HR Legal & Compliance Excellence - September 2022

Page 1

1912 27 33 Nowhere To Hide: How To Prepare For Total Pay Transparency - Nancy Romanyshyn, Syndio 11-Step Checklist To Ensure Your Business Follows DEI Values - Brett Farmiloe, Terkel.io ConstructiveAsUnmaskedDismissalResignation - Gary T. Clarke, David M. Price, and, Jennifer McBean, Stikeman Elliot How Pandemic Policies Opened The Identity Fraud Floodgates - Jason Kratovil, SentiLink HOW HUMANWILLMETAVERSEAFFECTRESOURCES - Eaven Portillo, Co-Founder and COO, Sortium SEPTEMBER 2022 • Vol.9 • No.09 (ISSN 2564-2022)

On the Cover INDEX HR Legal & Compliance Excellence SEPTEMBER 2022 Vol.09 No.09 (ISSN 2564-2022) How Metaverse Will Affect Human Resources From employee performance tracking to identifying security threats, metaverse will change everything - Eaven Portillo, Co-Founder and COO, Sortium 07 Articles 09 Why SOC 2 Compliance Is The Next Competitive Advantage For Startups Though lesser-known, SOC 2 compliance is vital for startups - Leith Khanafseh, Managing Partner, Laika Compliance 16 Digital ADATrainingAccessibilityToGainCompliance Creating equitable experiences - Tim Springer, Founder and CEO, Level Access 24 Employment Law 101 What you should know to protect your business - Elizabeth Hartsel, Partner, Fortis Law Partners 30 Data Security WorkforceNurturingIndispensableIsForADistributed Perfecting your risk mitigation strategy - Stephen Cavey, Co-Founder and Chief Evangelist, Ground Labs 37 Harnessing Big Data Is The Key To Smarter HR Insights Preparing for the next economic change - Kyle Holm, VP, Total Rewards Advisory, Sequoia

TOP PICKS 12 19 27 33 Nowhere To Hide: How To Prepare For Total Pay Transparency 4 key steps to prepare for pay range transparency - Nancy Romanyshyn, Director, Pay Strategy & Partner Success, Syndio 11-Step Checklist To Ensure Your Business Follows DEI Values How HR managers and business leaders can pave the way for DEI in workplace - Brett Farmiloe, Founder and CEO, Terkel.io Constructive Dismissal Unmasked As Resignation What Alberta court says about employees resigning after non-compliance with mask policy - Gary T. Clarke, Associate, David M. Price, Associate and, Jennifer McBean, Partner and Co-Head, Employment & Labour Group, Stikeman Elliot How Pandemic Policies Opened The Identity Fraud Floodgates Why did identity crime become the method of choice for fraudsters during the pandemic? - Jason Kratovil, Head, Public Policy and External Affairs, SentiLink INDEX

SEP 2017 Vol. No. 09 Use

Legal & Compliance Excellence - Monthly Interactive Learning Journal

Legal and Compliance Webcasts for Credit HR.com offers various informative webcasts on a variety of topics including the latest HR compliance updates and legal considerations for employers and all HR professionals. Webcasts are available live online with a downloadable podcast and a copy of the slides (PDF) available before and after each webcast. Earn all of the required recertification credits for aPHR, PHR, SPHR, GPHR, and SHRM Certifications. HR.com’s one-hour webcasts, in every HR specialty including Legal and Compliance, are pre-approved for HRCI and SHRM credit (excluding Demo webcasts).

This monthly interactive learning experience showcases solutions to deal with the latest legal and compliance issues facing corporations and legal departments.

resources today! For more

How are our Legal & Compliance Products and Services helping to make you smarter?

Legal and Compliance Community Join almost more than 30,000 HR.com members with a similar interest and focus on compliance on legal regulations in HR. Share content and download research reports, blogs, and articles, network, and “follow” peers and have them “follow” you in a social network platform to communicate regularly and stay on top of the latest updates. This well established Legal and Compliance Community is an invaluable resource for any HR professional or manager. these invaluable Legal & Compliance information phone: 1.877.472.6648 | email: sales@hr.com | www.hr.com

Metaverse and Web3 technology has exploded into consumer consciousness in the last two years with no signs of stopping. These technologies will have a significant impact on the business community, particularly in human resources (HR).

Learn what other issues await HR with the onset of metaverse in How Metaverse Will Affect Human Resources, an article by Sortium Co-Founder and COO Eaven Portillo. Featured on the cover this month, this article touches upon what HR should be aware of as new technologies make inroads into our workplaces. Though lesser-known, or less exciting to discuss, SOC 2 compliance is vital for startups. In Why SOC 2 Compliance Is The Next Competitive Advantage For Startups, Laika Compliance' Leith Khanafseh tells us why SOC 2 compliance matters, and how growth-minded startups can get through a SOC 2 audit with minimal time, effort, and Therecost.isan increasing call for pay gap disclosures from all sectors. Job board Indeed has begun automatically posting your pay ranges if you do not supply

Please send any correspondence, articles, letters to the editor, and requests to reprint, republish, or excerpt articles to ePubEditors@hr.com For customer service, or information on products and services, call 1-877-472-6648

Syndio Director of Pay Strategy & Partner Success Nancy Romanyshyn, in Nowhere To Hide: How To Prepare For Total Pay Transparency, shares what companies must do to stay compliant with the pay transparency laws. Check out Terkel.io Founder and CEO – and currently CHRO - Brett Farmiloe's article, where he shares the 11-Step Checklist To Ensure Your Business Follows DEI Values. Also, read Digital Accessibility Training To Gain ADA Compliance by Leith Khanafseh, and How Pandemic Policies Opened The Identity Fraud Floodgates by Jason Kratovil, among others. This is not all! This issue of HR Legal & Compliance Excellence also focuses on other legal aspects and highlights that should help you keep your workforce healthy, safe and secured. Happy Reading!

Copyright © 2022 HR.com. No part of this publication may be reproduced or transmitted in any form without written permission from the publisher. Quotations must be credited.

EDITOR’S NOTE

Excellence Publications Debbie McGrath CEO, HR.com - Publisher Dawn Jeffers VP, Sales Sue Kelley Director (Product, Marketing, and Research) Babitha Balakrishnan and Deepa Damodaran Excellence Publications Managers and Editors HR Legal & ExcellenceComplianceTeam Deepa Damodaran, Editor Arun Kumar R Design and Layout (Digital Magazine) Chandra Shekar A K Magazine (Online Version) Submissions & Correspondence

Our mission is to promote personal and professional development based on constructive values, sound ethics, and timeless principles.

Editorial Purpose

The key issue surrounding this melding of technology and industry is privacy. With every employee action being tracked and recorded as businesses move into the metaverse, we will see the average privacy concerns regarding workplace data magnify exponentially.

Subscribe now for $99 / year And get this magazine delivered to your inbox every month Become a Member Today to get it FREE! SIGN UP OR For Advertising Opportunities, email: sales@hr.com

Disclaimer: The views, information, or opinions expressed in the Excellence ePublications are solely those of the authors and do not necessarily represent those of HR.com and its employees. Under no circumstances shall HR.com or its partners or affiliates be responsible or liable for any indirect or incidental damages arising out of these opinions and content.

How Metaverse Will Affect Human Resources

Write to the Editor ePubEditors@hr.comat them, and new pay range transparency laws are spreading from Colorado and Jersey City to NYC in November and Washington, and likely CA in January. Ready or not, investors, employees, and now lawmakers are moving pay from the shadows and into the open.

HR Legal & Compliance Excellence (ISSN 2564-2022) is published monthly by HR.com Limited, 56 Malone Road, Jacksons Point, Ontario L0E 1L0 Internet Address: www.hr.com

Deepa Damodaran Editor, HR Legal & Compliance Excellence Debbie Mcgrath Publisher, HR.com

In a world of unparalleled challenges (global pandemic, racial injustice, politi cal rivalry, digital 4.0, emotional malaise), uncertainty reigns. Finding opportu nity in this context requires harnessing uncertainty and harnessing starts with reliable, valid, timely, and useful information. The Excellence publications are a superb source of such information. The authors provide insights with impact that will guide thought and action.

Julie Winkle Giulioni Author, Virtual /Live Keynote Presenter, Inc.’s Top 100 Leadership Speakers

We’re eager to hear your feedback on our magazines. Let us know your thoughts at ePubEditors@hr.com WHY EXCELLENCE PUBLICATIONS?

Dave Ulrich Rensis Likert Professor, Ross School of Business, University of Michigan Partner, The RBL Group

Excellence publications are my ‘go-to’ resource for contemporary and action able information to improve leadership, engagement, results, and retention. Each edition offers rich and diverse perspectives for improving the employee experience and the workplace in general.

Dr. Beverly Kaye CEO, BevKaye&Co.

I regularly read and contribute to Leadership Excellence and Talent Manage ment Excellence. I use many of the articles I read to augment my own presen tations and I often share the articles with my clients. They are always quick, right on target for the latest issues in my field, and appreciated by my clients.

If you want to stay up to date on the latest HR trends, choose a few of the different issues from the Excellence series of publications.

As businesses are given more access to data on their employees, evaluations could change dramatically.

How Metaverse Will Affect Human Resources

A good guide would be to determine what constitutes such behavior in the virtual world, integrate the definitions into your workplace policies and educate employees on inappropriate behavior in the metaverse. As interactions are codified in the data, spotting harassment and workplace turmoil will lead to swifter action ensuring all employees enjoy a safe workplace.

That said, there are certainly positives. For instance, the metaverse may allow employers to identify workers’ strengths more easily, as well as their weaknesses.

COVER ARTICLE

1. Assessing Employee Performance

By Eaven Portillo, Sortium

the employee’s presence is projected, they will be interacting in what will still constitute a work setting. Companies must remain serious about how exactly to oversee this virtual space to avoid problematic behavior, such as harassment, abuse, or bullying.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 7 Submit Your Articles

While people will mostly be using avatars in the metaverse, many companies are turning to eXtended Reality, or XR, in response. This combination of virtual, augmented and mixed realities allows for a more organic approach to the metaverse workplace, by allowing a real person to interact in a virtual environment, rather than using traditional blocky/ cartoon Regardlessavatars.ofhow

Where once your output, attitude, and results were the determining factors for how well an employee performed their job, the emergence of data tracking may result in things like how well you did or how attentive you were with a customer in a virtual space.

Metaverse and Web3 technology has exploded into consumer consciousness in the last two years with no signs of stopping. According to a report from Grayscale, we saw the all-time value spent on metaverse items like virtual land, goods, and services skyrocket from $50 million in December 2020 to over $207 million less than a year later. This massive investment in virtual environments will have a significant impact on the business community, particularly in human resources.

The key issue surrounding this melding of technology and industry is privacy. With every employee action being tracked and recorded as businesses move into the metaverse, we will see the average privacy concerns regarding workplace data magnify exponentially. This data could be used to assess employee performance and identify potential safety and security issues.

2. Identifying Potential Safety Issues

From employee performance tracking to identifying security threats, metaverse will change everything

As employees will likely be connecting remotely to start, ensuring that non-employees do not gain access to the workplace metaverse will be paramount. Companies will need to safeguard the connection process to ensure that each login only allows approved users. The safest bet here is the tried-and-true 2FA authentication process with a real authenticator, not SMS 2FA which has lately been compromised with SIM cloning. With increased digital security measures, companies will be able to better protect their employees and the company’s confidential information. In the metaverse, privacy concerns will be magnified as every action is tracked and recorded. As a result,

Eaven Portillo is Co-Founder and COO of Sortium Would you like to comment?

3. Identifying Potential Security Issues

HR departments will need to develop new policies and procedures to protect employees’ privacy and ensure that their actions are not being unduly monitored. Technology will also have to catch up in order to process this level of data capture.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 8 Submit Your Articles How Metaverse Will Affect Human Resources

SOC 2 is a reporting framework governed by the American Institute of Certified Public

Why SOC 2 Compliance Is The Next Competitive Advantage For Startups

Though lesser-known, SOC 2 compliance is vital for startups

By Leith Khanafseh, Laika Compliance Accountants (AICPA) that evaluates an organization’s information security controls against the five trust services categories. SOC 2 is the type of compliance audit that is most commonly sought by SaaS startups, because it is relevant for storing and managing sensitive customer data in the cloud.

What Is SOC Compliance?2

Startup founders need to know an alphabet soup of complex business terminology, acronyms, and abbreviations. But one of the most important sets of letters to understand is often not top-of-mind for many early-stage startup leaders: SOC 2. Though lesser-known, or less exciting to discuss, SOC 2 compliance is vital for startups. To move up-market and close bigger deals, your business will need to prove compliance through a high-quality report. Here’s a look at why SOC 2 compliance matters, and how growth-minded startups can get through a SOC 2 audit with minimal time, effort, and cost.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 9 Submit Your Articles

SOC 2 attestation builds credibility. It shows that your company is serious about safe, responsible handling of customer data. SOC 2 compliance demonstrates that your company is established and well-organized, has thoughtful and forward-think ing leadership and is heavily invested in getting the right controls and policies in place to protect the business.

The exact timeline and cost of your SOC 2 audit will depend on the size and complexity of the company, the scope of your systems, how well-documented the controls are, and how sensitive the customer data is. For the smallest startups, a SOC 2 Type 1 audit might take 2-3 weeks and cost $10,000-30,000.

Getting SOC 2 compliant is the price of entry for dealing with large enterprises and government agencies. If a company is not already SOC 2 compliant, the biggest prospects will decide to buy from your compliant competitor. Believe me, I have seen it happen too many times.

Time and ExpectationsCostfor SOC 2 Audits

Why SOC

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 10 Submit Your Articles

Not all categories are relevant to every company and not all are required for every SOC 2 audit. Security is the only trust services category that is required for every SOC 2 audit, and security and confidentiality tend to be the most relevant and sought-after criteria for SaaS startups. So if you need to start small with your SOC 2 compliance journey, you might want to focus on these two first. There are two types of SOC 2 audits: Type 1 and Type 2. Type 1 audits occur at a point in time (testing the design of your program on that one occasion), while Type 2 audits are longer: over a review period of 6-12 months. You might want to start with a Type 1 audit, which can be sufficient for many startups that sell to enterprise customers.

Want to control costs and save time on your SOC 2? Prepare in advance. Perform a readiness assessment to find out where and how your controls and processes need to change. Create a SOC 2 team within your company that is dedicated to audit prep: document your processes, be a liaison between the auditor and your technical team, and drive progress to complete the audit. Finally, be sure to work with a reputable CPA firm that knows the nuances of tech startups. With strong preparation, a good CPA on your side, and a thoughtful approach to the big picture of information security and compliance, your team will be more likely to succeed at your SOC 2 audit. Navigating the SOC 2 process can help you build a stronger culture of compliance to support your company’s growth for years to come. 2 Compliance Is The Next Competitive Advantage For Startups

Leith Khanafseh is Managing Partner of Laika Compliance. Would you like to comment?

It is essential for any tech startup to have controls in place for information security and data privacy; no one wants to be vulnerable to a data breach. But along with protecting the business from harm, SOC 2 audits can also help close bigger deals–and more of Achievingthem.

How to Define the Audit Scope: Type 1 or Type 2 There are five different services categories, each consisting of its own set of criteria, that can be tested as part of a SOC 2 audit: ● Security ● Availability ● Confidentiality ● Privacy ● Processing Integrity

SOC 2 Type 2 audits typically start at $30,000 and can take several months. Keep in mind that SOC 2 Type 2 audits cover a period of time; so the only way to maintain your SOC 2 attestation is to perform an annual audit.

Why SOC 2 Compliance Matters to Your Startup

Empower HR Tech Europe brings together credible practitioners who are at the height of HR technology to an immersive event experience. Our six-track conference showcases what is possible, what is realistic and what the next steps are. HR Professionals will take away specific, measurable, actionable, realistic and timely tactics that tie into their business needs. With formats designed to foster an environment of inclusiveness and honest discussion, Empower HR Tech Europe will allow you to collaborate with your peers, industry experts and solution partners through every element: A NEW KIND OF HR INDUSTRY EVENT FOR THE U.K. AND EUROPE ConcurrentKeynotes Conference DemonstrationsPanelWorkshopsSessionsDiscussions Round-Table Brainstorming Expo FunInfluencers1:1sFringeVideoToursMontagesNetworkingwithPeers,Partners,&AnalystsandMORE!····· ······ SAVE UP TO £440 Early Bird Ends 18 Nov 2022! REGISTER NOW hr.com/empowerhreurope-attend Bring your team! Group pricing is available. Contact CorporateEducation@hr.com for more information. CHART YOUR PATH IN OUR UNCERTAIN WORLD OF WORK 25-26 January 2023 ExCeL Venue, London

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 12 Submit Your Articles

4 key steps to prepare for pay range

Ready or not, investors, employees, and now lawmakers are moving pay from the shadows and into the open with:

NowheretransparencyTo Hide: How To Prepare For Total Pay Transparency

By Nancy Romanyshyn, Syndio ● Expanding calls for pay gap disclosures from shareholders; ● Job board automaticallyIndeedposts your pay ranges if you don’t supply them; ● Snowballing salary sharing practices among workers, and now; ● New pay range transparency laws spreading from Colorado and Jersey City to NYC in November and Washington and likely CA in January

Top Pick

For many companies, this means there is little left to hide and most are preparing for nation-wide disclosures.

What Challenges Are Companies Facing?

Unfortunately, disclosing pay ranges comes with a host of risks. According to a recent Syndio survey of over 400 companies, 87% have “major concerns” about complying with the new regulations. What are companies’ top concerns?

● However, there’s often misalignment between how companies say they pay and how employees are actually paid. ● Many compensation leaders suspect this, but don’t have the data to prove it ● Companies need a way to measure and clean up how pay programs are being delivered ahead of pay transparency What Can Companies Do?

Companies can take four key steps to prepare for pay range

3. Analyze your compensation program Audit your compensation program to ensure it is being administered consistently, equitably, and as you intend, quantifying the impact of each of your pay policies for each of your different teams and departments

Prepare

● Too wide, leading to penalties: alikeincumbentsroomgivingcompaniesifrequirementsRegulatorymeanthatrangesaretoowide,canbepenalized,themlittlewiggletotrytopleaseandnewhireswithbroadranges

4. Communicate. Proactively communicate with managers and employees to explain the details of your compensation program and actions you will take to remediate inconsis tencies and inequities

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 13 Submit Your Articles

● 2 in 5 surveyed companies said that “employees seeing current ranges” and “explaining ranges/ PR strategy” were their biggest concerns ● As ranges get shared, employees will want to understand the company’s pay philosophy so they have a better sense of why they are paid what they are paid and if pay policies are applied consistently and equitably

Hide: How

2. Identify outlier employees. Perform an meritdecisionshelpingorganizingjob’sindividualsassessment,employee-levelidentifyingaboveandbelowstatedpayrangeandbymanager,informcompensationintimeforincreases

● Accurately and ooprogramscommunicatingeffectivelyaboutpaymatters:NewresearchfromHRanalystJoshBersinshowsthatemployeescaremoreaboutpayfairnessthanhigherpayandGartnerlinksa“highfairness”workplacestolowerattritionratesandhigherengagement

Total

Nancy Romanyshyn is Director of Pay Strategy & Partner Success at Syndio. Would you like to comment?

(1) Posting the “right” ranges: ● Too low to compete for top talent: Because of the historically competitive talent market over the last 18 months, with market data and merit budgets moving at a record pace, and the current salary ranges may no longer be competitive, putting them at risk of turning away talent before candidates have even applied

● Too high, alienating current employees: The salaries of current employees may not have kept pace with the market over the years, so posted ranges could lead to disengagement and attrition at best and PR crises and legal risk at worse, if impacted employees fall into protected categories

(2) Talking about pay ranges

transparency: 1. Build better pay ranges. Analyze salaries of current employees relative to proposed pay ranges, flagging outliers and discrepancies, then refresh salary ranges for each position in preparation for job postings

Nowhere To To For Pay Transparency

2022 SPEAKERS Inspiring keynotes · Educational sessions, panels and workshops for industry thought leaders · Intimate round table discussions with hot topics ·1 on 1 meetings with partners and key suppliers · Guided market tours · Product demos Industry leaders will share their experience, vision, and innovations over three packed days in Nashville. Join them at an event filled with fun, parties, networking and collaboration! October 5 - 7, 2022 Nashville, Tennessee SAVE UP TO $750 Get your conference pass for as low as $300 REGISTER NOW Marshall Goldsmith Executive Coach Top Ten Business Thinker Author/Editor Courtney McMahon Vice President of People Analytics Colgate Palmolive Beverly Troxtell Head of HR Change Management & HR Evolution PayPal Linda Cai Head of Talent Development LinkedIn Melanie Tinto CHRO Wex Nikita Steals Head of Talent Acquisition Capital One Dave Sachs Senior Director People Analytics and Data Science Northwestern Mutual Ryan McCrea Head of Learning & Development Atlassian https://www.hr.com/InspireHR-attend hr.com/InspireHR-attend

SAVE UP TO $750 Get your conference pass for as low as $300 REGISTER NOW SPONSORS & EXHIBITORS IMAGINE THE POTENTIAL OF HR AND YOU! https://www.hr.com/InspireHR-attend hr.com/InspireHR-attend 2022 TOPICS LEADERSHIP & BEING THE BEST LEADER POSSIBLE EMPLOYEE EXPERIENCE & WELLBEINGMANGEMENTTALENT DEVELOPMENTSKILLTRANSFORMATIONDIGITALACQUISITIONTALENT Bring your team! Group pricing is available. Contact CorporateEducation@hr.com for more information.

Digital accessibility is emerging as a fundamental human right. With the surge in digital-first consumerism that has taken hold over the past decade – and practically became a necessity since March 2020 – accessibility has become a leading issue in the public Createdconscience.toaddress

all areas of public life, including jobs, schools, and transportation, the Americans with Disabilities Act (ADA) prohibits discrimination against people with disabilities. The ADA also extends to the digital world, where it is equally imperative in ensuring accessibility. The ADA is an equal opportunity law, meaning experiences must be equitable but may need tailoring to accommodate the needs of people with disabilities. Programs, services, and places of public accommodations covered under equitable experiences

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 16 Submit Your Articles

Creating

By Tim Springer, Level Access the ADA need to communicate effectively with people that have disabilities by making sure they can use their websites and apps. With the internet and apps providing more of this communication, ensuring they are accessible is more key than ever

Accessibility and Technology While there is no exact language within the original ADA guidelines about digital accessibility, in 2010, the Department of Justice (DOJ) published revised regulations to two titles of the ADA through the 2010 ADA Standards for Accessible Design. Title III requires that defined places of public accommodation must be accessible to people with disabilities, and the DOJ’s stance has been that this includes websites, apps, and other digital locations. Title II was also revised to require state and local government communications to be as effective for people with disabilities as for those without disabilities.

Whenbefore.someone designing or building a website or app needs an answer to an accessibility roadblock, they search on the internet and are likely to get many results – some of which may be outdated or inaccurate. Eliminating guesswork around creating equitable experiences requires providing contextual, accurate training materials, building efficiency, and reducing wasted time and effort. Accessibility can be complicated – partnering with accessibility experts who can train your organization to achieve accessibility from within will better ensure equity, thus strengthening compliance.

Digital

ADATrainingAccessibilityToGainCompliance

Digital Accessibility Training To Gain ADA Compliance

Sustainable, AccessibilityIntegratedTraining

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 17 Submit Your Articles

It is important to understand that those who are non-compliant are leaving themselves open to lawsuits and public scrutiny – and in many cases, bad PR leaves an unmatched, indelible mark on your brand. While most lawsuits that deal with a lack of compliance settle out of court, the amount of money an organization will likely spend on attorneys can be substantial – and that is before a company even begins to remedy inaccessible technology. In this scenario, beyond the cost and distraction, remediation does not occur within the organization’s timeline and must be done on a timeline dictated by a third party.

Self-paced learning has risen in prominence as web-based video content continues outpacing traditional, analog media. Employees have grown accustomed to hopping on YouTube for quick how-to content, both at work and at home. It makes sense to provide training aligned with expectations for simplified, on-demand learning. The shift from synchronous to asynchronous learning has expanded even while attention spans have shrunk: the need and desire for learning new skills is evergreen. This simplified content, however, is most effectively consumed in context. When you are fixing a piece of code in the system that is when you want to a video to pop Startup.by integrating training with the accessibility audit delivery process. As users act on specific issues they are training on general concepts. This is provided via a mix of text prompts, instructional videos, and related content that are delivered in the context of a specific accessibility issue. The context makes the training far more effective and pertinent to the end user. This is in stark contrast to the outdated method of offering accessibility training, dating back more than two decades, in which trainers would travel to clients’ facilities and give in-person seminars on accessibility-re lated topics that lasted hours or even days. The issue with this walled approach was that it was extremely Participantstheoretical.wereexpected to commit to memory a highly technical and obscure set of content and then weeks or months later apply it in the day-to-day realities of their work environment. Didn’t work too well. Integration with an organization’s audit suite or bug tracking tickets enables the direct injection of training information into daily operations. Users can complete the primary task at hand – fixing an accessibility issue - and take a step forward in their knowledge of digital accessibility as an inherent part of the process, not an irritating distraction. The issues are fixed, and the training is retained.

Modern TrainingAccessibilityPlatform

By using training tools and programs that identify opportunities for employees and members to learn about accessibility and make necessary changes in real-time, organizations of all sizes can strengthen equity in a minimally disruptive fashion. These are provided via a robust digital accessibility training platform.

● Technical compliance requires that a system is built in a way that serves the technology needs of people with disabilities. Experts broadly agree that the relevant standards for technical compliance are the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA. ● Process compliance requires that the policies, practices, and procedures needed to maintain compliance are in place. Training is a vital part of process compliance – ensuring you have the knowledge in place to ensure digital content accessibility can keep pace with innovation. The Consequences of Non-compliance

To conform to the ADA, broadly, two types of compliance are required:

● Role-based learning paths. These paths are designed to be customizable, based on each employee’s role within a company – from product managers and developers to designers and marketers. ● Badges and certification These can recognitionincludeforthings like LinkedIn profiles and exams professionalfordevelopment.

Tim Springer is the Founder and CEO of Level Access Would you like to comment?

By thoughtfully deploying such a systems employers can provide digital accessibility training that addresses unique, real, on-the-job situations – and through a learning program that can be integrated seamlessly without compromising product roadmaps.

● Tailored learning. Every organization is different. Tailoring its learning to suit specific needs will guarantee successful implementation.

● Self-paced training courses. These can cover laws and regulations, mobile accessibility, testing tools, and assistive technologies.

Such platforms include:

● Weekly live training. Customizable live training can include a broad range of accessibility topics and include a Q&A session for addressing questions in real-time. ● Microlearning modules Providing smaller quantities of content can keep employees, who are in training engaged, and it also reinforces previous training from full-length courses. ● Reporting and alerts Organizations can receive insight into how employees and teams are progressing in any skill development. Reports can be evaluated for performance, the gathering of feedback and optimization, and alerts can make users aware of completion.

Digital Accessibility Training To Gain ADA Compliance

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 18 Submit Your Articles

11-Step Checklist To Ensure Your Business Follows DEI Values

1. Implement Accessibility Measures - Volodymyr Shchegel, VP of Engineering, TopClarioof our checklist is always accessibility. This is not only crucial for an entirely remote workforce, but remote workforces tend to have higher populations of disabled and neurodivergent employees due to the flexibility of the work Accessibilityenvironment.istherefore a high priority value for us and is truly the bare minimum we, or any company, can provide for its Toworkforce.beclear, this is an item on the checklist that has many subcategories to be checked, too. Accessibility is never a onesize-fits-all. In fact, it requires actively rejecting that idea entirely. So, the checklist is more of a guide through various elements of the workplace that require accessibility in as many ways as possible. Accessibility should also evolve constantly to include more and more needs, which ultimately results in the desired optimization of various processes in the company.

By Brett Farmiloe, Terkel.io 3. Regular satisfactionDEI surveys 4. Create internal metrics that measure real progress 5. Make your commitmentsDEI public 6. Conduct trainings on microaggressions 7. Ensure transparent employee evaluation and promotion 8. Work with data 9. Develop and follow a process of accountability 10. Check 11.satisfactionemployeeregularlyEvaluatestructuralinequities

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 19 Submit Your Articles

How HR managers and business leaders can pave the way for DEI in workplace

To help you best implement your diversity, equity, and inclusion (DEI) values, we asked HR managers and business leaders this question for their best insights. From implementing accessibility measures to evaluating structural inequities, there are several things HR leaders need to have on their checklist as guiding steps to effectively implement their DEI Herevalues.is an 11-step checklist these leaders use to ensure their businesses follow DEI values: 1. accessibilityImplement measures 2. Be flexible and individualize your approaches

Top Pick

What is one step on the checklist to ensure your company is following its diversity, equity, and inclusion (DEI) values?

11-Step Checklist To Ensure Your Business Follows DEI Values

SEPTEMBER 2022 20 Submit Your Articles

2. Be Flexible and Individualize Your Approaches - Barbie Winterbottom, Founder & CEO, the Business of HR DEI is about seeing people for who they are, just as they are and embracing them for all the many elements that make them… them! There is no one-size fits all checklist of items that will make your organization inclusive. Employees want and deserve a consumer-like experience in their employment journey and that means OfferingOPTIONS!optionsand allowing employees to choose what works for them, shows you see them for who they are. With five generations in our workforce, of all nationalities, ethnicities, races, genders, etc., there is no single program that is meaningful to everyone. By offering multiple options you are recognizing the diversity that exists and empowering your people to choose.

Excellence presented by

6. Conduct Trainings on Microaggressions - Travis Lindemoen, Managing Director, nexus IT group There is no one answer to the question of what organizations can do to ensure they are adhering to their DEI values. However, there are some common practices that many HR leaders have adopted in order to create a more inclusive workplace. One such practice is conducting regular training on unconscious bias and micro aggressions. By ensuring that all employees are aware of the potential for bias in themselves and others, organizations can create a more level playing field.

4. Create Internal Metrics that Measure Real Progress - Ubaldo Perez, CEO, Hush CreateAnestheticinternalmetrics that measure the progress your company is making in regard to DEI values. More often than not, companies judge their progress on this front too vaguely which leads to unclear results. By using data to drive your actions, you will be able to accurately see the progress you are making much faster and will be able to course correct if necessary. What is measured can be managed, but if left unchecked change will unlikely manifest on its own.

5. Make Your CommitmentsDEIPublic - Ruben Gamez, Founder & CEO, SignWell Make your commitment to diverse hiring and strategies public, like Adidas, and let public perception help keep your team accountable to your crucial DE&I goals. When your policies are only known in-house, your team might not feel comfortable speaking up and may not even realize initiatives are being met. With a public commitment, you can be sure that if you are not reaching your goals, consumers will ask you why - and expect good answers!

HR Legal & Compliance HR.com

3. Conduct Regular DEI Satisfaction Surveys - John Li, Co-Founder & CTO, Fig Loans We regularly audit our DEI initiatives to see if they are staying on track and supporting our diverse teammates through job satisfaction and engagement surveys. We send out quarterly surveys to all employees to measure relative satisfaction and engagement between our diverse staff and those who are not. If our diverse group reports lower satisfaction, there is a disconnect between our intentions and actions - we would move to offer better management support and overhaul any program issues.

7. Ensure Transparent Employee Evaluation and Promotion - Ben Lamarche, General Manager, Lock Search Group Pay equity is a core aspect of our DEI framework. We guarantee transparency and equity around promotion and salary by ensuring that employee performance evaluations are fair and based on objective metrics. Managers conduct performance reviews of all employees simultaneously using standard criteria across all job Standardizedfunctions. performance reviews minimize bias, ensuring that each employee’s contribution to the organizational goals is measured against objective performance metrics. This allows employees to earn promotions based on merit, contributing to pay equity and transparency across the organization as people know the salary range for each position and what it takes to move to the next position and earn Transparentmore. evaluations and promotions leave no room for favoritism or ambiguity when it comes to employee pay.

Brett Farmiloe is the Founder and CEO – and currently CHRO - of Terkel.

10. Check SatisfactionEmployeeRegularlyBilly Parker, Managing Director, Gift Delivery

9. Develop and Follow a Process of Accountability - Antiwan Henning, Sr Diversity, Equity and Inclusion

8. Work with Data - Amruth Laxman, Founding Partner, 4Voice An easy aspect to check is to look at the numbers in management versus the entire workforce. Another number to check is individual departments in comparison to the entire workforce. You should also look at the entire workforce numbers compared to the goals set by the company. Numbers never lie. They may show that you are falling short in an area and that will lead you to focus on correction for that Youarea.should look at the reasons why one department has a low diversity number compared to the entire workforce. It could be education, skills, or recruitment but identifying the issue is the first step to developing a plan to correct it.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 21 Submit Your Articles

ProgressiveConsultant,InsuranceAccountability:Holdingleadersaccountableforthebehaviorswewantthemtomodeliscriticaltoanydiversity,equity,andinclusion(DE&I)effort.Leadersmustdevelopadiverseandinclusiveworkenvironment,whereeveryonefeelsvaluedandrespected.Implementingajobobjective(JO)toholdleadersaccountableisagreatwaytoensureleaderscreateaninclusiveenvironment.The

io. Brett is an SHRM Influencer and has also been a keynote speaker at several state SHRM conferences around the topic of employee engagement. Would you like to comment?

JO should reflect the DE&I values of the company. The company should also be prepared to upskill leaders who fall short.

The first thing to check is employee satisfaction in the process of DEI. If employees feel satisfied with the values you are implementing in the process then you might be going in the right direction and if not, you might want to change your course of action. In this process, it is imperative to keep an eye on your employee’s wellbeing and their preferences, only then you will be able to satisfy them.

11. Evaluate Structural Inequities - LaToya Lacey, Diversity Talent Strategist, Randstad Sourceright It is mission critical that organizations design DEI solutions and strategies to counter racial and gender disparities. One step to ensure DEI values are followed is to evaluate the structural inequities that persist. For change to happen, companies must be intentional about creating systems of equity around the interview process and promotions.

11-Step Checklist To Ensure Your Business Follows DEI Values

HRCI® & SHRM®

Show that management values the importance of the HR function, and has a commitment to development and improvement of HR staff. Ensure that each person in your HR department has a standard and consistent understanding of policies, procedures, and regulations. Place your HR team in a certification program as a rewarding team building achievement.

GROUP RATES AVAILABLE

Certified HR professionals help companies avoid risk by understanding compliance, laws, and regulations to properly manage your workforce.

CERTIFICATIONPREPCOURSES TODAY TO FIND OUT MORE 1.877.472.6648 ext. 3 | sales@hr.com

HR.com/prepcourse CALL

HR Professionals lead employee engagement and development programs saving the company money through lower turnover and greater productivity and engagement.

For Your Organization

A skilled HR professional can track important KPIs for the organization to make a major impact on strategic decisions and objectives, including: succession planning, staffing, and forecasting.

For HR Professionals

Groups rates for HRCI exams are also available as an add-on.

All group purchases come with 1 year of HR Prime membership for each attendee to gain the tools and updates needed to stay informed and compliant.

CALL TODAY TO FIND OUT MORE 1.877.472.6648 ext. 3 | sales@hr.com | HR.com/prepcourse Group Rate Options 123

Why Certification is the Best Choice: 1 Less expensive than a masters or PhD program, and very manageable to prepare with flexible study options. 2. Recertification - ensures HR professionals continue to be up to speed on the latest legislation and best practices 3. Recognized, Industry benchmark, held by 500,000+ HR Professionals

We offer group rates for teams of 5+ or more for our regularly scheduled PHR/SPHR/ SHRM or aPHR courses. For groups of 12+, we can design a more customized experience that meets your organization’s needs. You can have scheduling flexibility in terms of the days, times, and overall length of the course.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 24 Submit Your Articles

Owning a business comes with many responsi bilities, and when entrepreneurs reach the point where they need to hire employees, a whole new set of obligations arise. Unfortunately, many business owners find themselves woefully underprepared in this arena–and through no fault of their own! Entrepreneurs are focused on being visionaries and selling their products and services. They didn’t start a business because they were dying to deal with the nitty-gritty details of being an HR manager or creating formal employment policies. So when they find themselves with more employees than ever and no employment guardrails, major complications can erupt.

1. Employee Handbook I have listed this first because it is one of the most vital tools in every business owner’s toolkit. Employee

LawEmployment101

As a litigation attorney and employment attorney, I have been on both sides of many employment law disputes. Below I will share the most common employment law pitfalls I see regularly and the top items every entrepreneur should have in their proverbial back pocket to help protect their business and avoid potentially costly litigation.

By Elizabeth Hartsel, Fortis Law Partners

What you should know to protect your business

For example, several states recently passed bills that will impact the use and enforcement of non-compete and non-solicit provisions. A skilled employment attorney can counsel companies on ways they can still protect their trade secrets and intellectual property in employment agreements. For instance, all provisions around confidential information and intellectual property protections should extend even after

handbooks provide important legal guardrails for both employers and employees. They not only formalize guidelines, expectations and terms and conditions of employment but more importantly, they help provide a layer of protection against employee claims and Anlawsuits.experienced

Employment Law 101

● Compensation and benefit policies ● Vacation, sick, and paid/unpaid leave policies, including state and federal mandates for national health emergencies, such as the

Work with an experienced employment attorney to develop these two agreements that should contain protective clauses relating to confidentiality, intellectual property, non-solicitation and non-compete agreements and arbitration. Each factor can differ depending on job responsibilities, industry and unique federal and state employment laws.

employment attorney can help create a comprehensive handbook addressing fundamental policies. The following is a list of essential topics to outline in the handbook: Covid-19

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 25 Submit Your Articles

2. Executive and Non-executive Employment Agreements

Employers should have a template for each type of employment agreement because they will vary inherently due to the position and nature of employment. For example, an employment agreement for a CFO will not look like that of a manufacturing facility employee due to the amount of access to proprietary information, the type of compensation involved and other factors.

pandemic and maternity and paternity leave ● Dress code ● Workplace safety and security policies ● Conflict of interest statements ● Internet usage policies ● How to file or report workplace complaints ● Equal employment, disability, and anti-discrimina tion policies ● Workers’ compensation policies

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 26 Submit Your Articles

If the lines are blurred, or an independent contractor agreement was not signed, and the company gets audited by the Department of Labor, they will face expensive employment misclassification penalties.

Understandably, many startups and young companies do not have the funds to staff an internal legal and HR department. However, working with a skilled employment attorney to make strategic decisions about how best to protect your company and assemble templates of the agreements listed above can cost less than $5,000. In turn, the business will receive significant protection against potentially costly employee claims, lawsuits and litigation.

Finally, employment agreements should also include choice-of-law and venue provisions specifying which state or country’s laws will be used to interpret the agreement and how disputes will be resolved, i.e., mediation, arbitration, court, etc. Again, discuss each option’s pros and cons with an employment attorney.

employment ends—a key element many employment agreements miss and that many employees may not understand they are legally bound to uphold, even after separating from the company.

Elizabeth Hartsel is Partner at Fortis Law Partners and the head of their Employment Law practice. Would you like to comment?

3. Independent Contractor Agreements

In addition, consult with an attorney to determine which specific issues or behavior will be included in the agreement as grounds for termination ‘for cause’ and whether or not the company will provide severance or other compensation for termination for or without cause.

Employers often reach out to their attorneys in need of a severance agreement immediately due to circumstances requiring them to terminate an employee the very next day. Unfortunately, that is not always a feasible ask. By preparing template severance agreements in advance, moving in a quick time frame will be Employerspossible.should also have two template severance agreements on file—one for employees ages 39 and under and one for employees ages 40 and over. The need for separate agreements based on age is an important distinction many employers are unaware of. Employees ages 40 and above are legally entitled to 21 days to review a severance package and seven days to revoke their signature on the agreement.

These are a separate animal from standard employment agreements because there are so many distinct boundaries and legalities around work location, taxes, company property and benefits that identify whether or not a worker is considered an independent contractor vs. an employee of the company.

Employment Law 101

4. Severance Agreements

The Facts In August 2020, Loblaw Companies Limited (“Loblaw”), like many businesses at that time, mandated the wearing of face masks in its stores in an effort to mitigate the transmission of Covid-19 (the “Mask Policy”). The Mask Policy, applied to both patrons and employees and provided standard exemptions, including for (i) persons with an underlying medical condition inhibiting their ability to wear a mask and (ii) persons who are reasonably accommodated by not wearing a mask pursuant to human rights legislation.

Mr. Benke, a long-term employee of Loblaw, who was required to visit various Loblaw stores in Alberta and British Columbia, sought an exemption from the Mask Policy. In addition to a medical exemption request form, he submitted two letters from his physician, What Alberta court says about employees resigning after non-compliance with mask

Top Pick

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 27 Submit Your Articles

In Benke v Loblaw Companies Limited, the Alberta Court of Queen’s Bench held that the employer did not constructively dismiss one of their employees, who had been placed on unpaid leave for failing to comply with a mandatory mask policy, but rather that the employee resigned without any recourse.

The Decision

The court confirmed that a constructive dismissal occurs where (i) an employer imposes a unilateral substantial change constituting a breach of the employment contract and (ii) a reasonable person in the employee’s position would have felt such breach substantially altered an essential term of their employment. The court dismissed Mr. Benke’s claim, finding that Loblaw’s implementation of the Mask Policy and its subsequent decision to place Mr. Benke on an unpaid leave did not amount to a constructive dismissal. The following factors supported the court’s decision:

AsDismissalConstructivepolicyUnmaskedResignation

By Gary T. Clarke , David M. Price and Jennifer McBean, Stikeman Elliot which all stated that he was unable to wear a face mask. However, these documents did not state that his inability to wear a mask was due to any medical condition or disability. Accordingly, Mr. Benke failed to qualify for an exemption under the Mask Policy. When Mr. Benke refused to comply with the Mask Policy without a valid medical exemption under the Mask Policy, Loblaw placed him on an indefinite unpaid leave. Mr. Benke claimed that he was constructively dismissed and entitled to compensation in lieu of notice of termination.

● While being placed on an unpaid leave was a substantial change to Mr. Benke’s employment relationship, it was not a breach of his employment agreement. The court reasoned that the essence of the employment relationship is that an employee works for an employer in exchange for pay, but since Mr. Benke was not working due to a choice that he made to not comply with the Mask Policy, it was reasonable for Loblaw to not pay Mr. Benke.

Constructive Dismissal Unmasked As Resignation

● There was no obligation to accommodate Mr. Benke since he could not, even at the summary trial, adduce evidence of a medical condition or disability that prevented him from wearing a mask;

Although Mr. Benke did not expressly communicate a resignation to Loblaw and remained an employee in Loblaw’s system, Mr. Benke had also obtained alternate employment, returned his company vehicle, and commenced a lawsuit and human rights complaint against Loblaw. Accordingly, the court determined that Mr. Benke had objectively resigned his employment. Therefore, any losses that Mr. Benke suffered were self-inflicted and not the responsibility of Loblaw.

● The imposition of the Mask Policy by Loblaw was not a substantial change to the employment relationship entitling him to claim that he was constructively dismissed. The Mask Policy was coextensive with legal requirements imposed by municipalities (such as the City of Calgary mask bylaw) and public health authorities. The Mask Policy was also similar to other mask policies that had been held to be reasonable by other decision-makers, including the Human Rights Tribunal of Alberta; ● Benke’s refusal to abide by the Mask Policy was a repudiation of his employment agreement. However, Loblaw, did not accept the repudiation, instead electing to place him on unpaid leave; and

This is the first Alberta court decision addressing an employee being placed on unpaid leave for failing to comply with a mask policy prompted by the Covid-19 pandemic. This is a welcome decision for employers, as it provides clear authority that such policies,

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 28 Submit Your Articles

Significance of the Decision and Takeaways for Employers

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 29 Submit Your Articles in the right context, will be reasonable and not be considered a unilateral change in the employment relationship precipitating a claim for constructive Further,dismissal.the decision suggests that once an employee has refused to comply with a mask policy, the employer may be able to treat the refusal as an immediate repudiation of the employment contract, with no obligation to prolong the employment relationship by placing the employee on an unpaid leave or taking other disciplinary measures. It remains to be seen whether the courts will reach a similar conclusion with respect to employees who refuse to comply with mandatory vaccination policies without a valid medical or religious exemption. Although vaccination policies have generally been upheld in unionized settings, they are understandably more invasive than mask policies and their reasonableness is heavily context-driven.

Accordingly, employers should remain cautious in managing employee non-compliance with mandatory vaccination policies.

The authors would like to acknowledge the support and assistance of Ashley Murray, summer law student.

This article first appeared here Jennifer McBean is an Associate in the Employment & Labour Group at Stikeman Elliot. She provides advice to clients on employment contracts, policies, terminations, restrictive covenants, legislative compliance, and corporate due diligence. Jennifer’s practice also covers representing employers in wrongful dismissal actions and human rights matters.

DISCLAIMER: This article is intended to convey general information about legal issues and developments as of the indicated date. It does not constitute legal advice and must not be treated or relied on as such. Please read our full disclaimer at www.stikeman.com/ legal-notice

Constructive Dismissal Unmasked As Resignation

David Price is an Associate in the Employment and Labour Group at Stikeman Elliot. His practice focuses on employment, labour relations, human rights and privacy law. He represents union and non-union employers on issues relating to labour and employment standards compliance, employment agreements, workplace policies, etc. Gary Clarke is a Partner and Co-Head of the Employment & Labour Group nationally and Head of the Employment & Labour Group at at Stikeman Elliot in Western Canada. Gary’s practice focuses on employment, labour relations, human rights and privacy law. Would you like to comment?

According to Microsoft’s 2022 Work Trend Index, more than half (52%) of employees surveyed are considering going hybrid or remote in the next year.

Factors contributing to this risk include employees using both personal and work-issued devices for work-related tasks, which may unintentionally expose sensitive company data. And, for that matter, security is no longer just a CISO or IT concern but rather a risk that impacts the whole organization and its reputation, requiring active participation from all employees across the business, starting foremost with Human Resources.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 30 Submit Your Articles

By Stephen Cavey, Ground Labs

Perfecting your risk mitigation strategy

The pandemic, supply chain disruptions, and chip shortages have forced organizations to rely on their employees’ personal devices to fulfill their tasks.

With the increased use of personal and work-issued devices, an organization’s privacy and security posture is being contested. And as a result, organizations lack visibility into employees’ home networks, increasing vulnerability within the organization.

Data Security Is ForIndispensableNurturing A Distributed Workforce

In this new normal, flexibility is proving essential, and remote work, to some degree, is here to stay. With remote and hybrid working arrangements rising in popularity — completely revolutionizing global talent acquisition and onboarding processes — the privacy and cybersecurity threats remain a significant concern for many businesses and HR leaders.

According to a Beyond Identity study, nearly half (49.6%) of survey respondents only used work-issued devices, while 39.1% used both personal and work-issued devices. For that reason, a considerable amount of corporate data is likely being distributed across personal devices.

A Remote Workforce: Personal vs. WorkIssued Devices

Business Awareness is Key

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 31 Submit Your Articles

Data Security Is Indispensable For Nurturing A Distributed Workforce

In April, a study conducted by Sophos reported that 66% of organizations surveyed were hit by a ransomware attack in 2021, up from 37% the prior year. With a distributed workforce, organizations — now, more than ever — must be proactive in ensuring their most significant asset is protected. From a hiring perspective, companies acquiring global talent must adapt and mitigate the risks accompanying candidates and employees dispersed worldwide.  Since no organization is exempt from these threats, now is the time for HR and business leaders to determine HR’s role in improving security within the organization. While larger organizations often rely on software solutions, smaller businesses may struggle to break through the veil of personal ownership.

According to Ground Labs research, 70% of professionals surveyed believe their organization does not know where all of its data is stored. In April alone, the U.S. Bureau of Labor Statistics reported that some 4.4 million Americans resigned. Some employees take data with them when they leave, whether they intend to or not, which is an added risk given today’s security threat landscape. With a deeper understanding of where data lives, how it is being secured, and who has access to it, HR and business leaders can work closely with IT and security professionals to remediate and protect data. This collaboration can ultimately eliminate this increased risk.

As businesses continue to inch closer to post-pandemic recovery and adjust to an ongoing distributed workforce, prioritizing data security, compliance and privacy are fundamentally expected and no longer reserved for large organizations with dedicated security teams. Any organization of any size that collects and handles any form of personal data will need to prioritize this objective to mitigate privacy and security risks.

Ground Labs’ Co-Founder and Chief Evangelist, Stephen Cavey leads a global team empowering enterprise organizations to discover, manage and secure sensitive data. He has deep security domain expertise with a focus on electronic payments and data security compliance.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 32 Submit Your Articles

Perfecting Your Risk Mitigation Strategy

To fulfill this requirement and expectation, businesses should consider hiring a data protection officer (DPO) or a similar role. Assigning a well-informed and competent professional responsible for data privacy and security oversight will equip your organization with another level of assurance that data safeguards are being implemented and overseen as an ongoing process.  Likewise, to further help the organization remove unnecessary risks and achieve greater visibility and awareness, consider how non-technology groups across the organization, such as Human Resources and Marketing, can work together. These departments can be influential in detecting and removing unnecessary personal data such as aging ex-employee files, old customer service case logs, and out-of-date marketing prospect lists. Without these critical steps, any subsequent action decision will be based on the assumption of where data is, leading to considerable risks being overlooked or ignored. At the same time, remember that you can protect the organization while instilling confidence in your employee’s ability to safely make data-driven decisions in their role.

Would you like to comment?

Correspondingly, with emerging regulations, security is not the only concern for understanding where data is stored — compliance is paramount too. As companies continue to navigate the complexities of the landscape, such as complying with GDPR, HIPAA or CCPA, they must first understand what personal data they are holding. That includes knowing the location, amount, and types of information collected, such as the country or jurisdiction of the data subjects. Data awareness helps the company distinguish the value of its assets and develop a comprehensive security strategy.

A holistic approach is one of the most effective avenues to achieving compliance. Unless your organization is sharing customer data with a third party, your employees are often the only people with access to your company’s crown jewels repository of customer data.  HR teams can reinforce the importance of employees’ active participation in minimizing cyber risks by providing training across departments on proper handling and storage practices. This practice could help instill a strong sense of high alert when working with files and other data sources that contain individuals’ personal and private details. These individuals, whether they’re customers, contestants, employees or other private citizens, have entrusted the organization they handed their details to. They expect that such information will be kept private and secure.

Data Security Is Indispensable For Nurturing A Distributed Workforce

A similar set of conditions were created in stimulus programs aimed at businesses, such as the paycheck protection program (PPP). With this program and others, again, speed trumped the usual underwriting diligence lenders would undertake in the course of evaluating a normal, non-crisis business loan

Why did identity crime become the method of choice for fraudsters during the pandemic?

In the aftermath, one such watchdog -- the U.S. Government Accountability Office (GAO) -- examined pandemic-related unemployment insurance (UI) claims and found some disturbing statistics: Roughly $80 billion in UI disbursements were due to fraud and abuse of the system, with identity crime acting as a key

Federal legislation called the CARES Act actually went so far as creating three new UI benefit programs that would pump additional funds to state program administrators.

By Jason Kratovil, SentiLink

Evenapplication.thefederal Small Business Administration, which ran several pandemic lending programs, lowered the threshold to “[taking] the applicants’ word” that they were even eligible to apply.

The answer to the first question is straight-forward: Policy decisions prioritized speed -- i.e., getting stimulus funds to consumers and businesses -- over due diligence. In the UI space, for example, this meant lowering eligibility requirements to expand the availability of these payments to more impacted consumers.

S

important questions: What made it possible for this to happen on such a large scale? And why did identity crime become the method of choice for fraudsters during the pandemic?

While this was a well-intended policy, it did not factor in the insufficient resources -- human and technological -- required to handle the exponential increases in claims. This had a cascading effect on failures: Huge influxes of claims overwhelmed online and telephonic systems, leading some to completely crash, which then required staff to pick up the slack by conducting manual reviews, ratcheting up the potential for human error.

How Pandemic Policies Opened The Identity Fraud Floodgates

niffing out “waste, fraud and abuse” in government spending programs is a full-time job for some government watchdogs. During the height of the Covid-19 pandemic, with the economy paralyzed, federal and state governments had little choice but to pump unprecedented amounts of money into struggling businesses and consumers.

Policy Consequences

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 33 Submit Your Articles

Thisfacilitator.begstwo

Top Pick

How Pandemic Policies Opened The Identity Fraud Floodgates

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 34 Submit Your Articles

In hindsight, it is painfully obvious that one of the elements of due diligence sacrificed in favor of speeding funds into the economy was adequate identity verification. The federal government’s response to the pandemic saw unprecedented volumes of money moving at a rapid pace to consumers and businesses. As a rule, when any amount of money moves electronically, there is always a possibility that a fraudster is behind it hoping to divert it for themselves. When trillions of dollars are moving, that threat grows quite a bit.  We conducted an analysis of hundreds of thousands of applications for financial products during the pandemic; our findings support the GAO’s conclusion that identity crime contributed significantly to the billions of taxpayer dollars lost to fraud during the heart of the crisis. In many instances, identity theft was the preferred tactic.

A Target-rich Environment for Identity Criminals

Traditionally, identity theft is a “smash-and-grab” type of crime: Once a fraudster has acquired a valid name, date of birth, social security number and address, the credentials are quickly leveraged -- usually to obtain credit that can be maxed out -- before the victim finds out. During the pandemic, however, we observed a different approach: Using stolen identities to open basic checking accounts.  In the context of UI and other stimulus funding programs, this makes sense: The fraudsters needed a place for the ill-gotten funds to land once their claim or application was approved by the government. Once the funds were received into the fraudulently opened checking account, they could be laundered through a myriad of other financial accounts, such as other deposit accounts, peer-to-peer payment services, or cryptocurrency platforms. From September 2020 to June 2021, analysis demonstrates that the percentage of applications for checking accounts using stolen identities at banks and credit unions increased by 187%. Among some fintechs, nearly 50% of all applications during this same time period were attributable to identity theft.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 35 Submit Your Articles

We observed many instances of synthetic identities used to obtain government funding, particularly in small and medium-sized business relief programs.

Conclusion: Lesson Learned Numerous state and federal agencies, including the Department of Justice, are working to recover as much of the funding that was sent to fraudsters as possible, and prosecute those responsible. In the case of synthetic identity fraud cases, however, prosecuting an actual person will be nearly impossible.  Of the many lessons to be learned from the fraud losses incurred in the government’s response to the pandemic, one stands out: Any presumed benefit of minimizing the need for strong identity verification is dramatically outweighed by the negative consequences of such a policy choice. As the GAO watchdogs discovered, in the UI program alone, that amounted to an $80 billion bad decision.

Our analysis also suggests evidence of the use of “money mules” – a scheme in which fraudsters lure unsuspecting consumers into using their personal identity and bank account information to accept criminal proceeds into their account and transfer these funds on the fraudster’s behalf.  Identity theft wasn’t the only type of identity crime used to steal pandemic relief funds, however. Some criminals opted to use synthetic identities to apply for and obtain stimulus payments. As the name suggests, a synthetic identity is one where a fraudster uses a combination of real and fabricated personal information -- or sometimes entirely fictitious identity information -- to create a new “person” with a credit report. This synthetic credit identity can be used to apply for credit, loans or, in this case, pandemic relief.

Entirely fictitious businesses, or even real businesses with synthetic employees, successfully applied for stimulus funding.

How Pandemic Policies Opened The Identity Fraud Floodgates

Jason Kratovil is Head of Public Policy and External Affairs at SentiLink. Would you like to comment? Because there is no loan or credit associated with a new checking account that would trigger a fraud alert, many of the identity theft victims in these instances may not be aware their credentials have been compromised in this way. Others may have received a welcome package from their “new” checking account provider in the mail sometime later, by which time the fraudster would have already used online banking to exfiltrate and launder the stolen funds.

ePublicationEditorialCalendar CheckoutthenewandupcomingthemedHRtopicsin HRLegal& ComplianceExcellence Check ePublications Editorial Calendar Here. Would you like to submit an article? | Write to us at ePubsEditors@hr.com Submission Guidelines 1 Worker Classification July 2022 2 Employee Data Safety Aug 2022 3 Workplace Harassment Sep 2022 4 HR and Intellectual Property Oct 2022 5 Legal, Compliance and Employment Law Nov 2022 6 HR Legal and Compliance 2023 Dec 2022

According to the report, only 15% of companies disclose labor costs, yet there is an increasing segment of these businesses deriving much of their value from intangible assets – the people who make it all happen. Additionally, an increasing number of companies report a loss for accounting purposes, making analysis of operational costs (where the largest line item is likely their people investment)

Harnessing Big Data Is The Key To Smarter HR Insights

The SEC recently announced a petition for human capital disclosures that requests additional information on the way public companies report their workforce investment. Simply put, “The Working Group On Human Capital Accounting Disclosure Petition For Rulemaking” wants more information to examine and analyze how companies invest in their people.

By Kyle Holm, Sequoia Preparing for the next economic change

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 37 Submit Your Articles

Operating people programs with siloed data stuck in disconnected systems makes it hard to see the bigger picture and understand how people investments impact the bottom line.

critical to understanding value. Everyone (regulators, investors, etc.) is realizing that a company’s most valuable asset is people, and as such, wants businesses to become smarter on their total people investment.

businesses need to unify people data, program designs, utilization metrics, benchmarking, and more under a complete and holistic strategy that addresses the entire lifecycle of human capital investment.

HR leaders are particularly challenged to evaluate a company’s investment in its people and analyze where their compensation, equity awards, bonuses, and benefits stand in relation to the rest of the market. Traditionally, getting to a basic level of understanding of benefit competitiveness has been a tedious, time-consuming and imprecise process.

According to estimates, about 75% of knowledgebased companies’ spend is on people – easily the biggest single investment. However, most companies struggle to validate that their investment is making its intended business impact, whether increasing employee retention, managing costs, justifying individual offerings, or all the above.

Ultimately,changes.

How to Interpret Data

More so, if the SEC’s proposed reform is approved, that would require businesses to provide a more detailed breakdown of income statements to give investors more insight into workforce costs. All eyes are on this decision related to the impact on employee experience, productivity, and satisfaction. However, when businesses know what questions to ask, they can be smart about how that spend is determined.

HR teams had to parse benchmarking information (if it was even available) and pull volumes of employee

Even the savviest HR organizations must rely on an array of transactional systems to manage people data. It is how those systems work together – or do not – that determines whether the company succeeds

at transforming data into true insights and outcomes.

It is a high-cost budget item that cannot be ignored.

To uplevel systems to meet the requirements of a decision impacting human capital management, HR systems should be securely integrated with the payroll, HRIS, equity administration, and benefits administration systems in an HR tech stack. The result is a seamless and flexible way to manage human capital investment as the business grows and

Rethinking the Approach to People Investment

How to Collect Data

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 38 Submit Your Articles Harnessing Big Data Is The Key To Smarter HR Insights

Today, technology solutions are aimed at bringing holistic and actionable people data to the fingertips of HR leaders for daily decision-making and now, depending on the outcome of the Commission mandate, accurately value the business. The proposed

The working group says investors need to be able to distinguish between labor costs and investment in the workforce, saying labor needs to be treated in the same way as R&D. Part of improving a business’ total people investment strategy (and providing an additional level of reporting) is having deeper insights into the ways a company invests in its employees, and being able to slice that data by role, demographics, departments, and more, so they can uncover gaps and opportunities to improve their people investment.

Harnessing Big Data Is The Key To Smarter HR Insights

Kyle Holm is VP, Total Rewards Advisory, at Sequoia Would you like to comment?

disclosure requires a breakout of total compensation by category, including salary, bonus, pension, stock and options and Forward-thinkingmore.people teams will be enabled by dashboards that bring together an unprecedented amount of people-related benchmarks and datapoints unique to the business, including workforce analytics, pay and equity data, benefits and wellbeing cost and utilization, and forecasting and modeling capabilities.

How to Apply Data

To unlock the potential of human capital investment, it is critical to connect programs to outcomes validated by data and seen through a unified lens. Analyzing information across numerous business dimensions through a holistic view is the key to understanding the needs and outcomes of a business, making up-to-date and digestible data critical.

data spreadsheets to determine how much they can and should be offering team members across the organization. And often, by the time the data is accumulated and analyzed it has become dated.

Conclusion The SEC’s petition is a response to the trend over the past few decades of the lack of transparency of “human capital firms,” organizations that generate value due to the knowledge, skills, competencies, and attributes of their workforce. Yet, despite the value generated by employees, companies are suffering from a lack of data that led to a call for information Fordisclosure.many,this looming decision can have far-reaching ramifications, but companies cannot revert to onesize-fits-all fringe benefits and must deliver rewards tailored specifically to each employee’s financial, physical and overall wellbeing. The employees will not just benefit, but the business will too. Learning how to fully optimize a company’s spend now will ensure it is prepared for the next economic change.

HR Legal & Compliance Excellence presented by HR.com SEPTEMBER 2022 39 Submit Your Articles

People teams can work smarter, with more accurate data, to provide insights not only to governing bodies, but to support critical activities, such as board meeting reports, executing projects, and effective collaboration with the C-suite.

VIRTUAL EVENTS & HR.COM WEBCASTSUPCOMING www.hr.com/upcoming_webcastswww.hr.com/virtualconferencesView our Upcoming Webcasts Schedule and Register Today! View our Upcoming Virtual Conference Schedule and Register Today! How to Really Make Talent Your Top Priority September 13, 2022 12:00 PM - 1:00 PM ET REGISTER The State of Today’s HR Tech Stack 2022 September 7, 2022 REGISTER Scaling for Success: HR Compliance for Now and the Future September 8, 2022 2:00 PM - 3:00 PM ET REGISTER Mending the Shattered Promises of HR Technology September 7, 2022 9:00 AM - 10:00 AM ET REGISTER Mentoring programs for culture shifts and embracing diversity September 6, 2022 3:00 PM - 4:00 PM ET REGISTER Using Data-Driven Insights to Respond to the Challenging Labor Market September 14, 2022 1:00 PM - 2:00 PM ET REGISTER The State of People Analytics September 14, 2022 REGISTER WEBCASTS The State of Employee Retention 2022 September 28, 2022 REGISTEREVENTSVIRTUALWEBCASTS

Sterling, a leading provider of background and identity services, helps 47k+ global clients create people-first cultures and hire with confidence.

US

LEARN MORE

LEARN MORE

ADVERTISE

EVERFI’s workplace training offerings empower employees to transform their organizations' workplace cultures with impactful, change-driven courses that go beyond compliance.

THANK YOU Thank you for partnering with us!

Circa provides OFCCP compliance management and recruiting technology solutions to deliver qualified candidates on a level, equitable playing field for organizations.

LEARN MORE WITH

Publications 13 Targeted Publications to Reach Your Audience Informing, Educating, Enlightening and Assisting HR professionals in their personal and professional development, the Excellence series offers high-quality content through the publications! Like to submit an article? Use our online submission form or for more information go to www.hr.com/ExcellencePublications

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.