Be Aware and Be Prepared: Data Privacy and Employee Benefits

Essential Privacy Considerations for Employee Benefits

Data privacy concerns continue to grow. For many businesses, employee benefits are a major source of sensitive data subject to growing risks. Here are some key privacy considerations from an employee benefits perspective.

Do you know where data is coming from and going to?

Knowing what benefits data your business has is a critical first step. Benefits information often includes names, personal contact information, beneficiary designations, Social Security Numbers, banking information, and information about spouses and dependents. This is why benefits information creates so many risks for businesses and opportunities for bad actors. Once you know what data you have, knowing who sends, receives, and accesses that data is critical to compliance and risk reduction.

Is there a plan in place to determine if a breach has occurred and how to respond?

Breaches happen increasingly often. Planning and having a process to follow is an essential part of a proper response. This includes processes to determine if a potential breach has occurred, and processes for responding to breach notifications from service providers.

Do you obtain appropriate information to access your risks?

The type and amount of data used by service providers will determine how carefully and frequently you should review their policies, procedures, and any past problems. This information can help you determine your risk and risk mitigation.

Are necessary agreements in place with service providers?

Privacy provisions should be added to service provider agreements. This language needs to be up-to-date and maintained for compliance purposes. Whether it is a Business Associate Agreement for HIPAA or a data privacy addendum for broader privacy compliance of language in the primary agreement, this language will be the starting point for setting expectations, assessing liability, and documenting compliance.

Is your privacy policy consistent?

It is important that the privacy policy you have provided to employees remains consistent with the actions you and your service providers take with employee benefits data. It is also important to ensure these privacy policies are in compliance with the applicable and regularly changing data privacy laws.

Do you know what laws, standards, and contractual obligations apply?

A wide array of state and federal laws provide privacy rules. Understanding which laws apply and what data they apply to is an important first step. For instance, the Department of Labor has shown an increasing focus on data privacy under ERISA, especially regarding ERISA’s fiduciary duties and personal liability.  

Is your documentation sufficient?

Beyond agreements, your documentation should be sufficient to record compliance if there is an audit or investigation, provide instructions if there are concerns about a data privacy incident, and reduce liability through insurance coverage and other protection.

Does insurance cover your risks?

Breaches and penalties are often excluded from general insurance coverage. Even when you have a rider or policy specific to data privacy, there can be exclusions if you do not have sufficient processes and procedures in place. Work with trusted advisors to ensure you have the insurance coverage you want and expect, and on how to ensure that its coverage will apply to your circumstances.

Do you offer privacy benefits?

Providing data monitoring, alerts and similar services can be offered as a benefit in many circumstances. However, to maximize the benefit to employees, the benefit must follow several rules, which can differ depending on the specifics of your business.

It is never too early to address data privacy for employee benefits or otherwise. This advisory provides only a summary of some of the biggest aspects of privacy for benefits. If you have questions or need assistance, contact a member of our Employee Benefits and Executive Compensation or Data Privacy and Cybersecurity Teams.

New Title IX Rule Offers Schools Flexibility and Discretion in Compliance

Title IX Final Rule Provides Flexibility for Schools

On April 19, 2024, after reviewing and responding to over 230,000 public comments, the Department of Education released its 1,577-page Final Rule under Title IX, which prohibits discrimination on the basis of sex in federally funded education. The Final Rule, originally proposed by the Biden Administration in June 2022, is expected to be published in the Federal Register in May 2024 and demands compliance by August 1, 2024, or risk losing federal funding. The Final Rule is notable in that it provides schools and institutions greater flexibility to tailor decisions based on distinctions in school size, the unique populations of students, and specific organizational dynamics.

Among the 2024 Final Rule’s key provisions are the following:

  • Scope of Sex Discrimination and Sex-Based Harassment: The Final Rule clarified the scope of sex discrimination and sex-based harassment, providing that sex discrimination and sex-based harassment include discrimination and harassment based on sex stereotypes, sex characteristics, pregnancy or related conditions, sexual orientation, and gender identity.
  • Sex Separation and Different Treatment: The Final Rule prohibits separation or different treatment based on sex if it causes more than de minimis harm, providing that preventing an individual from participation in an educational program or activity consistent with that individual’s gender identity constitutes more than de minimis harm.  
  • Accommodations for Breastfeeding: The Final Rule requires that modifications and accommodations be given to breastfeeding students and employees, such as providing reasonable break times for lactation for employees and lactation space for students and employees.  
  • Protection for Pregnancy or Related Conditions: The Final Rule protects students and employees from discrimination based on medical conditions related to, or who are recovering from, pregnancy, childbirth, termination of pregnancy, and lactation.
  • Informal Resolution Process: The Final Rule permits complaints of sex discrimination to be adjudicated via an informal resolution process. Notably, participation in any informal resolution process cannot be mandatory.  

Since the release of the Final Rule, 15 states have filed lawsuits against the Department of Education, arguing that the Department acted unconstitutionally in releasing the Final Rule.  

The Department of Education’s proposed rule related to athletics, proposed in April 2023, is still under consideration, pending review of over 150,000 public comments.

Leaders at educational institutions are encouraged to consult with legal counsel to discuss their paths to compliance with the Final Rule, including possible revisions to Title IX policies and procedures and training for employees. Varnum’s Higher Education practice team stands ready to assist with any questions or concerns about the New Rule and the application.

My Safe Florida Condo Pilot Program: Frequently Asked Questions

Governor DeSantis Launches My Safe Florida Condo Pilot Program

On April 24, 2024, Florida Governor Ron DeSantis signed House Bill 1029 into law, marking a pivotal moment in bolstering condominium resilience against hurricane damage. This significant milestone is important for Florida’s condominium owners’ associations to recognize in furtherance of efforts to protect Florida’s infrastructure.

House Bill 1029, also known as the My Safe Florida Condominium Pilot Program, aims to provide condominium associations with a mechanism similar to the My Safe Florida Home Program that was previously made available to single family homes. This initiative establishes the My Safe Florida Condominium Pilot Program, enabling eligible condominiums to apply for various grants to fortify their buildings and minimize the impact of hurricanes.

Who is eligible?

Condominium associations that meet specified criteria can apply for mitigation grants under the program.

What are the voting requirements for Condominium Associations?

Associations must obtain approval through a majority vote of the board of directors or a majority vote of the total voting interests of the association to apply for an inspection. After an inspection has been conducted and the association has been found eligible to receive funds under the Program, a second affirmative vote of a majority of the board of directors or of the total voting interests of the association and the unanimous vote of all unit owners within the structure or building subject to the grant is required prior to apply for a grant.

What information needs to be disclosed?

Prior to conducting the vote of unit owners, associations are required to provide clear disclosure of the program using a form that will be created by the Florida Department of Financial Services. The president and treasurer of the board of directors must sign the disclosure form, which will be kept as part of the association’s official records.

Do Condominium Associations need to provide notice?

Yes, condominium associations are required to provide written notice within 14 days of an affirmative vote to participate in the Program to all unit owners, in accordance with the statutory requirements of Section 718.112(2)(d), Florida Statutes.

How much can a Condominium Association apply for in grants?

The grant is capped at $175,000 per condominium association and can be utilized for various improvements, including opening protection, reinforcing roof-to-wall connections, enhancing roof-deck attachments, and implementing secondary water resistance for the roof.

Can individual units participate?

Mitigation grants are awarded to condominium associations collectively, and individual unit owners may not participate in the Program.

House Bill 1029 creates Section 215.5587, Florida Statutes, further solidifying its significance in the state’s efforts to bolster the tens of thousands of condominiums throughout the state. These legislative enhancements are anticipated to enhance community associations in safeguarding their properties and residents against natural disasters.

Varnum is closing monitoring other important pieces of legislation that may be signed by Governor DeSantis. Stay tuned for additional updates so your association can be prepared to comply with any new legal requirements for associations. Contact your Varnum Attorney if you have additional questions.

FTC Bans Non-Compete Agreements: Health Care Industry Implications

Healthcare Implications of the FTC’s Non-Compete Ban

Update July 8, 2024:  A federal district court in Texas has issued a preliminary injunction preventing the FTC from enforcing its rule banning most non-compete agreements against a Texas-based tax firm and a group of business associations.  The court’s preliminary injunction does not prevent the FTC from enforcing the rule against other U.S. companies.  Thus, for now, the FTC rule banning most non-compete agreements is still scheduled to take effect on September 4, 2024.  However, the Texas court ruled that the pending legal case is “likely to succeed on the merits,” and promised a ruling on those merits by August 30. 

In the meantime, legal challenges to the FTC’s ban on non-competes are pending in other courts.  Thus, there remains a great deal of uncertainty what will happen to the FTC’s attempt to outlaw most non-compete agreements.  The FTC’s rule might go into effect on September 4, it might be blocked in other limited cases, or it might be struck down entirely.  Employers and businesses are encouraged to monitor developments closely over the summer.  Varnum’s Corporate and Labor and Employment Practice Teams stand ready to assist businesses with any questions or concerns they may have, and will issue updates as soon as they are available.

Update May 7, 2024: The new FTC rule banning most non-compete agreements was published in the Federal Register on May 7, 2024, and thus will take effect 120 days later on September 4, 2024.

Following a 90-day public comment period generating more than 26,000 comments, the Federal Trade Commission (FTC) voted Tuesday, April 23, 2024, to adopt a final rule banning non-compete agreements for most American workers. The rule is set to take effect 120 days from the date it is published in the Federal Register and could have sweeping implications in the health care industry. Legal challenges to the rule are mounting, with business groups led by the U.S. Chamber of Commerce filing a complaint April 24, 2024, in the Federal District Court for the Northern District of Texas challenging the FTC’s rule and seeking to block its implementation.

Non-compete agreements are particularly common in the health care industry, with a considerable portion of the health care work force bound by non-compete provisions. The rule could change the health care playing field, allowing for greater employment mobility for health care professionals. The FTC argues that the rule will reduce healthcare costs and allow health care professionals to switch employers without leaving their communities. Many trade groups—including the American Hospital Association—disagree, arguing that non-compete agreements are necessary for workforce recruitment and retention.

The final rule will forbid most forfeiture-for-competition clauses, which are a common feature of deferred compensation plans for executives and physicians. These clauses may not be express non-compete clauses, but the rule forbids arrangements that have the effect of a non-compete by prohibiting workers from seeking or accepting employment with a person or operating a business after the conclusion of the worker’s employment. New deferred compensation plans for executives may not contain forfeiture-for-competition clauses, and existing forfeiture-for-competition clauses in arrangements with non-executives must be rescinded. For those professionals who qualify as “executives” under the final rule, forfeiture-for-competition clauses in force prior to the rule’s effective date may remain in force.

The FTC has also reserved the right to evaluate whether entities claiming non-profit status for tax purposes are sufficiently non-profit for purposes of the rule. In effect, while the FTC does not have jurisdiction over non-profit entities, it argues that many entities that claim non-profit status for tax purposes may actually fall under its jurisdiction, to the extent that it can determine that such entities are in fact profit-making enterprises. To determine whether an entity claiming tax-exempt non-profit status is a profit-making enterprise, the FTC will consider both the source of an entity’s income, determining whether the entity is actually engaged in business for charitable purposes, and whether the entity’s profits flow to recognized public, rather than private, interests. Considering the FTC’s position, businesses organized as non-profits for tax purposes should consult with legal counsel to determine whether they might be impacted by the new rule.

Notably, the rule’s ban on non-compete agreements does not apply to agreements entered into by a person pursuant to a bona fide sale of a business entity. As an example, for physicians who have sold or are planning to sell their incorporated practices, non-compete agreements concerning the sold practice likely remain enforceable under federal law. However, because the rule requires the sale of a business entity, including by way of asset sale, this exception does not apply to the sale of a sole proprietorship or assets of a business that has not been incorporated.

While legal challenges may result in changes to the rule, long delays to the rule’s effective date, or the rule’s implementation being blocked completely, states remain free to introduce similar non-compete restrictions. Currently, four states ban all non-compete agreements, and twelve states prohibit non-compete agreements for physicians. Given the increased pressure and discourse surrounding non-compete agreements, it is likely that states will continue to implement new restrictions, and it remains possible that Congress will enact legislation banning non-compete agreements nationwide.

Health care businesses and professionals are encouraged to consult with legal counsel to discuss their options and strategies for addressing the new rule and creative retention strategies, including practice structuring options, physician and executive contracting, and possible incentive options. Varnum’s Health Care Practice Team stands ready to assist businesses with any questions or concerns they may have. Varnum will continue to monitor the ongoing and impending legal challenges to the new rule.

For additional information, please see our advisory New FTC Rule Bans Most Non-Compete Agreements.

U.S. EPA Designates PFAS Chemicals as CERCLA Hazardous Substances

U.S. EPA Designates PFAS Chemicals as Hazardous Substances

On April 19, the United States Environmental Protection Agency (EPA) issued final regulations designating perfluorooctanoic acid (PFOA) and perfluorooctanesulfonic acid (PFOS) as Hazardous Substances pursuant to the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA a/k/a “Superfund”). PFOA and PFOS are part of the per- and polyfluoroalkyl substances (PFAS) family of chemicals that are often referred to as “forever chemicals” because they do not readily break down in the environment. PFOA and PFOS were present in water-proofing materials, fire-fighting foam and any number of other industrial chemicals that may have been released at industrial sites or deposited at landfill or other disposal sites.

The designation of PFOA and PFOS as CERCLA Hazardous Substances will have far-reaching impacts on environmental investigations and cleanup across the country. Most notably the new regulations will:

  • allow the U.S. EPA and other state agencies to require investigation and response activities at sites where PFOA or PFOS have been released;
  • allow environmental agencies to seek recovery of environmental response costs relating to PFOA or PFOS contamination;
  • allow property owners and other third parties to bring CERCLA cost recovery or contribution actions to recover response costs attributable to PFOA or PFOS contamination;
  • require entities that release one pound or more of PFOA or PFOS in any 24-hour period (which is a very small reportable quantity compared to most CERCLA Hazardous Substances) to provide notice of release; and
  • allow environmental agencies to reopen closed or dormant CERCLA clean-up sites (e.g., landfills) and require Potentially Responsible Parties (PRPs) to undertake additional environmental response activities.

The designation of PFOA and PFOS is only the most recent example of increased scrutiny and regulation of PFAS chemicals. Earlier this month, EPA finalized a new rule setting legally enforceable standards for PFAS present in drinking water. Last fall, EPA also promulgated regulations imposing new reporting and recordkeeping requirements for PFAS under the Toxic Substances Control Act (TSCA). We anticipate the trend of continuing and increased regulation of PFAS chemicals by EPA and state environmental agencies.

Contact Matt Eugster, Kyle Konwinski, or your Varnum environmental attorney today to learn more about the requirements of these new PFAS regulations and how they may impact your business or organization.

Student Loans and Educational Benefits

Navigating Student Loans and Educational Benefits in 2024

What Employers Should Think About in 2024

Some employers have found that providing educational assistance benefits can be a cost-effective way to attract, retain and motivate employees. Recent legal changes have expanded the scope of employer-provided tax-advantaged educational assistance benefits to cover student loan repayment. This advisory outlines some of the newest options and provides a refresher on how existing benefits are used.

Retirement Plans

If your 401(k) plan provides matching contributions, you can leverage one of the biggest changes: allowing some common student loan repayments to count as contributions for matching purposes. Once the plan is amended, employees can receive 401(k) matching contributions based on their eligible student loan repayments, as if they had contributed the student loan payments as elective deferrals to the plan. An employer who wants to provide this option should work with legal counsel and other service providers to ensure the benefit is properly implemented and administered.

Tax-Favored Student Loan Repayments

Another newer and increasingly popular choice is offering employees tax-favored repayment of qualified student loans. Up to $5,250 can be provided to each employee tax-free for repayment of eligible student loans. The benefit can be limited to those who make payments (effectively matching repayments) and can be made subject to repayment for employees who leaves. As a tax-advantaged benefit, student loan repayment assistance must be properly documented in a written plan and must be offered to a nondiscriminatory class of employees. If the company wants to provide more than $5,250 in benefits each year, the amount over $5,250 will be subject to ordinary income taxes.

Other Student Loan Repayment Benefits

Tax-Favored benefits are valuable, but legal and tax-based restrictions can dampen a bespoke approach to student loan repayments which many companies prefer. An increasing number of companies have also established taxable student loan repayment policies as an executive benefit. Although less tax-efficient, this type of benefit can be used to attract and retain talent in key, high demand positions and departments, and is often subject to repayment if the employee leaves. While not a tax code requirement, careful documentation provides valuable protection for the company and can help avoid potential claims and controversies that arise when cash payments are promised or paid. Unlike the tax-favored benefits, this option can be used to provide benefits to more senior employees who may have children with student loans.

Educational Benefits

Employers may provide tax-favored payments to cover employees’ tuition, fees, school supplies, and similar payments. This is limited to the same $5,250 threshold for student loans. This is not a new benefit. However, the rise of tax-favored student loan repayment has brought these benefits back into focus. They should be generally available to all employees, although companies can require the education to meet certain standards (if they are clearly explained) and can require repayment if certain conditions are not met, such as leaving employment or not completing the course. There are limits on what can be paid and these restrictions must be described in the required documentation. Fortunately, the $5,250 limit often means that the restrictions are not problematic in practice. Educational benefits can help keep highly motivated employees from leaving, help create critical leadership development and promote a positive culture.

A new and careful look at student loan and educational benefits is overdue at many companies. If you have questions, need your documentation updated or want more information, contact a member of our benefits team.

EPA PFAS Rule Imposes New Requirements on Public Water Systems

New EPA Rule Sets Standards for PFAS in Drinking Water

The United States Environmental Protection Agency (EPA) recently finalized a new rule setting legally enforceable standards for PFAS (per- and polyfluroalkyl substances and related chemicals) present in drinking water. The rule, promulgated under the Safe Drinking Water Act, sets Maximum Contaminant Levels (MCLs) for six separate PFAS (including PFOA, PFOS, PFHxS, PFNA and HFPO-DA) and hexafluoropropylene oxide (HFPO). Two of the most common PFAS, PFOA and PFOS, now have an enforceable level of four parts per trillion (ppt), which is only marginally higher than the applicable detection limits for each chemical. Three other PFAS, PFHxS, PFNA, and HFPO-DA chemicals – commonly referred to as GenX – now have MCLs of 10 ppt. Additionally, the MCL for any mixtures containing two or more substances including PFHxS, PFNA, HFPO-DA, and PFBS will be determined using a novel approach that EPA dubs a “hazard index,” which is a measurement of risk dependent on how many PFAS are present in the mixture and how concentrated they are relative to levels that impact human health.

Although states will need to adopt their own MCLs at or below the federal standard to retain regulatory authority under the Safe Drinking Water Act, the rule imposes several new requirements on all public water systems. The rule applies to any public water system that serves at least 15 service connections used by year-round residents, any system that regularly serves over 25 year-round residents, and any system that regularly serves at least 25 of the same persons for more than six months of the year. Regulated public water providers must complete initial monitoring for these six PFAS chemicals by 2027, with ongoing compliance monitoring thereafter and reporting requirements thereafter. Depending on the results of the monitoring, public water systems will have until 2029 to reduce any PFAS exceeding the new MCLs. At that time, water systems with PFAS in violation of the MCLs will need to provide public notice of their exceedances.

Compliance with this rule is anticipated to be costly – tens of millions of dollars and upward for larger systems. Conventional water filtration technologies are not designed to effectively capture relatively miniscule PFAS molecules. As a result, new technologies necessary to meet the standard (including granulated activated carbon and high-pressure membrane filtration technologies) are likely to result in high compliance costs.

Although it will likely be difficult for many public water suppliers to fund monitoring and improvements necessary to comply with the new PFAS standards, there are options to consider. Earlier this year, EPA announced over $3.2 billion in funding through the Drinking Water State Revolving Loan Fund to assist in funding for drinking water projects, including upgrades to water treatment plants (and PFAs treatment systems). This most recent announcement is in addition to previous funding of over $12 billion for water infrastructure improvements under the Bipartisan Infrastructure Law. Public water suppliers may also have valid claims against parties that have contaminated public water supplies that may allow for recovery of some or all of the costs of addressing that contamination.

Contact Matt Eugster or your Varnum environmental attorney today to learn more about the requirements of these new PFAS MCLs and how they may impact your business or organization.

Department of Justice Ramps Up Investigations of Private Clubs that Received PPP Loans

DOJ's Focus on PPP Loans Now Includes Private Clubs

As Varnum’s government investigations team has previously discussed, the COVID-era Paycheck Protection Program (PPP) resulted in millions of businesses receiving emergency loans. The PPP’s hurried implementation, coupled with confusion among recipients over eligibility requirements, created an environment ripe for both fraud and the issuance of loans to ineligible recipients. Over the past few years, the Department of Justice (DOJ) has focused on fraud by among other things, opening civil investigations under the False Claims Act and bringing criminal charges against PPP loan recipients who misused loan proceeds on luxury items. But recently, the DOJ has shifted its focus to a new category of PPP recipients: social clubs that may have been technically ineligible for the loans they received.

The opportunity for improper loans to social clubs comes about because of a technical wrinkle in how Congress wrote the American Rescue Plan Act of 2021. In this Act, Congress made social clubs (i.e. golf clubs, tennis clubs, yacht clubs) organized under 26 U.S.C. § 501(c)(7) eligible for PPP loans. However, Congress incorporated an agency regulation that prohibited loans to “private clubs and businesses which limited the numbers of memberships for reasons other than capacity.” Accordingly, social clubs that limit their membership for a reason other than capacity may be ineligible for PPP loans.

In recent months, the DOJ has issued Civil Investigation Demands (CIDs) to clubs that it believes might not have been eligible for PPP loans. Commonly, CIDs are issued following a whistleblower tip or the filing of a Qui Tam lawsuit, which is a lawsuit filed by an individual “on behalf of the United States” alleging that the United States was defrauded. The focus of the United States’ current investigation is on country clubs in Florida. These CIDs are demands for documents and interrogatory answers and often relate to employment records, income statements, the membership admission process, prospective members’ applications, the club’s governance, and membership information. CIDs are expansive and the government can use the club’s answer in future civil or criminal proceedings.  

Given the DOJ’s new focus, clubs should review their PPP paperwork now and consult with an attorney to determine whether their loan was properly issued. If the clubs find technical violations, proactively approaching the government through counsel may be beneficial. If a club receives a CID, it should immediately contact an attorney to begin preparing the appropriate response.

If you have received a CID or would like more information about PPP loan eligibility and enforcement issues, contact a member of Varnum’s government investigation team.