition of indirect discrimination on grounds of disability also protects parents who are disadvantaged due to caring for a child with a disability. This is based on Directive 2000/78/EC, which must be interpreted broadly in light of various EU and international instruments, including the EU Charter of Fundamental Rights and the UN Convention on the Rights of Persons with Disabilities. Directive 2000/78/EC establishes a general framework for combating all forms of discrimination in employment and occupation, including on grounds of disability. According to the CJEU, the directive’s practical effectiveness would be undermined if it protected only against direct discrimination of persons with disabilities. Discrimination “by association” against caregiving parents—such as through rigid shift schedules—therefore also falls within the scope of the directive. Only in this way can it be ensured that parents of children with disabilities are treated equally in employment and are not disadvantaged because of their children’s situation.

Is There a Right to Adjusted Working Hours?

The CJEU’s decision does not create a blanket right to the exact working hours requested. That determination must now be made by the Italian courts on the facts of the case. However, the CJEU held that employers are obligated to provide “reasonable accommodation” with respect to the work environment for caregivers of children with disabilities. The CJEU did not exhaustively enumerate what constitutes reasonable accommodation but defined it generally as all adjustments to a person’s work environment that enable full and effective participation in professional life on an equal basis with other workers. Employers are not, however, required to adopt measures that would impose a disproportionate burden. Proportionality must be comprehensively assessed by the employer on a case-by-case basis.

Key Takeaways

The Italian courts must now decide the dispute in line with the CJEU’s guidance. The judgment is also relevant for German labor law, as CJEU rulings are binding. Employers may want to review existing policies governing working conditions for parents of children with disabilities.

The judgment also raises new legal questions, e.g., whether employers already owe similar obligations at the recruitment stage regarding parents of children with disabilities. The CJEU also left unanswered who qualifies as a “caregiver,” and whether, for example, life partners are included. There are strong reasons to favor a broad interpretation that encompasses all family caregivers.

In short, the CJEU remains consistent in strengthening employees’ rights against discrimination and in expanding employers’ duties. Employers that carefully assess how to support employees with disabled family members through adjusted working conditions will reduce legal risk and promote the reconciliation of work and family life.

Ogletree Deakins’ Berlin and Munich offices will continue to monitor developments and will post updates on the Cross-Border and Germany blogs as additional information becomes available.

Lena Beyer is an associate in Ogletree Deakins’ Berlin office.

Teodora E. Ghinoiu, a law clerk in Ogletree Deakins’ Berlin office, contributed to this article.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• On November 18, 2025, the California Court of Appeal affirmed penalties against Anton’s Services for misclassifying workers and failing to comply with prevailing wage and apprenticeship requirements on public works projects.
• The court’s decision highlights the strict enforcement of California’s Prevailing Wage Law, emphasizing the necessity of correct worker classification and adherence to apprenticeship statutes.
• The ruling clarifies that judicial review of administrative wage and penalty assessments is limited to the administrative record and governed by the substantial evidence standard.

Background

The case arose from two public works projects in San Diego County for road improvement and slope restoration. Anton’s Services was retained as a subcontractor on the slope restoration project, and its scope of work included “clearing and grubbing” the slope. The contractor was cited by the Division of Labor Standards Enforcement (DLSE) for misclassifying workers under the “Tree Maintenance” classification rather than the higher-paid “Laborer (Engineering Construction)” classification, failing to pay prevailing wages, and not complying with statutory apprenticeship requirements. The DLSE issued civil wage and penalty assessments for both projects, which the contractor challenged through administrative and judicial proceedings.

Key Holdings

Worker Misclassification and Prevailing Wage Obligations. The court upheld the administrative finding that the contractor misclassified workers on both projects. The work performed—primarily clearing and grubbing as preparatory construction activity—was found to be incidental to construction and thus subject to the “Laborer” classification, not “Tree Maintenance.” The court rejected arguments that certain tree-related work was outside the scope of construction or that a change order altered the classification analysis. The decision emphasizes that work incidental to a public works construction project must be classified and compensated in accordance with the applicable prevailing wage determination, regardless of the contractor’s licensing or invoicing practices.

Penalties and Liquidated Damages. The court affirmed the imposition of penalties under Labor Code section 1775 for failure to pay prevailing wages, finding no evidence of a good-faith mistake or prompt correction by the contractor. The court also upheld the assessment of liquidated damages under section 1742.1, clarifying that wages remain “unpaid” for purposes of liquidated damages until actually paid to workers or deposited with the Department of Industrial Relations, even if funds are withheld by the prime contractor and transmitted to the awarding body. The court declined to create an exception to the statutory scheme based on the withholding of funds under section 1727, emphasizing the Legislature’s clear intent and the plain language of the statutes.

Apprenticeship Requirements. The decision affirms findings that the contractor failed to (a) submit contract award information to an applicable apprenticeship program before commencing work, (b) employ the required ratio of apprentices to journeypersons, and (c) request dispatch of apprentices from appropriate committees. The court rejected arguments that self-training or prior approval excused compliance, and noted the existence of an irrebuttable presumption of knowledge of apprenticeship requirements where the contractor had prior violations or was notified by contract documents. Penalties for “knowing” violations were upheld under Labor Code section 1777.7.

Scope and Standard of Judicial Review. The court reiterated that judicial review of administrative wage and penalty assessments is limited to the administrative record and governed by the substantial evidence standard. Arguments relying on extra-record evidence or unsupported by the record were deemed forfeited.

Key Takeaways

Contractors on California public works projects must ensure proper worker classification and payment of prevailing wages for all work incidental to construction, regardless of how work is described or invoiced.

Strict compliance with apprenticeship requirements—including notice, employment ratios, and dispatch requests—is mandatory, and prior violations or contractual notice may establish knowledge for penalty purposes.

Liquidated damages for unpaid wages will be imposed unless the contractor pays workers or deposits the full assessment with the Department of Industrial Relations within sixty days, regardless of any withholding by the prime contractor.

Judicial review of administrative wage and penalty assessments is highly deferential, limited to the administrative record, and will not consider new evidence or arguments not raised below.

The Anton’s Services decision underscores the importance of diligent compliance with prevailing wage and apprenticeship laws on public works projects and the significant consequences for misclassification and related violations.

Ogletree Deakins’ California offices and Wage and Hour Practice Group will continue to monitor developments and will provide updates on the California, Construction, and Wage and Hour blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• On November 19, 2025, the California Court of Appeal affirmed the dismissal of a PAGA action in Brown v. Dave & Buster’s of California, Inc., holding that a prior settlement barred the plaintiff’s claims under the doctrine of claim preclusion.
• The court found that the settlement in a 2019 action, which covered the same alleged Labor Code violations, constituted a final judgment on the merits and involved the same parties or those in privity.
• The court emphasized that substantial compliance with PAGA’s pre-filing notice requirements is sufficient, and minor technical defects do not defeat claim preclusion.

Background

Lauren Brown, a former employee of Dave & Buster’s of California, Inc., filed a representative PAGA action in June 2019, alleging violations of various Labor Code provisions, including failure to provide meal and rest periods, vacation pay, wage statements, and off-the-clock work. Dave and Buster’s had previously faced multiple PAGA actions from other employees, including an earlier-filed case that ultimately resulted in a global settlement (Andrade v. Dave & Buster’s Management Corp., Inc.) covering the same alleged violations and the same employer entities.

The trial court found Brown’s case to be “substantially identical” to the earlier action and stayed proceedings to avoid conflicting rulings. Following approval of the Andrade settlement, which included a release of claims for all aggrieved employees and covered the same Labor Code violations, Dave and Buster’s moved for judgment on the pleadings, arguing that the settlement barred Brown’s claims under the doctrine of claim preclusion.

Key Holdings

Claim Preclusion Applies to PAGA Claims Released in Prior Settlement. The appellate court affirmed that claim preclusion barred Brown’s PAGA claims. The Andrade settlement constituted a final judgment on the merits, involved the same parties or those in privity, and encompassed the same causes of action. The court emphasized that PAGA’s statutory scheme is designed to promote judicial economy by requiring all claims based on the same alleged violations to be resolved in a single action.

Substantial Compliance With PAGA’s Pre-Filing Notice Requirement. Brown argued that the prior settlement should not bar her claims because the earlier plaintiff (Jessica Andrade) failed to strictly comply with PAGA’s sixty-five-day waiting period for amended claims before filing her operative complaint. The court rejected this argument, finding that Andrade’s notice to the Labor and Workforce Development Agency (LWDA) substantially complied with statutory requirements and fulfilled the purpose of affording the agency an opportunity to investigate.

No Standing for Post-Settlement Violations. The court also rejected Brown’s argument that she had standing to pursue claims for violations occurring after the date of the prior settlement, noting that her employment had ended years before and that PAGA standing does not extend to violations occurring after the plaintiff’s employment.

Judicial Approval and Agency Acceptance. The court observed that the LWDA was notified of the settlement and did not oppose it, and that the trial court’s approval of the settlement was valid and binding. The Supreme Court of California has rejected efforts by subsequent PAGA plaintiffs to object to settlements reached by other aggrieved employees acting on the state’s behalf.

Key Takeaways

PAGA settlements that release claims for all aggrieved employees and are judicially approved will bar subsequent representative actions based on the same alleged Labor Code violations.

Substantial compliance with PAGA’s pre-filing notice requirements is sufficient; minor technical defects, such as filing an amended complaint before the expiration of the sixty-five-day waiting period, do not defeat claim preclusion.

PAGA plaintiffs lack standing to pursue claims for violations occurring after their employment ends or after a prior settlement has been approved.

Judicial review will defer to the administrative record and the terms of the prior settlement, and subsequent plaintiffs cannot relitigate released claims or object to approved settlements.

The Brown decision underscores the importance of comprehensive settlement agreements in PAGA actions and the significant preclusive effect such settlements have on future representative claims arising from the same alleged violations. Employers facing multiple PAGA actions may want to ensure that settlements are properly noticed, encompass all relevant claims, and are judicially approved to achieve finality and avoid duplicative litigation.

Ogletree Deakins’ California offices, California Class Action and PAGA Practice Group, and Wage and Hour Practice Group will continue to monitor developments and will provide updates on the California, Class Action, Hospitality, and Wage and Hour blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Governor Josh Shapiro signed the CROWN Act into law on November 25, 2025, making Pennsylvania the twenty-eighth state to prohibit race-based hair discrimination.
• The final version of the CROWN Act includes provisions to protect employers’ rights to maintain legitimate workplace safety standards.
• The law, effective January 24, 2026, broadens the definition of “race” under the Pennsylvania Human Relations Act to include traits such as hair texture and protective hairstyles.

The milestone follows a previous setback, as an earlier version of the bill stalled in the Pennsylvania Senate at the end of 2024. The final version of the CROWN Act includes specific provisions to protect employers’ rights to maintain legitimate workplace safety standards.

Before the enactment of the CROWN Act, the Pennsylvania Human Relations Commission had already incorporated protections related to the act into its formal guidance. Governor Shapiro noted that in 2022, over 900 complaints of racial discrimination based on hair were filed with the Pennsylvania Human Relations Commission.

The law goes into effect on January 24, 2026.

The CROWN Act broadens the definition of “race” under the Pennsylvania Human Relations Act to include traits historically associated with an individual’s race, such as hair texture and protective hairstyles. As a result, individuals are shielded from discrimination based on natural hairstyles or protective hairstyles commonly linked to their race. The law expressly safeguards a range of protective hairstyles, including locs, braids, twists, coils, Bantu knots, afros, and extensions.

Ogletree Deakins’ Philadelphia office will continue to monitor developments related to Philadelphia’s employment-related laws and will provide updates on the Pennsylvania blog as additional information becomes available.

Follow and Subscribe

LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• In O’Neill v. University of Pennsylvania, the U.S. District Court for the Eastern District of Pennsylvania concluded the university was not liable for the harassment because it did not intend for the harassment to happen.
• The court found the research associate satisfied some of the criteria for a hostile work environment and sexual harassment claim, but failed to prove the university was liable.
• The court relied on a recent ruling in the Sixth Circuit, which held that an employer is not liable for a third party’s harassment of an employee unless it intended to cause or allow the harassment.

Background

In 2022, the female plaintiff began working as a research associate at the University of Pennsylvania’s robotics lab and as a teaching assistant for robotics classes. She alleged a male student harassed and physically intimidated her by blocking her path to her desk, hovering over her desk, demanding answers to questions in assignments, and waiting for her outside the robotics lab. She also claimed he sent her several inappropriate messages, including “I’m going too deep into depression. Please come home and stay with me if you can” and “Love you so much babe . . . come soon,” along with a heart emoji and a kissing face emoji. The plaintiff reported these messages to her supervisor on February 22, 2023.

The university promptly removed the student from the lab and established a safety plan for the plaintiff. This plan allowed the student to use the lab only when the plaintiff’s supervisor was present and prohibited the student from communicating with the plaintiff outside of an academic setting. However, the plaintiff wanted a guarantee that she would not interact with the student and that he would not access to the lab even when she was not working there, according to court documents.

The plaintiff ceased working there after February 22, 2023, but the university continued to provide her with pay and benefits. The university stated it would consider her to have abandoned her job if she did not return to work by March 22, 2023, or formally apply for a leave of absence. The plaintiff filed a complaint with the Philadelphia Commission on Human Relations on May 5, 2023.

She received a preliminary job offer from a technology company, but the company rescinded its offer after checking her references. She had listed the robotics program director on her resume. The program director said he only provided the technology company with information about her degree and claimed he did not know about her formal complaint until later. Subsequently, she amended her complaint to include a retaliation claim. She then sued the university for allowing a sex-based hostile work environment, for constructive discharge, and for retaliation under Title VII of the Civil Rights Act of 1964 and the Philadelphia Fair Practices Ordinance.

The Court’s Ruling

Title VII prohibits workplace harassment based on sex, race, color, religion, and national origin. To establish a harassment claim under Title VII, an employee must demonstrate that the conduct was sufficiently severe or pervasive to create a hostile work environment or that enduring the offensive behavior became a condition of continued employment.

To hold an employer liable for a hostile work environment based on sexual harassment, the court identified the following five criteria that must be met:

• The employee suffered intentional discrimination because of their sex.
• The discrimination was severe or pervasive.
• The discrimination had a detrimental effect on the employee.
• The discrimination would detrimentally affect a reasonable person in similar circumstances.
• There is a legal basis for employer liability.

The university filed a motion for summary judgment, arguing that the student’s behavior was not severe or pervasive. However, the court disagreed, stating, “Physically threatening behavior— especially when coupled with unwanted comments or attention—might tip the scale towards finding harassment to be severe or pervasive when considering the totality of the circumstances.”

The university argued it was not liable for creating a hostile work environment based on a recent ruling from the U.S. Court of Appeals for the Sixth Circuit in Bivens v. Zep Inc., which held that an employer is liable for a third party’s harassment of an employee only when it intends for such harassment to occur. As a result, the district court granted summary judgment in favor of the university, concluding it could not be held liable for harassment by non-employees unless it either “desired” the harassment or was “substantially certain” it would occur.

In contrast, the First, Second, Fourth, Eighth, Ninth, Tenth, and Eleventh Circuit Courts have held employers liable for a third party’s harassment of an employee if the employer “knew or should have known” about the conduct and did not take action to address it. Similarly, guidance from the U.S. Equal Employment Opportunity Commission supports employer liability when they “knew or should have known” about harassment and failed to take corrective action.

Regarding the retaliation claim, the district court found the research associate did not show that the program director knew about her complaint when he spoke to the technology company. Thus, the court dismissed the retaliation claim along with the harassment and hostile work environment claims.

Next Steps

Employers should be aware of the current circuit split regarding employer liability for harassment by nonemployees, such as customers, clients, volunteers, or students. The Sixth Circuit has established a higher standard for proving employer liability by focusing on intent. In contrast, the “knew or should have known” standard used in other circuit courts may be easier for plaintiffs to meet.

It is important for employers to respond promptly and effectively to harassment complaints and to ensure that employees do not face retaliation for making such complaints. Employers should consider reviewing their written policies and training programs to ensure they clearly address harassment and outline an effective complaint procedure. Staying informed about legal developments in this area is important for understanding potential implications, depending on the state and circuit.

Ogletree Deakins will continue to monitor developments and will provide updates on the Employment Law and Pennsylvania blogs as new information becomes available.

Amanda T. Quan is a shareholder in Ogletree Deakins’ Cleveland office.

Lauren C. Tompkins-Payton is a shareholder in Ogletree Deakins’ Cleveland office.

This article was co-authored by Leah J. Shepherd, who is a writer in Ogletree Deakins’ Washington, D.C., office.

Follow and Subscribe

LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The NYDFS recently issued guidance that provides detailed best practices to mitigate risk throughout the TPSP life cycle: due diligence, contracting, ongoing monitoring, and termination.
• The guidance indicates that NYDFS will scrutinize policies and procedures related to TPSPs, especially where covered entities outsource cybersecurity compliance.
• Companies may want to revisit vendor management policies, contracts, and oversight procedures, including with respect to AI platforms.

NYDFS has identified covered entities’ increasing reliance on TPSPs to provide services—including cloud computing, file transfer systems, artificial intelligence (AI), and more—as introducing new cybersecurity risks, prompting NYDFS to clarify covered entities’ obligations under the NYDFS Cybersecurity Regulations. The guidance provides best practices for covered entities throughout the four phases of the TPSP life cycle: (1) Identification, Due Diligence, and Selection; (2) Contracting; (3) Ongoing Monitoring and Oversight; and (4) Termination.

Identification, Due Diligence, and Selection

At the identification, due diligence, and selection stage, NYDFS recommends classifying vendors according to risk profile. A TPSP’s risk profile is based on factors such as access to systems and NPI, data sensitivity, jurisdictional exposure, and how critical the service is to the covered entity’s operations. NYDFS also calls for tailored, risk-based assessments when selecting TPSPs. These assessments may include, among other criteria, a review of a TPSP’s:

• “reputation within the industry, including its cybersecurity history and financial stability”;
• external audits and certifications;
• access controls for both the covered entity’s and its own information systems and NPI;
• incident response and business continuity planning and testing;
• downstream service provider management;
• data handling, including segmentation and encryption; and
• location.

NYDFS recognizes the need for qualified personnel to interpret a TPSP’s responses to questionnaires on a case-by-case basis to make informed decisions, ask follow-up questions as necessary, and determine appropriate mitigation strategies. Where constraints exist when selecting a TPSP due to limited availability, industry concentration, or legacy system dependencies, NYDFS advises making risk-informed decisions, documenting those risks, implementing compensating controls, and regularly monitoring and assessing the selected TPSP.

Contracting

When contracting with TPSPs, NYDFS expects risk-based provisions that are tailored to the service and sensitivity of the systems and data that the TPSP will access. Recommended baseline provisions include access controls (such as multifactor authentication), encryption in transit and at rest, prompt cybersecurity incident notification to the covered entity, warranties of the TPSP’s compliance with applicable law, data location and cross-border transfer restrictions, rights for subcontractors, and data use and exit obligations. Particularly given the rise in the use of AI by vendors, NYDFS also suggests including a clause related to acceptable uses of AI, and whether the covered entity’s data may be used to train AI models or may otherwise be disclosed.

Ongoing Monitoring and Oversight

The guidance clarifies that a covered entity’s TPSP policy should also be tailored to the risk each TPSP presents. Ongoing and periodic oversight processes and controls should include a layered, risk-based assessment that can confirm that a TPSP’s cybersecurity posture is aligned with the covered entity’s expectations. Periodic assessments may include security attestations such as SOC2 and ISO 27001, penetration testing summaries, vulnerability management updates, policy changes, security awareness training, and compliance audits. The guidance recommends that material or unresolved risk be documented in the covered entity’s risk assessment and escalated through appropriate internal risk governance channels.

Termination

Finally, when ending a TPSP relationship, NYDFS expects covered entities to “ensure secure and orderly” offboarding. The guidance stresses promptly disabling access (including deactivating accounts and revoking system access for TPSP personnel and subcontractors). Particularly for TPSPs providing cloud services, this may also necessitate revoking identity federation tools, API integrations, and external storage. NYDFS further emphasizes requiring certified return, destruction, or migration of backup, cached, and snapshots of NPI. Policies should include “a transition plan for critical services with clearly defined timelines, roles and responsibilities.” NYDFS also recommends that access points that become redundant or unnecessary during the TPSP relationship should be eliminated on an ongoing basis, not left for backend cleanup.

Key Takeaways

The guidance may be a bellwether for NYDFS’s increased regulatory scrutiny related to TPSPs. It also provides detailed best practices for all types of businesses to consider, even those companies that are not regulated by NYDFS. As a result, businesses may want to consider the following:

• Closing gaps in vendor life-cycle controls. Closing gaps includes revisiting TPSP policies and procedures to incorporate the guidance’s classification scheme, enhanced due diligence measures, ongoing monitoring metrics, and termination protocols.
• Updating TPSP contract templates. Updates include standardizing terms for MFA, encryption, breach notification timelines, compliance warranties, audit rights, data location/transfers, subcontractor disclosure and veto rights, AI use and training restrictions, data exit obligations, and cybersecurity-specific remedies/termination triggers.
• Bolstering ongoing monitoring for TPSPs. Monitoring involves conducting periodic risk-based assessments based on risk classification, tracking vulnerability remediation, and incorporating third-party risk into incident response plans.

Conclusion

Direct insights from a regulator are informative and are always intended to be taken seriously. Companies may want to consider reviewing and revising their vendor management policies and procedures to ensure compliance with NYDFS Cybersecurity Regulations.

Ogletree Deakins’ New York offices and Cybersecurity and Privacy Practice Group will continue to monitor developments and provide updates on the Cybersecurity and Privacy and New York blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The California Court of Appeal upheld a ruling that a car dealership’s “flag bonus pay” system for service technicians complies with California’s “no borrowing” rule.
• The court distinguished this compensation structure from the previously unlawful “piece rate basis” system because it paid a guaranteed hourly rate for all clocked hours (independent of productivity) that fully satisfied minimum-wage and rest-break requirements, plus a true productivity bonus on top.
• The court found deficiencies with the plaintiffs’ PAGA claim, emphasizing the necessity for proper notice letters detailing “facts and theories” for any pursued claims under California’s Labor Code.

On November 18, 2025, the California Court of Appeal, Second Appellate District, published its decision in Mora v. C.E. Enterprises, Inc. The court affirmed a ruling in favor of a Simi Valley car dealership that the “flag bonus pay” system did not violate the “no borrowing rule” and did not otherwise violate Labor Code Section 226.2. The ruling came after a bench trial in a wage-and-hour and PAGA case brought by two former service technicians of the dealership.

On appeal, the technicians argued the trial court was wrong in finding that the dealership’s compensation structure for service technicians, which paid technicians double the minimum wage rate plus “flag bonus pay” based on hours they spent working on service tasks, did not violate California’s “no borrowing” rule or Labor Code Section 226.2, as it was interpreted by the California Fourth District Court of Appeal in Gonzalez v. Downtown LA Motors, LP.

The Hourly Pay Plan

The dealership implemented a compensation structure in December 2014 that pays service technicians at least double the minimum wage for all hours recorded on a biometric time clock, allowing technicians to earn a “flag bonus pay.” This system replaced a former “piece rate basis” based on the number of “flag” hours technicians worked, meaning hours they spent performing service tasks, after such a system was found to be unlawful in Gonzalez.

According to the decision, the “flag bonus pay” system allowed technicians to track “flag” hours for hours worked performing specific tasks and provided them the opportunity to be paid “‘flag bonus pay’ if the flag hours they separately record[ed], multiplied by the dollar amount of their assigned flag rate, exceed[ed] their regular and overtime hourly earnings.”

Compliance With the ‘No Borrowing Rule’

Under the “no borrowing rule,” employers must pay employees the minimum wage for all hours worked, regardless of the compensation structure (e.g., piece-rate or commission). The rule means employers cannot average the wages earned from productive tasks to cover nonproductive time or rest periods. Each hour worked must be compensated at or above the minimum wage independently.

In Mora, the Second Appellate District found that, unlike the compensation plan in Gonzalez, which averaged piece-rate payments to meet minimum wage requirements, the dealership’s plan paid employees for every hour recorded on the biometric clock and provided additional flag bonus pay for efficiency. Instead, the court aligned its analysis with the Supreme Court of California’s “no-borrowing” framework, under which an employer must pay at least the minimum wage for each hour while still honoring separate contractual units of pay.

The court further cited a recent 2025 Ninth Circuit decision that found an hourly-plus-bonus structure, where the employer always paid hourly wages and layered a piece-rate bonus on top, was lawful under Gonzalez.

PAGA Claims

The plaintiffs also raised PAGA claims on behalf of other employees based on the alleged violations of the Labor Code, including failures to pay overtime and provide accurate wage statements. The court emphasized that PAGA claims still require: (1) a notice letter that actually discloses the “facts and theories” later pursued, and (2) admissible, explained evidence at trial tying alleged payroll “deficiencies” to actual Labor Code violations. The court criticized the plaintiffs for simply presenting the trial judge with thousands of unanalyzed time and payroll records and expecting the court to scour them for violations.

Additionally, the court found the plaintiffs’ Labor and Workforce Development Agency (LWDA) letter insufficient regarding other sales and lube technicians, who were paid differently, and faulted their trial presentation for presenting thousands of records to the court without providing the judge with concrete examples to prove any underpayment.

Key Takeaways

The Mora decision provides helpful support for California employers seeking to implement and maintain legal and effective incentive-based compensation systems designed to reward and incentivize productive employees, such as the “flag bonus pay” system used by the dealership in the case, and highlights some key considerations for employers. Specifically, employers may want to ensure that:

• all hours under the employer’s control are captured on a reliable timekeeping system and paid at or above the applicable hourly floor (including overtime premiums, where applicable, and any tool-rate requirements); and
• any “flag,” “piece,” or “commission” component is structured as true extra compensation, not as a mechanism that makes the employee whole for non-productive time or rest periods.

Further, employers defending PAGA cases may want to keep in mind that plaintiffs still bear the burden to prove actual violations, and courts will enforce both PAGA’s exhaustion requirements and the ordinary evidentiary and record-sufficiency rules.

Ogletree Deakins’ California Class Action and PAGA Practice Group will continue to monitor developments and will provide updates on the California, Class Action, and Wage and Hour blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Jurisdictions such as California, New York City, Colorado, Illinois, and the European Union (EU) variously require (or plan to require) and encourage bias testing, notices, transparency, and, in some cases, public summaries. AI involvement can create substantial legal risk, even when humans make the final decisions; AI-influenced scores, rankings, or screens can still be treated by regulatory authorities as decision-making, triggering validation, bias-testing, notice, and transparency duties—with “cutoff” uses increasing regulatory scrutiny.
• Legally privileged bias audits can anchor AI governance efforts by channeling audits through legal counsel, maintaining an inventory and classification of tools, setting clear policies and vendor obligations, conducting ongoing monitoring and remediation, and preserving records supporting job-relatedness, business necessity, and “less-discriminatory alternatives” analyses.

Background

AI and algorithmic tools now permeate modern workforce management, touching everything from applicant recruitment and resume screening to onboarding, performance reviews, development, promotions, scheduling, and retention. The legal environment surrounding these systems is expanding rapidly and unevenly, with places such as California, New York City, Colorado, Illinois, and the EU adopting differing approaches. Approaches vary in each of the current or pending laws, ranging from binding requirements to soft‑law guidance. Importantly, liability can arise even when a person signs off on the outcome: regulators and courts may view AI-generated rankings, scores, or screens as part of the employment decision itself, while the use of rigid thresholds or “cutoffs” can invite heightened scrutiny.

Against this backdrop, the regulatory picture is still taking shape: a patchwork of municipal, state, federal, and global measures that differ in scope, definitions, and timing. Emerging frameworks impose varied governance, transparency, and recordkeeping obligations, while existing antidiscrimination, privacy, and consumer reporting laws continue to supply enforcement hooks. Agencies are issuing guidance and bringing early cases, while private plaintiffs are testing theories that treat algorithmic inputs as part of employment decisions, even when human review is involved. Penalties and remedies range from administrative fines to mandated disclosures and restrictions on use, with some regimes claiming extraterritorial reach and short transition periods, creating real uncertainty for multistate and global employers.

Scope and Focus of Auditing

Anti-bias auditing begins by examining whether the tool’s results differ for protected groups at each stage of the process—for example, with regard to resume scores, rankings, who receives interviews, who passes assessments, and who ultimately gets hired. Statistical findings that suggest adverse impact are a warning light, not the finish line. From there, examining the training and reference data, features that might act as stand-ins or “proxies” for protected traits, how features are built, the score cutoffs applied, any settings by location or role, and how recruiters and managers actually use the output or tool are important steps. If impact is found to be present, the next step involves assessing business necessity and whether less discriminatory ways exist to achieve the same goal, considering specific fixes, such as adjusting thresholds, swapping or removing features, training to improve use or consistency, or changing when or how the tool is used.

Effectiveness auditing assesses whether an AI tool actually enhances decision-making in your specific context. It tests if the system performs as advertised, outperforms your current process, and behaves consistently across roles, teams, sites, and time. Practically speaking, that means benchmarking model outputs against structured human evaluations, checking post-decision outcomes (such as performance, retention, quality and error rates, and downstream corrective actions), and validating that the factors driving recommendations are job‑related and predictive of success.

Effectiveness is inseparable from fairness. A tool that is fast or efficient but unevenly accurate across protected groups—or that relies on features correlated with protected traits—can create legal and operational risks. Evaluating accuracy, stability, and business impact, together with adverse-impact metrics, ensures that “better” does not simply mean “cheaper or quicker” and helps surface situations where apparent gains are driven by biased error patterns. In short, effectiveness auditing assesses whether a tool works, for whom it works, and whether it works for the right job‑related reasons.

Best Practice Considerations

An effective AI governance program brings together the applicable stakeholders for each deployment, with legal, HR, and IT at the core. Legal ensures regulatory alignment, privilege where appropriate, defensible documentation, and coordination across antidiscrimination, privacy, and consumer-reporting regimes. HR anchors job-relatedness, consistent application across roles and locations, and integration with established hiring and performance practices. IT is responsible for system architecture, security, access controls, data quality, monitoring, and change management. Around this core, additional contributors can be included as the use case demands.

Leading With Privilege

A foundational best practice involves starting every significant evaluation, audit, and testing effort with counsel. That means legal scopes the questions, engages the right experts, and directs the work so the analysis is covered by attorney-client privilege and/or work product protections. Following completion of the privileged assessment and agreement on corrective actions, nonprivileged regulatory summaries or disclosures can be prepared as a separate project. This preserves privilege over the analysis while ensuring timely compliance with applicable notice and transparency obligations.

Knowing Your Tools

Most organizations rely on more AI and algorithmic tools than they recognize, so it is sound practice to maintain a living inventory across the talent life cycle—including sourcing databases, resume screens, rankings, assessments, automated interviews, predictive models, and HR analytics—and to support meaningful oversight within the governance program by maintaining the inventory’s currency through defined change-management triggers.

For each tool, consider recording the core facts of use, impact, data, and ownership, and relying on a single inventory as the backbone for audits, governance, vendor oversight, incident response, and regulatory disclosures.

Setting Clear Rules

Setting clear rules means writing down and enforcing plain-language policies for the use of AI. That includes providing for notice (and consent where applicable), meaningful human review and appeal, data minimization and retention, and security, and making sure vendor contracts protect the organization’s legal risks with regard to audit rights, data access, security parameters, explainability documentation, and remediation obligations if problems are found.

Monitoring and Fixing

Effective systems risk management may require ongoing monitoring at set intervals, with some laws mandating periodic reviews. Consider defining clear thresholds and triggers for when to retest and remediate, and preparing a response playbook covering feature or cutoff changes, deployment adjustments, reviewer retraining, and vendor recalibration. Legal may want to continue managing the process so that analytic iterations and corrective actions remain under privilege.

Documenting to Defend

Keeping contemporaneous records that demonstrate job-relatedness, business necessity, and, where adverse impact appears, any evaluation of less discriminatory alternatives, while preserving the who/what/why of human reviews (including reasons for following or overriding AI outputs) with clear, plain-language explanations of how each tool works, is critical. Robust, contemporaneous documentation can significantly enhance a program’s defensibility in regulatory inquiries and litigation.

Next Steps

Auditing AI for bias in employment decision-making is now a critical part of AI governance and risk management. Employers that implement privileged audits, robust governance, and continuous monitoring paired with transparency, human-in-the-loop controls, and disciplined documentation can harness AI’s benefits while reducing the risk of discriminatory outcomes and regulatory exposure.

Ogletree Deakins’ Cybersecurity and Privacy, Government Contracting and Reporting, Technology, and Workforce Analytics and Compliance Practice Groups will continue to monitor developments and will provide updates on the Cybersecurity and Privacy, Employment Law, Government Contracting and Reporting, Multistate Compliance, State Developments, Technology, and Workforce Analytics and Compliance blogs.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts