Quick Hits

• New and ongoing litigation at the DOJ’s Civil Rights Division is essentially frozen indefinitely.
• The freeze could have implications for the Immigration and Employee Rights Section, which handles claims of citizenship discrimination.

Hidden among a flurry of executive orders, within the first week of President Trump’s second term of office, the media reports the DOJ issued a freeze memorandum to its Civil Rights Division, which is the arm of the DOJ that enforces federal statutes prohibiting discrimination on the basis of race, color, sex, disability, religion, familial status, military status, or national origin. The memorandum reportedly freezes any ongoing litigation held over from the Biden administration, and it halts the division’s pursuit of any new cases or settlements. The Civil Rights Division is also tasked with enforcing voting and election laws. Although not confirmed, it is believed the action is aimed at freezing Biden administration’s focus on cases and claims involving discrimination and violence within police forces throughout the country, as well as cutting back on enforcement of existing voting rights laws.

What is unknown at this time is how this freeze will impact IER, whose role is to enforce the Immigration and Nationality Act’s (INA) prohibition on citizenship discrimination in the hiring, recruitment, and termination phases of employment. The INA also prohibits asking for more or different documents during I-9 processing during an employee’s onboarding. Any potential impact this purported memorandum has on IER is merely a consequence—and not a focus—of the freeze. What is also unknown is how this freeze may impact any ongoing litigation currently proceeding before the Office of the Chief Administrative Hearing Officer involving alleged violations of the INA.

President Trump’s pick for attorney general, Pam Bondi, has not yet been confirmed; however, the acting attorney general is James R. McHenry III, who directed the DOJ’s Executive Office for Immigration Review (EOIR) in President Trump’s first administration and served as EOIR’s chief administrative hearing officer in President Biden’s administration.

McHenry’s career has focused on immigration, which lends some insight into this latest freeze. Should Bondi assume the role of attorney general, the focus of the DOJ for the next four years will likely become clearer—particularly as to how it will handle allegations of citizenship discrimination in light of the administration’s heavy focus on immigration. This is an area employers should remain focused on in the next few months, with consideration given to reviewing internal policies and procedures to ensure compliance with the INA’s antidiscrimination provisions.

Next Steps

In the coming months, employers will want to remain focused and consider reviewing internal policies and procedures to ensure compliance with the INA’s antidiscrimination provisions.

Ogletree Deakins’ Immigration Practice Group will continue to monitor developments and will publish updates on the Immigration blog as additional information becomes available.

Follow and Subscribe

LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Venezuela was designated for TPS on March 9, 2021, due to extraordinary and temporary conditions and was newly designated on October 3, 2023.
• U.S. Secretary of Homeland Security Kristi Noem is terminating the 2023 TPS designation of Venezuela.
• TPS protections, including work authorization for Venezuelans aligned with the the 2023 TPS designation will terminate sixty days after publication of the U.S. Department of Homeland Security’s (DHS) notice on February 5, 2025.

U.S. Secretary of Homeland Security Kristi Noem is terminating the 2023 TPS designation of Venezuela. The termination is scheduled to be published in the Federal Register on February 5, 2025, and will take effect sixty days after publication. The termination follows Secretary Noem’s vacatur of former Secretary Alejandro Mayorkas’s order from January 2025, which had consolidated the TPS extension filing processes under both the 2021 and 2023 designations and extended certain employment authorization documents (EADs).

The homeland security secretary may designate a foreign country for TPS due to temporary conditions, such as ongoing armed conflict, an environmental disaster, epidemics, or other extraordinary and temporary conditions that prevent nationals of that country from safely returning. TPS beneficiaries are protected from removal from the United States and can apply for and receive work and travel authorization. TPS is currently authorized for other countries, including Ukraine, Sudan, Nepal, El Salvador, Honduras, Nicaragua, Haiti, and others, which have not been terminated.

Venezuela was designated for TPS on March 9, 2021 (the 2021 designation). The 2021 designation was extended on September 8, 2022, and again on October 3, 2023, with an expiration date of September 10, 2025. On October 3, 2023, a new designation was implemented (the 2023 designation) with an expiration date of April 2, 2025. Last week, Secretary Noem issued a vacatur of the TPS designation, stating that former Secretary Mayorkas’s approach was inconsistent with the TPS statute.

Periodically, the homeland security secretary must review country conditions and determine whether they continue to meet the requirements for TPS designation. Secretary Noem was required to determine by February 1, 2025, whether to extend or terminate the 2023 designation. In the notice from February 3, 2025, Secretary Noem determined that Venezuela no longer met the conditions for TPS designation and terminated its 2023 designation. The secretary cited improvements in Venezuela’s economy, public health, and public safety that allow for Venezuelan nationals to return to their home country. Secretary Noem further concluded that a continuation of the TPS designation was contrary to the national interest of the United States.

TPS, including employment authorization for Venezuelans aligned with the 2023 designation, will terminate sixty days after the DHS termination notice is published in the Federal Register on February 5, 2025. The termination is expected to impact an estimated 348,202 Venezuelans in the United States.

Next Steps

The homeland security secretary must determine by July 12, 2025, whether to extend or terminate Venezuela’s 2021 TPS designation. If the secretary does not make a timely determination by the applicable deadline, the 2021 designation will automatically be extended for an additional period of six months beyond its expiration date (September 10, 2025).

If the secretary makes a determination to terminate the 2021 designation, as with the 2023 designation, Venezuelan beneficiaries aligned with the 2021 designation will have to obtain an alternative immigration status and employment authorization by the relevant TPS termination date to remain in the United States and maintain work authorization.

Ogletree Deakins’ Immigration Practice Group will continue to monitor developments and will publish updates on the Immigration blog as additional information becomes available.

Follow and Subscribe

LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Employers may want to proactively address the potential for increased absenteeism on the Monday following the Super Bowl, often called “Super Sick Monday.”
• With heightened excitement leading up to the game, employers may want to address the potential for distractions and loss of productivity.

The National Football League’s (NFL) Kansas City Chiefs will play the Philadelphia Eagles in Super Bowl LIX in New Orleans, Louisiana. Surveys show that 75 percent or more of Americans plan to watch the game. Notably, in a 2024 survey of more than 3,000 U.S. residents by Siena College Research Institute (SCRI) and St. Bonaventure University’s Jandoli School of Communication, 50 percent of respondents indicated they support making the Monday following the Super Bowl a paid day off work.

Here are some potential employment issues around the Super Bowl that employers may not want to punt on addressing.

Watching for ‘Super Sick Monday’

The day after the Super Bowl, often referred to as “Super Sick Monday,” is notorious for high absenteeism and tardiness. Employers may want to anticipate this and consider implementing strategies to mitigate its impact. One course of action for employers would be to remind employees of the organization’s attendance and paid time office and sick leave policies. Other employers—particularly those in the Kansas City and Philadelphia areas, where many are expected to be watching and rooting on their hometown teams—may want to consider flexible scheduling or remote work options for the Monday following the game. Additionally, employers in and around the winning city may want to consider similar steps to prepare for potential absences for the typical championship parade.

Addressing Workplace Distractions

In the days leading up to the Super Bowl, employees may be more distracted than usual, discussing game predictions, organizing office pools, or planning game-day parties. While fostering a sense of camaraderie can be beneficial, employers may want to set clear expectations regarding productivity and/or encourage employees to enjoy the festivities during breaks or lunch hours. Some employers may want to organize a fan event, such as encouraging employees to wear clothes supporting their favorite team or a Super Bowl-themed luncheon. Such company-wide events provide employees with an outlet to express their excitement while maintaining productivity and can also be opportunities for employers to boost employee engagement and morale.

Handling Office Pools and Gambling

Office pools, squares, or other wagering games are always popular for the Super Bowl. These activities can foster camaraderie and communication among the workforce and raise concerns for employers. While the legalization of sports betting has spread rapidly in recent years, the practice is legal and operational in only thirty-eight states and Washington, D.C., as some major states, including California, Texas, and Georgia, are still on the sidelines. As such, employers may want to remind employees of their policies on gambling in the workplace. Employers may further want to avoid company-sponsored office pools or wagering games. If they do, employers may need to ensure that they are conducted in a manner that complies with state and federal laws and that participation is voluntary.

Next Steps

The Super Bowl is a time of excitement and celebration, but it can also present challenges for employers. By proactively addressing these issues employers can maximize and maintain employee morale and productivity.

Ogletree Deakins will continue to monitor developments and will provide updates on the Employment Law and Sports and Entertainment blogs.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• Employers may want to review employment contracts, collective agreements, and applicable statutory rules before implementing any workforce restructuring.
• Some restructuring options may avoid or delay permanent job losses, notably through government work-sharing programs or temporary layoffs.
• When permanent layoffs are unavoidable, it is important to have in mind the different rules that may apply to union and nonunion employees to mitigate potential legal liabilities.

Consider Accessing Government Help Programs

Employment and Social Development Canada (ESDC) has established a Work-Sharing Program (WSP) that seeks to help employers avoid layoffs when there is a temporary decrease in normal levels of business activity that is beyond their control. The WSP provides income support to employees eligible for Employment Insurance benefits who are required to work a reduced workweek during a period of economic hardship for the employer. Affected employees must experience, and agree to, at least a 10 percent reduction in their normal weekly earnings to participate. The agreement of the employer, and union if any, is also required to participate in this program.

WSP agreements must be at least six weeks’ duration and can go as long as twenty-six weeks. In some cases, they can be extended up to thirty-eight weeks.

For an employer to participate in the WSP, it must have operated a year-round business in Canada for at least two years. Eligible employers can be for profit or nonprofit, public, or private.

Further information on eligibility requirements and the application process can be found here.

Apart from the WSP, various other federal and provincial programs seek to lessen the impact of mass layoffs due to economic circumstances, notably by assisting affected workers in their search for alternative employment. At the federal level, the Canada Retraining and Opportunities Initiative supports this goal. The federal government also spends over $2 billion per year through Labour Market Development Agreements with provinces and territories, which seek to help affected individuals gain new skills and find new employment, among other things.

Consider Temporary Layoffs

Whether under a WSP or not, some employers may consider temporarily laying employees off. The rules here vary depending on whether the affected employees are represented by a union or not.

For nonunion employees, a temporary layoff may result in claims for wrongful dismissal unless the affected employees’ contracts of employment expressly or implicitly allow for temporary layoffs. Before proceeding with a temporary layoff, existing employment agreements and the contextual circumstances (i.e., is there a history of layoffs at this employer or in its industry?) need to be considered. Even if a temporary layoff may be contractually permissible, employment standards laws may set limits on how long a temporary layoff may last before an employee is deemed discharged and eligible for termination pay and other potential termination entitlements. For example, in the province of Ontario, employment standards legislation generally limits the period of temporary layoff to thirteen weeks, although this may be extended further in certain circumstances.

For unionized employees, the provisions of a collective agreement may require an employer to consult with the union prior to proceeding with a layoff. And a collective agreement may also set rules as to how layoffs must proceed, and what laid off employees’ recall rights are.

Consider Renegotiating Existing Terms of Employment

Although no employee or union will like the idea of a mid-contract reopener, in difficult times this may be the best option as an alternative to ending the employment relationship. This option cannot be forced on employees or unions and is best approached in good faith, supported by genuine hardship that an employer will otherwise be facing. There may also be legal rules that come into play that can have an impact on the enforceability of any renegotiated agreement.

Consider the Applicable Termination Rules

If permanent layoffs cannot be avoided, Canadian law presents a complex web of common law, contractual requirements, and statutory rules concerning employment termination that must be carefully considered before acting. Again, the applicable rules vary by whether an affected employee is represented by a union or not.

In general, when a nonunion employee is dismissed without just cause, the employee is entitled to reasonable advance notice of the employment termination, pay in lieu of that notice, or a combination of both. Employment standards laws establish the minimum termination entitlements for all employees. Some provinces, such as Ontario, require the payment of severance pay and the maintenance of benefits coverages during the period of statutory termination notice. Beyond statutory entitlements, nonunion employees may have further entitlements under an employment contract or at common law.

For unionized employees, the applicable collective agreement may provide for severance or other entitlements above employment standards minimums.

For both unionized and nonunion employees, collective dismissal (or mass termination) rules may also come into play, depending notably on the number of employees discharged in a given period of time. For example, in Ontario, the applicable threshold is “50 or more employees at the employer’s establishment in the same four-week period.” In Québec, the threshold is met in the case of “termination of employment by the employer, including a layoff for a period of six months or more, involving not fewer than 10 employees of the same establishment in the course of two consecutive months.”

Consider Helping Employees Transition to Alternative Employment

For nonunion employees who have a potential contractual or common law claim for pay in lieu of notice, the liabilities can be considerable. Long service and older employees can in some cases assert claims for up to twenty-four months of their total remuneration, or more in exceptional circumstances.

However, these potential claims may be reduced under the legal doctrine of mitigation. Plaintiffs generally must prove their damages, and, practically speaking, this means that they must show that they tried their best to find alternative employment but were unable to do so. As a corollary, if an employer can show that an employee did not take reasonable steps to find alternative work during the claimed notice period, and that the employee likely could have found alternative work with sufficient effort, this can have the effect of reducing the employee’s potential entitlements. Similarly, the sooner that an employee finds reasonable alternative employment, the sooner that a terminating employer’s potential liabilities may cease.

For this reason, it is often a good idea for employers to take active steps to help employees transition to alternative employment. Outplacement services can be offered. Employees can be directed to applicable government programs. And employers can even carry out ongoing job searches for affected employees, bringing job opportunities to their attention. If litigation ensues, employers will be able to rely on proof of such measures in arguing for a reduction or elimination of excessive damages claims that discharged employees may bring.

Other Considerations

Employees who are dismissed for economic reasons while on leave (maternity, disability, etc.) may raise allegations of discrimination or reprisal under employment standards and antidiscrimination laws. Legal proceedings in that context may probe the reasons for selecting such employees for dismissal, as opposed to others. Accordingly, employers may want to ensure they have a properly documented nondiscriminatory selection process to be able to later justify the decision-making process.

Conclusion

The full impact of the United States’ proposed tariffs remains to be seen, but current indicators suggest that the imposition of across-the-board tariffs would have a significant effect on the Canadian workforce. For this reason, employers with Canadian operations may want to undertake impact assessments now and consider the lawful restructuring strategies that may be employed to mitigate the impacts of U.S. tariffs and related and potential legal liabilities.

Ogletree Deakins’ Calgary, Montréal, and Toronto offices will continue to monitor developments and will provide updates on the Cross-Border blog as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• On January 20, 2025, President Trump issued a presidential memorandum, “Regulatory Freeze Pending Review,” directing “all executive departments and agencies” to refrain from proposing or issuing “any rule in any manner” until a department or agency head appointed or designated by the president reviews and approves the rule.
• It immediately withdraws any rules that have been sent to the Office of the Federal Register but have not yet been published.
• The memorandum’s directives apply to a broad range of OSHA activity, including rulemaking related to “Heat Injury and Illness Prevention in Outdoor and Indoor Work Settings” and the “Emergency Response Standard.” OSHA’s “Walkaround Rule,” recent Hazard Communication Standard updates, and the most recent updates to OSHA’s recordkeeping rules would appear not to be affected.

Executive action related to new and pending rules is not unique to this administration but instead has almost become a standard practice for an incoming president. The “Regulatory Freeze Pending Review” memorandum states, in pertinent part, the following:

(1) Do not propose or issue any rule in any manner, including by sending a rule to the Office of the Federal Register (the “OFR”), until a department or agency head appointed or designated by the President after noon on January 20, 2025, reviews and approves the rule. […]

(2) Immediately withdraw any rules that have been sent to the OFR but not published in the Federal Register, so that they can be reviewed and approved as described in paragraph 1….

(3) …[C]onsider postponing for 60 days from the date of this memorandum the effective date for any rules that have been published in the Federal Register,or any rules that have been issued in any manner but have not taken effect, for the purpose of reviewing any questions of fact, law, and policy that the rules may raise.

The directives apply to “rules,” broadly  defined to include a wide range of agency actions and terms, including:

• “rule[s],” as defined by the Administrative Procedure Act;
• “regulatory action,” as defined in section 3(e) of Executive Order 12866 of September 30, 1993 (“Regulatory Planning and Review”), as amended; and
• “guidance document[s],” as defined in section 2(b) of Executive Order 13891 of October 9, 2019 (“Promoting the Rule of Law Through Improved Agency Guidance Documents”).

The presidential memorandum states that its requirements apply to “any substantive action by an agency (normally published in the Federal Register) that promulgates or is expected to lead to the promulgation of a final rule or regulation” and “any agency statement of general applicability and future effect that sets forth a policy on a statutory, regulatory, or technical issue or an interpretation of a statutory or regulatory issue.”

Squarely within the parameters of this executive action are OSHA’s “Heat Injury and Illness Prevention in Outdoor and Indoor Work Settings” rulemaking and the “Emergency Response Standard” rulemaking. Neither of these proposals was expected to survive the change in administrations resulting from the 2024 presidential election.

Rulemakings in process that the memorandum’s directives will not directly impact include the “Prevention of Workplace Violence in Healthcare and Social Assistance” rulemaking, the proposed infectious disease standard for the healthcare sector, the proposed tree care standard, the communications tower safety standard, and revisions to the process safety management standard. Other rulemaking that will not be impacted include the so-called “Walkaround Rule,” the recent Hazard Communication Standard updates, and the most recent updates to OSHA’s recordkeeping rules.

Similarly, until the sixty-day period mentioned in the presidential memorandum expires, employers should not expect that any pending standard interpretations or other guidance will be forthcoming from OSHA.

Ogletree Deakins’ Workplace Safety and Health Practice Group will continue to monitor developments and will provide updates on the Healthcare, Workplace Safety and Health, and Workplace Violence Prevention blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• President Trump appointed William B. Cowen as acting general counsel of the NLRB.
• The appointment comes after President Trump, in the past week, discharged former NLRB General Counsel Jennifer Abruzzo and her replacement, NLRB Acting General Counsel Jessica Rutter. President Trump also removed NLRB Member Gwynne Wilcox.
• The NLRB said that field offices will continue to process unfair labor practice and representation cases.

Acting General Counsel Cowen has served as the Regional Director for the NLRB’s Los Angeles Region Office (Region 21) since 2016 and previously served as an NLRB member from January 22, 2002, to November 22, 2002, after having been appointed by the then-President George W. Bush, according to the statement from the NLRB.

The statement did not indicate who President Trump will formally appoint to fill the general counsel position. The appointment must also be confirmed by the U.S. Senate.

On February 1, 2025, President Trump discharged former Acting General Counsel Rutter, who was elevated to acting general counsel after President Trump discharged former General Counsel Abruzzo on January 27, 2025. Rutter had previously served as Deputy General Counsel under Abruzzo.

The same day as Rutter’s discharge, the NLRB issued a notice to the public that the NLRB Office of the General Counsel’s field offices will continue to process unfair labor practice (ULP) cases and representation cases as normal, pursuant to the National Labor Relations Act (NLRA), applicable regulations, and case law.

However, President Trump’s removal of Member Wilcox leaves the NLRB without a quorum to hear cases. The Board has only two sitting members: Republican appointee Marvin Kaplan, whom President Trump named the NLRB chair on his first day in office, and Democratic appointee David Prouty, whose term is set to end in August 2026.

The changes at the NLRB come as President Trump has also removed Democratic U.S. Equal Employment Opportunity Commission (EEOC) Commissioners Charlotte A. Burrows and Jocelyn Samuels and discharged EEOC General Counsel Karla Gilbride.

Next Steps

The NLRB shake-up has created some uncertainty. While the agency has said field offices will continue to hear ULP cases and representation cases, the Board lacks a quorum to hear challenges. Meanwhile, former NLRB Member Wilcox has said that she is exploring legal options to challenge her removal, which is likely to lead to a lengthy court case that could ultimately land before the Supreme Court of the United States.

Under the Trump administration, more policy changes at the NLRB are expected, but they could take time to implement as a new general counsel must be confirmed and new NLRB members appointed.

Ogletree Deakins’ Traditional Labor Relations Practice Group will continue to monitor developments and will provide updates on the Traditional Labor Relations blog.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The Laken Riley Act authorizes states to sue for injunctive relief to stop the issuance of visas to nationals of a country that denies or unreasonably delays the acceptance of nationals ordered removed from the United States.
• The act potentially allows state attorneys general to disrupt federal immigration policies and procedures.
• Foreign nationals of certain countries may be unable to obtain visa stamping at U.S. consulates if their “home countries” deny or unreasonably delay the acceptance of their nationals ordered removed from the United States.

The Laken Riley Act places unprecedented power in the hands of state attorneys general (and other authorized state officers) to reshape federal immigration law by allowing states to sue for injunctive relief to halt the issuance of visas at U.S. consulates for nationals of certain countries. Thus, a singular state’s attorney general could potentially sue for injunctive relief to stop visa issuance to nationals of entire countries.

Next Steps

It will be important to closely monitor which countries are willing to cooperate with the Trump administration by repatriating and accepting their nationals who are ordered removed from the United States. Countries that deny or unreasonably delay repatriation could cause immense unintended issues for their nationals who are lawfully present in the United States or intend to lawfully enter the United States. Impacted foreign nationals needing new visa stamps for international travel or initial visa stamps to enter the United States could face unexpected delays or impasses in these scenarios.

Ogletree Deakins’ Immigration Practice Group will continue to monitor developments and will publish updates on the Immigration blog as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The IRS has clarified the tax treatment of mandatory employee and employer contributions to state PFML funds, as well as optional employer payment of mandatory employee contributions.
• Employers can deduct their contributions as business expenses, while employees may deduct their contributions as state income taxes if they itemize deductions and otherwise do not exceed the SALT deduction cap.
• Amounts paid to employees as family leave benefits are included in the employee’s gross income but are not wages for federal employment tax purposes.
• Amounts paid to employees as medical leave benefits align with Internal Revenue Code § 104(a)(3), which are only taxable in instances where contributions were not included in the employee’s gross income or paid by the employee.
• The IRS has provided a transition period for enforcement and administration of these rules for calendar year 2025.

Background

Over recent years, a number of states have enacted PFML statutes to provide wage replacement to workers for periods in which they need to take time off from work due to their own nonoccupational injuries, illnesses, or medical conditions, or to care for a family member due to the family member’s serious health condition or other prescribed circumstance. Many PFML statutes require contributions from both the employer and the employee, with some allowing the employer to cover the employee’s mandatory contribution rather than withholding the amounts from wages (“employer pick-up”).

Federal Income Tax Treatment of Contributions

Employee Contributions

Mandatory employee contributions withheld from wages are treated as state income taxes and are deductible under § 164(a)(3) if the employee itemizes deductions and the deductions are subject to the state and local taxes (SALT) deduction limitation under § 164(b)(6). These amounts are included in the employee’s gross income and wages for federal employment tax purposes.

Employer Contributions

Mandatory employer contributions are treated as state excise taxes and are deductible by the employer under § 164(a). These amounts are not included in the employee’s gross income.

Employer Pick-Up of Employee Contributions

If an employer voluntarily pays part of the employee’s required contribution, this amount is treated as additional compensation to the employee under § 61 and is included in the employee’s gross income and wages for federal employment tax purposes. The employer can deduct this amount as a business expense under § 162.

Federal Income Tax Treatment of Benefits

Family Leave Benefits

Amounts paid to employees as family leave benefits are included in the employee’s gross income but are not wages for federal employment tax purposes. The state must report these payments on Form 1099 if they aggregate $600 or more in any taxable year.

Medical Leave Benefits

Amounts paid to employees as medical leave benefits that are attributable to the employee’s contribution (including employer pick-up of employee contributions) are excluded from the employee’s gross income under § 104(a)(3) and are neither wages for federal employment tax purposes nor treated as sick pay. However, to qualify for medical leave benefits under a PFML statute, the time off from work must relate to the employee’s own serious health condition. Further, amounts attributable to the employer’s contribution are included in the employee’s gross income and are considered wages for federal employment tax purposes. The state must follow the sick pay reporting rules attributable to third-party payments by a party that is not an agent of the employer.

Transition Period for Enforcement and Administration

The IRS has designated calendar year 2025 as a transition period for the enforcement and administration of the information reporting requirements and other rules described in the guidance. This transition period is intended to provide states and employers time to configure their reporting and other systems.

Ogletree Deakins’ Employee Benefits and Executive Compensation Practice Group will continue to monitor developments and will provide updates on the Employee Benefits and Executive Compensation and Leaves of Absence blogs as additional information becomes available.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• The U.S. Department of Homeland Security published new security requirements for restricted transactions to prevent access to covered data and systems by countries of concern and certain persons affiliated with such countries.
• The security requirements, which include stricter cybersecurity policies, multifactor authentication (MFA), incident response plans, and robust encryption to prevent unauthorized access to sensitive data, were published in conjunction with a Justice Department rule implementing a Biden administration-era executive order on cybersecurity.
• Companies with employees in high-risk countries may face significant challenges in ensuring compliance with the new requirements, particularly regarding access to essential networks needed for business operations.

On January 3, 2025, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) released finalized security requirements for restricted transactions pursuant to Executive Order (EO) 14117, “Preventing Access to American’s Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern,” issued in February 2024 by then-President Joe Biden. The requirements were developed in conjunction with a DOJ final rule, which was published in the Federal Register on January 8, 2025, implementing EO 14117.

The CISA security requirements apply to certain restricted transactions identified by the DOJ that involve “bulk sensitive personal data or United States Government-related data” as defined by the DOJ and EO 14117 or that are of a class of transaction determined by the DOJ to pose an unacceptable risk to national security because it may enable certain “countries of concern or covered persons to access  bulk sensitive personal data or United States Government-related data.”

The DOJ has identified six “countries of concern”: (1) China, including the special administrative regions of Hong Kong and Macau, (2) Cuba, (3) Iran, (4) North Korea, (5) Russia, and (6) Venezuela. A “covered person” is an individual or entity associated with a country of concern, and the term includes: (1) entities that are controlled or owned by one or more countries of concern, (2) entities that are controlled by “one or more persons” affiliated with a country of concern, (3) individuals who are “employee[s] or contractor[s] of a country of concern,” or (4) an entity controlled by a country of concern, and individuals the attorney general determines may be controlled by or act on behalf of a country of concern or other “covered person.”

Existing laws and regulations surrounding international data transfers, which are often transaction- or sector-specific, did not comprehensively address bulk data transfers to countries of concern. And, with respect to the personal data of U.S. citizens, certain common data processing principles are unequally applied given the existing patchwork of state and sectoral privacy laws. Accordingly, in an effort to fill the gap, the security requirements articulated by the DHS cover (1) organizational and system-level requirements for covered systems and (2) data-level requirements for data that is the subject of a restricted transaction.

Organizational- and System-Level Requirements

The security requirements state that entities must require that “basic organizational cybersecurity policies, practices, and requirements” are implemented with respect to any covered system (i.e., information systems used to interact with covered data in connection with  restricted transactions). These steps include:

1. maintaining an inventory of covered system assets and ensuring the “inventory is updated on a recurring basis”;
2. designating an organizational level individual, such as a Chief Information Security Officer, who will be “responsible and accountable” for cybersecurity and governance, risk, and compliance (GRC) functions;
3. remediating any known exploited vulnerabilities (KEVs);
4. documenting vendor/supplier agreements for covered systems;
5. developing an “accurate network topology of the covered system”;
6. adopting policies that require approval of new hardware or software before it is deployed in a covered system; and
7. developing and maintaining incident response plans.

The requirements further call for entities to implement “logical and physical access controls” to protect access to data by covered persons or countries of concern, including the use of multifactor authentication (MFA) to prevent inappropriate access to data or, in the limited circumstances where MFA is not possible, stringent password requirements. Entities will wish to consider paying close attention to their processes for evaluating the sufficiency of the their security protocols on an ongoing basis, including through the issuance and management of identities and credentials associated with authorized users, services, and hardware, and the prompt revocation of credentials of individuals who leave or change roles.

The requirements likewise mandate the ongoing collection and storage of logs that relate to access to covered systems and the security of the same. Additional technical specifications include the default denial of connections. Finally, the requirements direct entities to conduct internal data risk assessments and evaluate, on an ongoing basis, whether an entity’s approach to security is sufficient to prevent access to covered data.

Data-Level Requirements

The CISA security requirements direct entities to implement data-level measures to “fully and effectively prevent access to covered data that is linkable, identifiable, unencrypted, or decryptable using commonly available technology” by the covered person, employee, or vendor, or the governments of countries of concern. The requirements call for:

1. applying data minimization and masking strategies, which must include the preparation of and adherence to written data retention and deletion policies, and processing restrictions geared toward transforming the data such that it is no longer considered to be covered data or such that it is unlikely to be linked to an American person;
2. utilizing compulsory encryption techniques to protect data;
3. applying “privacy enhancing technologies” or “differential privacy techniques” during the course of any processing activities associated with covered data; and
4. configuring identity and access management techniques to deny access to covered systems by covered persons or countries of concern.

Next Steps

The CISA security requirements may have major implications for global companies with employees in countries of concern, such as China, and are likely to raise concerns about whether such employees will be able to access networks and information that are critical for them to do their jobs.

However, employers with substantial operations in potentially impacted countries may want to take note that while the security requirements discussed above are being implemented pursuant to a Biden administration EO, it remains to be seen whether the Trump administration will roll back the security measures as part of the administration’s ongoing deregulation focus, particularly to the extent the requirements may have the practical impact of restricting work in China. Moreover, President Trump has issued a “Regulatory Freeze Pending Review,” which could delay the April 8, 2025, effective date of the DOJ’s final rule.

In the meantime, employers may want to take steps to prepare for the CISA security requirements and DOJ regulations regarding countries of concern and covered persons. To do so, companies may want to assess the extent to which they employ covered persons in countries of concern or have entered into contracts with vendors who rely upon personnel based in such countries. If they determine this to be the case, they may wish to assess whether they have necessary privacy and security safeguards, both technical and contractual, to prevent improper access to protected personal and U.S. government data.

Ogletree Deakins’ Cybersecurity and Privacy Practice Group will continue to monitor developments and will provide updates on the Cross-Border, Cybersecurity and Privacy, Global Reorganizations, and Government Contractors blogs.

Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts

Quick Hits

• A romantic entanglement between coworkers that ends badly could provoke a harassment or retaliation lawsuit.
• Many employers discourage or prohibit dating between supervisors and employees.
• A number of strategies can help employers reduce the legal risk of workplace romances.

While love can be a “many splendored thing,” workplace romances may sometimes lead to harassment lawsuits, retaliation lawsuits, workplace disruptions, or loss of valuable talent. While workplace romances are not per se illegal, relationship problems sometimes lead to unwanted attention, misunderstandings, or even unprofessional behavior in the workplace. Because employers are required to ensure that their employees aren’t subject to sexual harassment or retaliation at work, these situations, while ostensibly personal, can lead to company involvement.

While employers certainly don’t have a direct say in personal relationships, employers can implement policies that discourage or prohibit romantic relationships at the workplace, especially those between supervisors and supervisees. Such policies aim to prevent favoritism and conflicts of interest, especially where a supervisor would be in a position to help or harm their sweetheart’s (or ex-sweetheart’s) career either during a relationship or after the relationship has ended.

Finally, employers can direct employees to inform HR about workplace relationships to confirm that those relationships are consensual. Some employers ask dating employees to sign a “love contract,” asserting that their relationship is consensual and not sexual harassment. Such documentation protects both the company and the participants in the relationship.

Next Steps

To mitigate the legal risk of office romances, employers may want to consider:

• reminding employees about written policies against harassment that occurs in person or online;
• requiring professional behavior at the workplace, communicating this policy clearly with specific examples of what is (and is not) considered professional behavior, and stating the specific consequences for those who display unprofessional behavior at the workplace or work-related events;
• providing anti-harassment training during work hours, and reminding workers that emails, texts, and other communications sent on the employer’s devices and networks may be monitored by the employer; and
• requiring workers to report sexual harassment or retaliation to HR, a manager, or a confidential hotline, and reminding managers that it’s illegal to retaliate against an employee for reporting harassment.

For more information on this topic, please join us for our upcoming webinar, “Hearts at Work: Effectively Managing Office Romances,” which will take place on Wednesday, February 12, 2:00 to 3:00 p.m. ET. The speakers, Jennifer G. Betts and Maria Greco Danaher, will offer effective strategies for minimizing the legal risks associated with workplace romances, including establishing clear anti-harassment policies, conducting employee training, and exploring the potential benefits of “love contracts.” Register here.

Ogletree Deakins will continue to monitor developments and will provide updates on the Employment Law blog as new information becomes available.

Maria Greco Danaher is a shareholder in Ogletree Deakins’ Pittsburgh office.

Bethany S. Wagner is a shareholder in Ogletree Deakins’ Pittsburgh office.

This article was co-authored by Leah J. Shepherd, who is a writer in Ogletree Deakins’ Washington, D.C., office.

Follow and Subscribe

LinkedIn | Instagram | Webinars | Podcasts