Quick Hits

• California law requires an employer to notify its current employees of a federal immigration agency Form I-9 audit, and to provide results of such inspections to affected employees.
• California law prohibits employers from providing “voluntary consent” to federal immigration agents to access nonpublic areas or employment records without a judicial warrant or subpoena.

Assembly Bill (AB) 450, known as the Immigrant Worker Protection Act, took effect on January 1, 2018, and sets forth requirements for California employers in handling U.S. Department of Homeland Security (DHS) worksite enforcement actions, which include requests to access an employer’s worksites and/or employment records, as well as Form I-9 audits.

Form I-9 Audit

Notice of Inspection

California Labor Code section 90.2 requires employers to provide written notice to current employees when they receive a Notice of Inspection or Form I-9 audit from federal immigration authorities. The notice must be provided in writing and delivered to current employees within seventy-two hours of receiving the Notice of Inspection. The notice must be delivered in a manner to reach all current employees and, if applicable, the employees’ collective bargaining representative. Employers must also provide a copy of the Notice of Inspection to an employee upon request.

The California Department of Justice and the DIR jointly published a Frequently Asked Questions (FAQs) document on the Immigrant Worker Protection Act. The FAQs provide a template posting for employers to use. The required notice to employees must contain the name of the immigration agency, the date the employer received the I-9 audit, a description of the federal agency inspection, and a copy of the Notice of Inspection. It is important to note that the FAQs warn employers that a Notice of Inspection is often “delivered during a visit from government agents” but also could be delivered without a visit. The seventy-two-hour period is triggered by the employer’s receipt of the Notice of Inspection, regardless of the delivery method. It is also important to note that the FAQs clarify that the law is not violated if an employer does not provide notice to an employee “at the express and specific request of the federal government.”

Notice of Immigration Agency I-9 Audit Results

Section 90.2 also requires employers to provide to “each current affected employee,” and to the employee’s exclusive bargaining representative (if applicable), the results of the I-9 audit or inspection of records as well as the obligations of the employer and the impacted employee arising from the federal immigration agency inspection. An “affected employee” is defined as an employee who is identified in the immigration agency inspection report as potentially lacking work authorization or whose work authorization documents have been flagged for potential deficiencies.

This notice must be delivered “by hand at the workplace if possible” and if not possible, by both mail and email. This notice must be delivered within seventy-two hours of the employer’s receipt of the results of the federal immigration agency inspection. The notice must contain: (1) “[a] description of any and all deficiencies” identified, (2) the “time period for correcting any potential deficiencies,” (3) the “time and date of any meeting with the employer to correct any identified deficiencies,” and (4) “[n]otice that the employee has a right to representation during any meeting scheduled with the employer.”

Penalties

Employers that fail to provide required notices may be subject to civil penalties of $2,000 to $5,000 for a first violation, and $5,000 to $10,000 for each subsequent violation. Section 90.2 expressly states that the requirements should not be read in a way to “restrict or limit an employer’s compliance with any memorandum of understanding governing use of the federal E-Verify system.”

Access to Worksites or Employee Records

Government Code Section 7285.1 prohibits employers from providing “voluntary consent” to immigration agents to access “any nonpublic areas of a place of labor” unless presented with a judicial warrant. This section provides that employers may take immigration agents to a nonpublic area where there are no employees “for the purpose of verifying whether the immigration enforcement agent has a judicial warrant, provided no consent to search nonpublic areas is given in the process.”

Similarly, Government Code Section 7285.2 prohibits employers from providing “voluntary consent” to immigration agents that would allow them to “access, review or obtain the employer’s employee records without a subpoena or judicial warrant.”

Similar to the notice requirements for I-9 audits, employers may face civil penalties of $2,000 to $5,000 for a first violation, and $5,000 to $10,000 for each subsequent violation of these code sections.

Next Steps

The DIR reminder and guidance in the FAQs come amid increased federal immigration enforcement under the Trump administration. It is important that California employers understand the state law in this space, as it imposes additional requirements in handling immigration inspections, as well as significant fines for violations.

Ogletree Deakins will continue to monitor developments and will provide updates on the California and Immigration blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Customs officials can search the content on electronic devices, but Transportation Security Administration (TSA) agents cannot.
• Companies can revise their employee handbooks to include detailed policies about how to secure electronic devices while traveling.

Recently, there have been increasing concerns about potential data breaches or disclosure of sensitive information stored on employees’ laptops, phones, and tablets as they travel for work or personal reasons.

In some cases, employees’ devices contain troves of data that must be kept private for legal or business reasons. For example, attorneys may have private information about clients, and executives may have proprietary information about a company’s products, processes, or customer lists.

The Fourth Amendment of the U.S. Constitution prohibits unreasonable searches by the government, but courts have maintained that border searches, including of digital devices,  do not require a warrant. As people enter the country, U.S. Customs and Border Patrol (CBP) can access or download photos, emails, texts, and social media activity. Putting a device on airplane mode can prevent CBP from accessing data hosted on cloud services.

CBP can retain devices for an undetermined amount of time. CBP searches aim to prevent terrorist activity, child pornography, drug smuggling, human trafficking, export control violations, intellectual property rights violations, visa fraud, and other violations.

Unlike CBP, TSA agents cannot legally search the content on a person’s devices without a warrant. They can swab devices for evidence of explosives.

The border policies and searches in other countries vary widely. For example, European privacy laws generally limit when and how border officials can search electronic devices without a warrant or reasonable suspicion.

Depending on the person’s immigration status and other factors, refusing to cooperate with a CBP search or provide passwords could result in denied entry, device seizure, or further detention. This could be disruptive to an employer’s operations or work-related events, such as a planned speech or business meeting. Having a device stolen while traveling could be equally disruptive and/or have data privacy implications for employers.

Updating and communicating written policies with workers may help to minimize the impact of border searches and theft of devices.

Next Steps

Employers with employees who travel frequently for work may wish to consider drafting new policies to protect confidential or proprietary information. This could include:

• encouraging workers to not carry their laptops or other company devices across international borders unless it is absolutely necessary for work;
• encouraging workers to bring a device without sensitive information on it if they travel internationally;
• instructing employees to allow for extra time for customs searches;
• informing workers that they can tell customs officials about their concerns regarding confidential or proprietary information;
• instructing employees on what they should and should not do if their device is searched by customs officials or stolen;
• requiring employees to contact internal counsel and/or the information security department if their device is confiscated or stolen;
• encouraging workers to use strong passwords, implement two-factor authentication, and be mindful of what is available in their cloud storage; and
• requiring workers to turn on device encryption, if possible, and turn off the device or put it on airplane mode before entering another country.

Ogletree Deakins will continue to monitor developments and will provide updates on the Cybersecurity and Privacy and Technology blogs as new information becomes available.

Dee Anna D. Hays is a shareholder in Ogletree Deakins’ Tampa office.

This article was co-authored by Leah J. Shepherd, who is a writer in Ogletree Deakins’ Washington, D.C., office.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• OSHA-approved state plans have their own workplace safety and health regulations, which must be at least as effective as the corresponding federal OSHA regulations.
• Within the list of state plan programs, California, Oregon, and Washington are the most active in enforcement.
• Each state plan has substantial procedural differences and its own system for issuing, appealing, and litigating citations.

By the time this series is complete, the reader should be conversant in the subjects covered and have developed a deeper understanding of how the OSH Act and OSHA work. The series is not—nor can it be, of course—a comprehensive study of the OSH Act or OSHA capable of equipping the reader to address every issue that might arise.

The first article in this series provided a general overview of the OSH Act and OSHA; the second article examined OSHA’s rulemaking process; the third article reviewed an employer’s duty to comply with standards; the fourth article discussed the general duty clause; the fifth article addressed OSHA’s recordkeeping requirements; the sixth article covered employees’ and employers’ respective rights; the seventh article addressed whistleblower issues; the eighth article covered the intersection of employment law and safety issues, the ninth article discussed OSHA’s Hazard Communication Standard (HCS); the tenth article examined voluntary safety and health self-audits; the eleventh article, in two parts, reviewed OSHA’s citation process; the twelfth article covered OSHA inspections and investigations; the thirteenth reviewed OSHA’s ability to seek criminal penalties; the fourteenth article examined judicial review under the OSH Act; and the fifteenth addressed imminent danger inspections. In this sixteenth and penultimate article in the series, we focus on states that have their own OSHA-approved plans.

Twenty-one states (Alaska, Arizona, California, Hawaii, Indiana, Iowa, Kentucky, Maryland, Michigan, Minnesota, Nevada, New Mexico, North Carolina, Oregon, South Carolina, Tennessee, Utah, Vermont, Virginia, Washington, and Wyoming) and Puerto Rico have OSHA-approved state plans that cover both private companies and government workers. Six states (Connecticut, Illinois, Maine, Massachusetts, New Jersey, and New York) and the U.S. Virgin Islands have OSHA-approved state plans that cover state and local government workers.

Federal OSHA continuously monitors the state plans and can take action against state plans that are not effective. Each year, federal OSHA issues a comprehensive report on each state plan. Federal Annual Monitoring and Evaluation Reports are available to the public.

Variations Among State Plans

Enforcement: California, Oregon, and Washington have the most active state plans in enforcement.

As recently as 2023, federal OSHA decided not to revoke the final approval status of Arizona’s state plan after it had started the process of revoking that status. Arizona’s state plan stayed in place with improvements and promises to make efforts to enact stronger penalties to be more consistent with federal OSHA.

Procedures and citations: Each state plan has substantial procedural differences and its own system for issuing, appealing, and litigating citations. For example, Washington State requires an “Accident Prevention Program” while California requires an “Injury and Illness Prevention Program.” These differences can be tricky for multistate employers seeking to comply with each individual state’s requirements. Only Oregon’s state plan provides thirty days to appeal citations as opposed to the fifteen working days typical for other states.

Recording and Reporting

Even when a state has its own OSHA plan, the plan must have the same requirements as federal OSHA for determining recordable injuries and reportable accidents and illnesses. State plans must follow 29 C.F.R. Section 1904.37(b)(1) for recording injuries and illnesses. While some states have adopted the exact same language as federal OSHA for reporting accidents and illnesses, it is important to note that state plans can have more stringent reporting requirements and can have nuances in reporting to the state plan. Each state plan publicizes its reporting requirements so that employers can comply with the obligations.

Ogletree Deakins’ Workplace Safety and Health Practice Group regularly publishes articles on the Multistate Compliance and Workplace Safety and Health blogs as an ongoing part of its coverage of workplace safety and health developments. The final article in the OSH Law Primer Series addresses preemption.    

On Thursday, July 31, 2025, from 2:00 p.m. to 3:00 p.m. (EDT), Karen Tynan and John Surma will present a webinar providing more detailed information about OSHA state plans, compliance, and the differences among the state plans and federal OSHA. Register here.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The recent scandal at a Coldplay concert highlights the significant reputational risks companies face due to executives’ public missteps.
• Companies may want to carefully define “cause” in executive contracts to include reputational harm, ensuring flexibility to address various scenarios that may affect the company’s image without the obligation of paying severance or accelerating vesting of equity.
• The Coldplay incident underscores the importance of robust “cause” provisions to manage the potential fallout from executives’ actions, both within and outside the workplace.

Executives’ misbehavior can lead to a host of issues from an employment law and employee morale perspective. Companies may also face reputational damage based on their executives’ actions, and may need to move on from that relationship to avoid the executive’s behavior becoming a distraction or linked to the company’s brand. Depending on the terms of an executive’s employment contract, equity arrangement, or other severance arrangement, a company may face financial exposure in terminating the executive’s employment, even when the company has been harmed. Unless a contract’s definition of “cause” has been appropriately addressed, termination of employment following a public incident may require the company to pay severance or vest the executive in outstanding equity. Paying severance in this context may further harm the company’s public perception, and may lead to difficult conversations with stakeholders.

Protections for Reputational Harm

Traditionally, “cause” in executive contracts has been defined narrowly, often limited to clear-cut issues like fraud, embezzlement, or gross misconduct. However, protections for reputational harm (where an executive’s conduct may not specifically violate a company policy or fit within the clearly defined meaning of “cause”) were included in several instances, with those provisions becoming even more common beginning around 2019 (following the #MeToo movement). As the Coldplay incident demonstrates, the outside actions of an executive (or worse, two) may become headline news, putting the company’s brand and business operations at risk, including risks of reputational harm, which may affect the company’s ability to compete in hiring talent or its overall business operations (e.g., exposure to boycotts). Notably, the allegation (whether true or not) of an improper relationship (based on public behavior) can be a concern, even if there ultimately is no relationship, as the mere allegation may place the company in a bad light.

Considerations in Defining ‘Cause’

In preparing and negotiating the definition of “cause,” companies may consider the following:

• Addressing reputational harm: “Cause” may be a technically defined term and, if heavily negotiated by the executive, may be limited. However, the definition of “cause” often covers conduct that could be expected to harm the company’s reputation or business interests, even if it doesn’t rise to the level of criminal activity, violation of company policy, or more obvious “bad” business behavior. Some contracts may go so far as to cover “any action” (or inaction) that causes harm to the company, while others may be limited to “misconduct.”

• Using clear, broad language: Reputational harm provisions can avoid the limitations of overly technical or narrow definitions and instead use broad phrases that can provide companies flexibility to address varying scenarios as they come. Additionally, these provisions can address actions outside of work if those actions affect the company’s image. In addition to engaging in alleged public affairs, these actions may be designed to include nonwork-related actions such as poor social media usage, road rage, etc., among others. When a company’s brand is associated with an executive and the executive places the brand at risk by virtue of his or her actions or associations, a thorough “cause” definition may provide the company with the flexibility to take action.

• Establishing a fair process: Although it is important to protect the company, provisions ensuring a fair process for the executive, such as reasonableness requirements and notice and cure (where possible), are common provisions.

Key Takeaways

The Coldplay incident is a reminder that reputational risks are everywhere. Although terminating executives’ employment generally can be easy (as long as the company is willing to pay), there are circumstances when the company (justifiably) may not want to pay severance or may incur negative public perception (or pressure from shareholders) by paying severance. By ensuring “cause” provisions are robust and broad enough to pick up nonwork items such as reputational harm, companies may have the flexibility to address unexpected executive behavior.

Ogletree Deakins’ Employee Benefits and Executive Compensation Practice Group regularly provides legal updates in response to developments in employment law. Please see the Employee Benefits and Executive Compensation blog for more information.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The California Privacy Protection Agency recently finalized regulations governing automated decisionmaking technologies, representing California’s first set of regulations outside of the anti-discrimination context that place guardrails around AI systems that evaluate or make decisions about individuals.
• The new regulations apply to significant automated decisions affecting employment, finance, housing, and education, and include enhanced obligations for extensive profiling through systematic observation like Wi-Fi tracking or video recording.
• California individuals now have the right to opt out of ADMT processing in certain contexts and to access details about how ADMT was used to make significant decisions affecting them.

What Constitutes an ADMT?

Under the final regulations, an ADMT is defined as technology that processes personal information using computation to “replace human decisionmaking or substantially replace human decisionmaking.” The phrase “substantially replace human decisionmaking” means using the output of such a technology to make a decision without human involvement. An organization may nonetheless use these technologies without triggering the definition of an ADMT—and thus avoid the burdensome compliance activities described herein—as long as there is sufficient human involvement in the decisionmaking process. This is known as the “human involvement” exception.

To rely upon the human involvement exception under the CCPA regulations, companies must ensure that human reviewers are trained to interpret and utilize the technology’s outputs effectively, actively review and analyze both the automated output and other relevant information when making decisions, and have the explicit authority to make or alter decisions based on that analysis. In practice, this likely means the burden of reviewing relevant outputs will fall on relatively “high-up” individuals at each company, such as upper management personnel.

The rules explicitly include profiling and exclude routine tasks like web hosting, spam filtering, and simple data organization unless these tasks significantly replace human judgment.

Significant Decisions and Extensive Profiling

The regulations impose obligations on businesses using ADMT to make “significant decisions,” including those involving employment, financial services, housing, insurance, education, criminal justice matters, and essential goods or services. For employers, this means that automated decisions related to hiring, job assignments, promotions, demotions, compensation, and termination are covered. Similarly, businesses engaging in extensive profiling of individuals, including systematic observation in workplaces, educational settings, or publicly accessible places, will encounter enhanced compliance obligations.

The term “profiling” includes any form of automated processing of personal information to evaluate or predict aspects of an individual’s performance, behavior, or interests. It specifically includes practices such as any automated processing to evaluate “performance at work,” reliability, behavior, locations, or movement, whereas the term “systematic observation” refers to “methodical and regular or continuous observation” using technologies such as Wi-Fi or Bluetooth tracking, video or audio recording, location tracking technologies, and “technologies that enable physical or biological identification or profiling.” These broad definitions encompass technologies used to monitor employee productivity, behavior, or communication patterns in a wide variety of circumstances. When profiling is systematic and ongoing, it may require pre-use notice, opt-out rights, and, in some cases, access rights—discussed in greater detail below—unless an exception applies. In particular, employers using AI-driven monitoring tools or productivity analytics may need to evaluate whether their use constitutes profiling or systematic observation under the regulations.

Pre-Use Notices

The finalized regulations elevate consumer privacy protections, emphasizing California individuals’ rights to informed consent, transparency, and recourse. Depending on their existing practices, businesses that are in-scope for these regulations may need to reassess how they communicate with consumers (including employees) and integrate these rights into their operational workflows.

Before deploying ADMT, companies are now obligated to provide consumers with notice that explains the technology’s purpose, its operational scope, and its potential impacts. Importantly, this notice must be presented in plain language to ensure accessibility. We previously detailed the pre-use notice requirements of the initial draft of these regulations. The final regulations are similar in some respects, but include several new material changes:

• Businesses are no longer required to provide the logic used in the ADMT. However, this is still a required data element in response to an individual’s request to access, as discussed below, so a thorough understanding of how each ADMT operates remains an important element of the diligence process.
• Businesses must provide information regarding “how the ADMT processes personal information to make a significant decision,” such as the categories of personal information used to generate an output.
• If a human reviewer does not meet the human involvement exception, the business must provide a description of the human reviewer’s role in the process, such as where the reviewer does not have sufficient authority to overrule the output of the ADMT.
• A description of the alternative process for individuals who opt out, unless an exception to the opt-out right applies.

The regulations also clarify the form in which these notices must be provided, such as when providing a single, consolidated notice may be appropriate. As an example, the regulations specifically state that a single notice could cover both automated resume-screening software and tools evaluating an applicant’s vocal intonation, facial expressions, and gestures to make hiring decisions.

Right to Opt Out

California individuals now have the right to opt out of ADMT processing in certain circumstances. However, the right to opt out is not without its limits, as the final regulations include several exceptions.

For instance, businesses are not required to offer an opt-out if the ADMT is used exclusively for detecting security incidents, preventing fraud, or ensuring physical safety. Additionally, a business may be able to avoid offering a consumer the right to opt out of ADMT processing if it instead provides a right to appeal the decision to a qualified human reviewer who can reverse it, provided the specific requirements of the human appeal exception are met.

Importantly, there is also an exception for “admission, acceptance, or hiring decisions,” provided that those tools are used solely to assess a person’s ability to perform in a job or educational program, align exclusively with the business’s objectives, and do not result in unlawful discrimination based on protected characteristics. However, in today’s hiring landscape, where businesses may utilize such tools for a variety of purposes in vetting job applicants, such as scrutinizing applicants for evidence of fraud or identity theft, these exceptions may not always neatly apply. Separately, there is a limited exception for allocation/assignment of work and compensation decisions if the business uses the ADMT solely for allocation/assignment of work or compensation, and the ADMT works “for the business’s purpose” (i.e., the ADMT’s intended purpose) and does not unlawfully discriminate based on protected characteristics.

Finally, these exceptions do not apply when ADMT is used for behavioral advertising or training machine learning systems. In such cases, consumers must always be given the ability to opt out. As such, businesses may also need to consider how any employee or individual data is being used by the ADMT, such as whether it is training on those individuals’ data, to ascertain their compliance obligations.

As with other consumer rights under the CCPA, there are statutory deadlines for responding to requests to opt out, even if the ultimate outcome is a denial of the request. There are also very specific requirements surrounding the form in which the opt-out right is provided, such as the type of and number of opt-out methods, the type of information that may be required to be provided by the data subject to exercise these rights, and how the opt-out right is presented. The regulations require at least two submission methods, one of which must reflect how the business primarily interacts with consumers (e.g., online form or toll-free number). The process must be easy to use, clearly labeled, and free of dark patterns. If a request is denied as fraudulent, the business must have a documented basis for the denial and provide an explanation—a requirement that may be particularly relevant where an ADMT is used to evaluate job applicants who may be misrepresenting their identity.

Right to Access Information About the ADMT

In addition to the right to opt out, the proposed regulations give individuals the right to access information about a business’s use of ADMT when it is used to make a “significant decision” about a consumer. As discussed above, this term generally means a decision that affects a person’s rights, as well as access to or eligibility for important opportunities or essential goods and services such as financial, housing, healthcare, independent contracting, and employment-related opportunities.

When a consumer exercises this right, the business must provide a clear and plain-language explanation of how the ADMT was used in relation to that individual. This includes describing the specific purpose of the ADMT, the logic involved in its decisionmaking, and how the output was used in making a decision about the individual. If the system produces a score or recommendation, the business must explain how that output factored into the final decision and whether a human was involved in the process. The business must also disclose the key inputs or parameters that influenced the decision, and how those inputs were applied to the consumer. While businesses are not required to reveal trade secrets or information that could compromise security or fraud-prevention functions, the disclosure must nevertheless be substantive enough in the absence of such information to allow a consumer to understand how the technology affected them.

If ADMT may be used multiple times with respect to the same individual, such as for repeated employee evaluations or loan decisions, the business may also provide information regarding how the output will be used to make significant decisions about that individual in the future. But in all cases, the information must be accessible, accurate, and delivered using reasonable security measures.

Looking Forward

The finalized regulations provided a staggered compliance schedule for these new requirements. Businesses that use ADMT for significant decisions must comply with the ADMT requirements by January 1, 2027.

California’s proposed ADMT regulations represent a major shift in California privacy rights and employee protection under the CCPA, demanding new levels of transparency and accountability from businesses and employers. Businesses may want to consider reviewing their existing processes and technologies well in advance of the January 1, 2027, deadline, and may wish to bake continued evaluative processes into their diligence processes with respect to a newly developed or acquired ADMT, to operationalize these novel requirements, because California regulators have signaled a strong interest in enforcement against businesses of all sizes.

Ogletree Deakins’ Cybersecurity and Privacy Practice Group and Technology Practice Group will continue to monitor developments and will provide updates on the California, Cybersecurity and Privacy, and Technology blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• DHS has updated the E-Verify Status Change Report to include a “Revoked Document Number” field, effective July 15, 2025, to help employers identify employees with revoked EADs.
• Employers must now compare the EAD number on an employee’s Form I-9 with the Revoked Document Number in the updated report to determine if reverification of work authorization is necessary.

Background

The Status Change Report was first launched on June 20, 2025, as part of DHS’s efforts to improve transparency and compliance in the employment verification process. Its primary purpose is to alert employers if any of their E-Verify cases were created using an EAD that has since been revoked—a situation that can arise when DHS terminates parole for certain noncitizens.

Previously, the report listed affected cases but did not include specific document identifiers, making it difficult for employers to confirm whether the revoked EAD matched the one presented by the employee during the Form I-9 verification process.

To address this gap, DHS has now added a “Revoked Document Number” field to the report. This allows employers to directly compare the number on the EAD used for I-9 verification with the revoked document listed in the report. If the numbers match, the employer is required to reverify the employee’s continued work authorization using a different document from the I-9 Lists of Acceptable Documents.

Analysis and Impact

If a current employee is listed in the Status Change Report, employers must compare the EAD number provided on the employee’s Form I-9 with the Revoked Document Number indicated in the report to determine whether reverification of continued employment authorization is required. Employers must not initiate a new E-Verify case.

Employers can use Form I-9, Supplement B to reverify any employee who appears in the Status Change Report and used a now revoked EAD for the original Form I-9 and E-Verify case. Employers may want to ensure that the reverification process is completed within a reasonable timeframe, including by confirming that an employee’s  new EAD  is valid by comparing the number on the card to the information in the report. This step is essential to maintain compliance and ensure that all employees are authorized to work.

Find below a reference chart to determine if reverification is required:

Ogletree Deakins’ Immigration Practice Group will continue to monitor developments and provide updates on the Immigration blog as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Effective July 1, 2025, Connecticut’s Public Act No. 25-30/S.B. No. 1221 has introduced a three-strike enforcement process for the MyCTSavings retirement program, with escalating annual penalties for noncompliance. Penalties range from $500 to $1,500, depending on the size of the employer.
• The law continues to apply to employers with five or more employees, maintaining the same eligibility criteria and default contribution rates. Employers with qualifying retirement plans are exempt from certain requirements.
• As of July 1, 2025, Connecticut mandates auto-enrollment in the MyCTSavings program or certification of a compliant employer-sponsored plan. Employers may want to audit their enrollment procedures, update internal protocols, and ensure staff are trained to avoid violations and financial penalties.

What Has Changed

The law now establishes a three-strike enforcement process with annual penalties:

• First violation: Notice from the comptroller
• Second violation: Second notice
• Third violation: Final notice

Penalties for each year of noncompliance (after ninety or more days):

• $500 for small employers (five to twenty-four employees)
• $1,000 for medium employers (twenty-five to ninety-nine employees)
• $1,500 for large employers (one hundred or more employees)

The law also incorporates the federal Saver’s Match, allowing eligible low-income employees to receive federal contributions into their MyCTSavings accounts. The law states that the comptroller will provide an applicable retirement savings vehicle able to receive such contributions.

What Hasn’t Changed

Despite the implementation of the three-strike violation process, several key aspects remain the same:

• the law still applies to employers with five or more employees who paid at least $5,000 in wages to five or more workers;
• employees are still eligible after 120 days of employment and must be at least nineteen years old (except for personal care attendants);
• the default contribution rate remains 3 percent of wages if the employee does not make an election;
• employers that maintain any of the retirement programs described in Section 219(g)(5) of the Internal Revenue Code of 1986 (e.g., tax-qualified retirement plans such as 401(k) and pension plans, 403(b) tax-sheltered annuity plans, simplified employee pension plans, and SIMPLE plans, among others) are exempt from the requirement to provide prescribed information about the program to or enroll their employees in the MyCTSavings program;
• qualified employers are not required to contribute to employee accounts or collect program fees from participants.

Tips for Employers

As of July 1, 2025, Connecticut mandates auto-enrollment for the MyCTSavings state-run retirement program or certification that an employer’s sponsored plan meets the required standards. The law expressly incorporates the automatic enrollment requirements included in Code Section 414A(b)(3)(A) which establishes a 3 percent minimum and a 10 percent maximum default contribution rate and a contribution escalator that automatically steps up default contributions in 1 percent annual increments to at least 10 percent but not more than 15 percent absent affirmative direction from the employee.

To ensure compliance, covered employers may want to consider auditing their enrollment procedures. This may involve updating existing internal protocols, keeping track of compliance deadlines to prevent the issuance of violations and financial penalties, and reviewing and updating enrollment policies and processes. Retraining and educating staff responsible for these processes is crucial to compliance.

Ogletree Deakins’ Stamford office will continue to monitor developments and provide updates on the Connecticut and Employee Benefits and Executive Compensation blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Employment, Safety Nominations Advance. This week, the U.S. Senate Committee on Health, Education, Labor and Pensions (HELP) advanced the nominations of Brittany Panuccio to serve on the U.S. Equal Employment Opportunity Commission (EEOC) and Jonathan Snare to serve on the Occupational Safety and Health Review Commission (OSHRC). If confirmed, Panuccio would join Acting Chair Andrea Lucas and Commissioner Kalpana Kotagal to reconstitute a functioning quorum at the Commission. OSHRC, on the other hand, has no commissioners at all, so Snare would need another nominee to join in order to return a quorum to OSHRC. Notably absent from the voting docket was Crystal Carey, President Donald Trump’s nominee to be general counsel of the National Labor Relations Board (NLRB). Carey had her hearing in conjunction with Panuccio’s but faced some tough questions from Senator Josh Hawley (R-MO). Republicans enjoy only a one-seat majority on the HELP Committee, so one defection significantly impacts the vote calculus.

H-1B Wage Selection Rule on the Way? U.S. Citizenship and Immigration Services (USCIS) has sent to the Office of Information and Regulatory Affairs (OIRA) a proposed rule titled “Weighted Selection Process for Registrants and Petitioners Seeking To File Cap-Subject H-1B Petitions.” At this stage in the rulemaking process, the proposal is not publicly available. When OIRA completes its review, USCIS will release the proposal, and stakeholders will have an opportunity to file written comments with the agency.

The title of the proposal is very similar to a rule that was finalized during the waning days of the first Trump administration titled “Modification of Registration Requirement for Petitioners Seeking To File Cap-Subject H-1B Petitions.” This regulation discarded the H-1B lottery in favor of a wage-ranking system. The Biden administration delayed the effective date of this regulation before withdrawing the regulation after it was vacated by a federal court. The Buzz suspects that this pending proposal will be very similar to the 2021 regulation that was finalized but never went into effect.

House Committee Advances Employment Bills. This week, the House Committee on Education and the Workforce voted to approve the following bills:

• Modern Worker Empowerment Act (H.R. 1319). This bill provides an easy-to-understand test for determining independent contractor status under both the National Labor Relations Act (NLRA) and the Fair Labor Standards Act (FLSA). There is a companion bill in the U.S. Senate (more on that below).
• Modern Worker Security Act (H.R. 1320). This bill would allow employers to provide benefits to workers (e.g., health insurance) without those benefits triggering a finding of employment status. There is a similar bill in the U.S. Senate called the Modern Worker Empowerment Act.
• Save Local Business Act (H.R. 4366). This bill would codify a “direct and immediate control” joint employer standard under the NLRA and FLSA.
• Student Compensation and Opportunity through Rights and Endorsements (SCORE) Act (H.R. 4312). The bill would set national standards for college athletics, and clarifies that student athletes are not employees.

Next stop for these bills will be a vote on the House floor, if Speaker Mike Johnson (R-LA) determines that they are priorities and have the votes to pass.

Senators Examine Portable Benefits Legislation. On July 17, 2025, the U.S. Senate HELP Committee held a hearing, “Freedom to Work: Unlocking Benefits for Independent Workers.” Senator Bill Cassidy (R-LA), who chairs the HELP Committee, undoubtedly scheduled the hearing to coordinate with the recent release of his independent worker legislative package. Witnesses testified that many independent workers enjoy the flexibility and entrepreneurship that exist outside of a traditional employer-employee relationship. Accordingly, some described the concept of portable benefits as a “game changer.” Others espoused the benefits of expanding the availability of association health plans to independent contractors. Not surprisingly, a union official witness criticized the bills, describing them as denying workers employment-based legal protections. Instead, he suggested that the U.S. Congress focus on the Protecting the Right to Organize (PRO) Act. Ranking Member Bernie Sanders (I-VT) used the hearing to promote his Pensions for All Act, which would require employers to provide employees with defined benefit pension plans.

House Republicans Examine EBSA, Seek More Transparency. On July 22, 2025, the House Committee on Education and the Workforce’s Subcommittee on Health, Employment, Labor, and Pensions held a hearing entitled, “Restoring Trust: Enhancing Transparency and Oversight at EBSA.” The hearing focused on ways to improve transparency and accountability at the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA), qualities that Republicans on the committee claim were lacking at the agency during the Biden administration. Lawmakers and witnesses discussed these bills:

• The EBSA Investigations Transparency Act (H.R. 2869), which would require EBSA to submit an annual report to Congress detailing which offices have opened enforcement investigations, how long those investigations are taking and other enforcement-related information.
• The Balance the Scales Act (H.R. 2958) would require EBSA to provide notice to an employer or employee benefit plan administrator when providing adverse assistance to plaintiff attorneys via “common interest agreements.” The bill would also require a report to Congress about EBSA’s use of such agreements.

As a reminder, Daniel Aronowitz, President Trump’s nominee to lead EBSA, has advanced through the Senate HELP Committee and is awaiting a full confirmation vote on the Senate floor.

For Whom the Bell Tolls. On July 24, 1888, the U.S. House of Representatives approved a resolution providing for legislative signal bells throughout the U.S. Capitol to alert members of various legislative proceedings. Bells announcing quorum calls, votes, and recesses ensure that members can conduct business away from the floor without missing important developments—or sometimes not-so-important developments. (In 1946, Michigan Representative Roy Woodruff used the bell system to locate his misplaced hat.) Construction of the Old House Office Building (later renamed after then-Speaker Joseph Cannon) in 1908 included the installation of the legislative bell (and light) system. The system, in conjunction with the incorporation of modern technology, is still used today.

Quick Hits

• New York State published final regulations implementing the 9/11 Notice Act, requiring employers to notify current and former employees who worked in affected areas during the September 11 attacks of their potential eligibility for benefits from federal compensation funds.
• The regulations emphasize that notification must be made “where practicable,” given the challenges of accessing employee records from over two decades ago.
• The final regulations took effect on June 4, 2025, but they fail to provide precise timing requirements for when employers must send the notices.

On May 15, 2025, the New York State Department of Economic Development (ESD) published final regulations in the New York State Register related to the 9/11 Notice Act, which seeks to enhance awareness among 9/11 victims—including office, restaurant, and retail workers around the former World Trade Center site—about their eligibility for compensation from the World Trade Center Health Program and September Eleventh Victim Compensation Fund. The final regulations took effect on June 4, 2025.

The 9/11 Notice Act, signed on September 11, 2023, emanated from concerns that only fractions of pools of eligible workers for the compensation funds have applied for benefits. The act directed ESD to “develop rules and regulations necessary to promote awareness and notification to any past or present businesses and their employees” in the designated affected areas.

Notice Requirements

The final regulations closely track the proposed regulations released in November 2024. The regulations direct businesses that had employees working near the former World Trade Center site during and in the months following the September 11, 2001, terrorist attacks to take steps to notify those employees “where practicable” of their potential eligibility for benefits from the federal compensation funds. (Emphasis added.)

The final regulations expressly address a comment received regarding the impracticality and burden of maintaining or accessing employee records dating back more than twenty years. In response, the regulation was edited to specify that the notice requirement applies only “where practicable” and in accordance with existing recordkeeping laws. (Emphasis added.)

The final regulations specify that notifications should be made by email, text, electronic message system, postal mail, or facsimile, and that entities providing such notification must maintain a duplicate copy for not less than three years. (Additionally, based on other materials released by the state, it appears the state is urging, though not requiring, employers to disseminate notice through social media.)

However, the final regulations still fail to provide express requirements on when the notices need to be made, other than to emphasize practicality and compliance with existing federal, state, and local recordkeeping laws and other legal requirements.

Affected Areas

The final regulations clarify the applicable affected areas with respect to each compensation fund:

• World Trade Center Health Program (“New York City disaster area”)—the area of Lower Manhattan south of Houston Street and any blocks of Brooklyn that are within a 1.5-mile radius of the former World Trade Center site, which includes areas of Dumbo and Brooklyn Heights.
• September Eleventh Victim Compensation Fund (“New York City exposure zone”)—the area of Lower Manhattan south of Canal Street and extending to Clinton Street and the East River, in addition to “any area related to or along the routes of debris removal, such as barges and the Fresh Kills landfill.”

Next Steps

If not already, employers may begin identifying employees and former employees who worked in the affected areas over the relevant time periods and who may be entitled to notice and start sending those notices. The state has further produced a toolkit and other guidance for employers on meeting these requirements.

Employers may also want to monitor new guidance or directives from ESD, the state, or other relevant authorities overseeing the regulations’ implementation for precise timing requirements.

Ogletree Deakins’ New York office will continue to monitor developments and will provide updates on the Employment Law, Hospitality, New York, and Retail blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Ohio WARN largely mirrors the federal Worker Adjustment and Retraining Notification (WARN) Act by requiring covered employers to provide sixty days’ advance notice before a plant closing or mass layoff.
• Ohio WARN includes ambiguities regarding its stated intent and which “mass layoffs” will trigger its notice requirements.
• Ohio WARN includes state-specific notice content requirements, including “[a] detailed statement explaining the reason” for the closure or mass layoff and information about available support for impacted employees.
• Ohio WARN incorporates federal WARN exceptions and remedies but imposes an additional required notice to be provided to the chief elected officer for the county in which the plant closing or mass layoff occurs.

Sixty-Day Notice Requirement and Exceptions

Like its federal counterpart, Ohio WARN requires covered employers to provide at least sixty days’ advance written notice before a qualifying layoff or closure. Ohio WARN also expressly adopts federal WARN’s exceptions to its sixty-day notice requirement, including shortened notice periods resulting from unforeseeable business circumstances, faltering businesses, and natural disasters. Ohio WARN also includes federal WARN’s notice exception for strikes and lockouts.

Ohio WARN Coverage, Trigger Events, and Ambiguity

Ohio’s WARN law specifies that notice is required by employers that:

• employ at least one hundred employees who collectively work a minimum of 4,000 hours each week; and
• conduct a plant closing or lay off fifty or more employees at a single site of employment within a thirty-day period.

Ohio WARN also specifically states:

• that its requirements “do not establish a different standard than that established by federal statutes and regulations”; and
• it adopts federal WARN’s definitions of “employer,” “plant closing,” and “mass layoff.”

Despite the above, Ohio WARN also states that employers must provide sixty days’ notice to employees whenever an “employer lays off fifty or more employees at a single site of employment during any thirty-day period.”

Under federal WARN, notice is only required for a “mass layoff” when an employer lays off fifty or more full-time employees at a single site of employment and the total number of laid-off employees equals 33 percent or more of the total employee headcount at the site of employment. As such, Ohio WARN presents ambiguity regarding whether the 33 percent or more qualifier applies to layoffs. In addition, Ohio WARN does not expressly adopt federal WARN’s potential ninety-day aggregation window for determining whether multiple mass layoffs may trigger notice requirements—making it unclear as to whether layoffs outside of a thirty-day window should be counted together when determining whether notice is required.

‘WARN-Plus’ Notice: Enhanced Notice Content Requirements

In addition to federal WARN’s requirements, Ohio WARN imposes additional notice requirements. It also requires notice to be provided to the chief elected official of the county where the plant closing or mass layoff is to occur—an obligation that does not exist under federal WARN.

Notices provided to nonrepresented employees must contain:

• a detailed statement explaining the reason for the plant closing or mass layoff;

• procedures for exercising bumping rights (if such rights exist);
• information on how affected employees can access unemployment insurance benefits and other assistance programs; and
• information about any available services for affected employees, including job placement assistance, retraining programs, or counseling services.

Notices provided to union representatives of affected employees must contain:

• a detailed statement explaining the reason for the plant closing or mass layoff; and
• the total number of employees affected by the plant closing or mass layoff, including the employees’ job titles or positions, and any department or division impacted.

Notice provided to the director of job and family services and to the chief elected officials of the municipal corporation and the county where the plant closing or mass layoff is to occur must contain:

• a detailed statement explaining the reason for the plant closing or mass layoff;
• a description of any action taken or planned to mitigate the impact of the plant closing or mass layoff, including any efforts to secure alternative employment or training for affected employees;
• the total number of employees affected by the plant closing or mass layoff, including the employees’ job titles or positions and any department or division impacted; and
• a copy of the notice provided to affected employees or their representatives, as applicable.

The Ohio WARN law does not expressly adopt federal WARN’s “short-form” notice option, meaning employers are likely required to create and attach schedules to the notices provided to the director of job and family services and local elected officials containing the job title (or position) and department (or division) of each affected employee.

Penalties

Ohio WARN does not include a separate civil penalty recoverable by the state. Instead, it expressly incorporates remedies outlined in federal WARN—namely, employee wages and benefits for each day of violation and penalties up to $500 for each day of violation.

Important Deadlines and Next Steps

The statute becomes effective on September 29, 2025. Employers planning reductions in force that may coincide with this date may want to begin assessing their obligations well in advance to avoid unintentional noncompliance. Where applicable, employers may want to consider whether an ongoing but previously unannounced round of layoffs could trigger coverage on or after the effective date.

The statute states that the director of the Ohio Department of Job and Family Services may issue guidance and procedures for the submission and review of notices by employers.

Ogletree Deakins’ Cleveland and Columbus offices and RIF/WARN Practice Group will continue to monitor developments and will provide updates on the Ohio and Reductions in Force blogs as additional information becomes available.

In addition, the Ogletree Deakins Client Portal provides subscribers with updated WARN and mini-WARN law summaries, as well as other information related to Terminations and RIFs, including Termination Notices and Final Pay Upon Termination requirements. For more information on the Client Portal or a Client Portal subscription, please reach out to clientportal@ogletree.com.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts