This podcast discusses the critical considerations when evaluating whether and how to terminate employees in Asia. Trent Sutton (U.S. qualified lawyer), Soowon Hong (Korean qualified lawyer) and Shiau Sang Tee (Hong Kong and Malaysia qualified lawyer), members of Littler’s APAC Regional Office based in Singapore, set out the general three approaches to terminations across Asia. They explore what grounds are generally defensible (or not) and the variation in the usage of negotiated exits.

New York City employers should review their handbooks and employment agreements to ensure they comply with a new law that took effect May 11. Lawmakers recently amended the New York City Human Rights Law (NYCHRL) to prohibit any term of an employment agreement aiming to shorten the time for employees to file a claim of unlawful discriminatory practices, harassment, or violence under the NYCHRL. Here’s what you need to know to comply.

Key Compliance Points

  • The NYCHRL protects employees from illegal discrimination and harassment, among other things.
  • Aggrieved employees have one year to file a complaint with the NYC Commission on Human Rights alleging unlawful discrimination, harassment or violence and three years to file a gender-based harassment claim.
  • In addition, employees may file a lawsuit within three years of the alleged NYCHRL violation.
  • While court cases previously upheld contractually shortened statute of limitations periods under the NYCHRL, this amendment now prohibits any provision within an employment agreement that attempts to contractually shorten these time periods.
  • Now, if an employment agreement includes such a term, it will be void and unenforceable, but it will not affect the enforceability of other terms in the agreement.

What Should Employers Do Now?

  • You should take a fresh look at all employment agreements, handbooks, arbitration agreements, and other documents governing terms and conditions of employment.
  • Check for any language aiming to limit the time employees have to bring claims under the NYCHRL.
  • Any provision with such a term is now unenforceable, and the agreements should be revised accordingly.


We will continue to monitor workplace developments, so make sure you are subscribed to Fisher Phillips’ Insight System to get the most up-to-date information directly to your inbox. If you have questions about these updates, contact your Fisher Phillips attorney, the authors of this Insight, or any attorney in our New York City office.

As protests erupt across college campuses, educational institutions are grappling with how to handle escalating situations and balance important interests like free speech and student safety. Colleges and universities are under enormous pressure to resolve the unrest – but even as spring semesters wind down, there appears to be no clear path forward.  While campus protests present difficult line-drawing questions, the basic legal framework and other considerations can help guide your institution if tensions arise on your campus. We’ll give you the key points to consider and seven tips for crafting a protest policy.

Free Speech Rights: Public vs. Private Universities

The First Amendment to the U.S. Constitution limits the federal government’s ability to restrict speech – including protests – under certain circumstances. Those same limits are imposed on state and local governments. Here’s how the First Amendment applies to colleges and universities:

  • Public schools are considered arms of government and therefore must respect protestors’ free speech rights. But those rights are not absolute. For example, public schools – to protect campus safety and order – may sometimes impose rules on the time, place, and manner of protests if those rules are reasonable, content-neutral, and leave other channels open to communicate the message.
  • Private schools are not bound by the First Amendment. They can restrict speech and protests in ways that their public counterparts cannot. But many private schools choose to abide by free speech principles to promote civil discourse and academic freedom. In addition, state or local rules might grant protestors broader protections. For example, California’s “Leonard Law” prohibits non-religious private universities from making or enforcing rules that discipline students based solely on speech or conduct that is protected from governmental restrictions under by the First Amendment.

Antidiscrimination Laws

Even when schools are compelled or otherwise choose to respect free speech rights, they must balance that with their obligation to protect students from discrimination and harassment. Civil rights laws can apply to both private and public schools. For example, Title VI of the Civil Rights Act protects individuals from discrimination or harassment based on race, color, or national origin in programs or activities that receive federal financial assistance. And states and localities in your jurisdiction may have their own applicable anti-discrimination laws.

Finally, colleges and universities have to be careful with their own policies. If you have promised freedom of expression in your promotional materials, then you will be obligated to provide what you promised. 

But where do you draw the line between protected speech and harassment? This tends to be a legal gray area and depends on the specific facts at hand. The U.S. Department of Education issued a “Dear Colleague” letter last year after campus tensions and hate crimes began to rise. It clarified that harassing conduct under Title VI “can be verbal or physical and need not be directed at a particular individual” and creates a hostile environment if it is objective offensive and “so severe or pervasive that it limits or denies a person’s ability to participate in or benefit from the recipient’s education program or activity.” You should work with your legal counsel if you believe conduct on your campus has crossed or is approaching this line. 

Other Considerations

Beyond the legal implications, colleges and universities should consider other factors when handling campus protests.

Campus Identity

What is the identity or character of your institution? How your school prepares and ultimately responds to a protest should be reflective of the values it claims and the type of student it intends to cultivate. Does your school stress compassion? Does it value intellect above all? Do you place focus on personal integrity and community service? By using your school’s identity to frame your plan for a protest, your actions and reactions will be authentic to your institution.

Public Attention

Regardless of whether your school is public or private, any restriction on protests or disciplinary action on protesters can very quickly attract substantial negative attention from both mainstream media and social media. To lower the risk of outside scrutiny and unwanted attention for your school and faculty, you should think carefully before putting out overly broad statements. This can include, for example, a statement that any involvement in a school protest will automatically lead to suspension. You’ll also want to take disciplinary action only when the behavior is truly disruptive.

How a Protest Policy Can Help

No school is immune from a campus protest. Today’s students can mobilize quickly and, especially in the current climate, many are prepared for intense clashes and unafraid of confrontation. Your school can benefit from proactively thinking about these issues and establishing clear policies.

A protest policy can help your institution:

  • create a roadmap for handling issues related to campus protests, enabling you to respond quickly and fairly;
  • distance itself from the views of students or outsiders who are using school facilities to express ideas that do not reflect the school’s identity;
  • end activities that interfere with your operations or create safety risks for your campus;
  • protect the rights of your students and faculty; and
  • promote civil discourse and academic freedom.

The key is crafting a policy that can balance of all these important – and often competing – interests.

7 Tips for Higher Ed Policies on Campus Protests

If a protest policy is right for your college or university, here are seven tips to keep in mind:

1. Set the Tone

A protest policy is a great opportunity to establish your campus identity and encourage free expression while making it clear that some conduct – such as actual or threatened violence – will never be tolerated.

2. Plan for the Worst

Brainstorm some worst-case scenarios and play them out under your school’s policy to determine whether it would be effective, and how you might control your campus identity if the situation cannot be prevented.

3. Keep it Neutral

Public colleges and universities must ensure that their protest policies are content-neutral so that they do not infringe upon free speech rights. This means that your policies cannot single out only certain viewpoints for censorship or discipline. Private colleges and universities have more leeway here but may want to consider viewpoint neutrality in their policies to promote academic freedom and civil discourse. 

4. Enforce it Consistently

On a similar note, you will want to ensure that your protest policy is enforced consistently so that no particular viewpoint is targeted or disproportionately punished.

5. Define the Scope

What is the extent of the activities you want your policy to cover? Do you want to address lower-risk actions, such as students placing flyers around campus, as well as higher-risk actions, such as student picketing, encampments, and other occupations of school facilities?

6. Detail Your Response Plan

Your policy can provide procedures for how your institution will respond to obstructive or disruptive demonstrations. The procedures might begin a tiered warning system and end with police involvement as a last resort.

7. Prepare Your Communication Strategy

Campus protests and the way you respond to them can result in negative reporting, both internally and externally. If your institution comes under fire, you will need to be ready with a communication plan. Our Crisis Communications and Strategy Practice Group can assist immediately to quickly minimize business risks and mitigate reputational damage.


Fisher Phillips will continue to monitor any further developments in this area as they occur, so make sure you are subscribed to Fisher Phillips’ Insight System to gather the most up-to-date information. If you have questions about how to handle campus protests or about implementing a protest policy, please contact your Fisher Phillips attorney, the authors of this Insight, or any member of our Education team or Higher Education team for more information.

Immigration associates George Thompson and Deepti Orekondy discuss the nuances and intricacies of filing of an H-1B visa application, including H-1B Cap petitions, and how to help employers maintain H-1B compliance. This podcast delves into common pitfalls and strategic considerations for an employer filing an H-1B petition.

Welcome to this edition of the FP Snapshot on Manufacturing Industry, where we take a quick snapshot look at a recent significant workplace law development with an emphasis on how it impacts employers in the manufacturing sector. This edition is devoted to the Federal Trade Commission’s (FTC) recently announced rule that bans non-compete agreements in almost all cases. The new rule will make it much harder for manufacturers to use these agreements to protect their interests. It will have a particular impact on manufacturers’ ability to prevent employees from leaving and working for a competitor, or from starting their own competing business. Read on to find out the five steps you should consider taking as a result.

Snapshot Look at the New Rule

The new rule is the result of years of advocacy by the FTC, which has long argued that non-compete agreements are anti-competitive and harmful to workers. The FTC’s new rule bans non-compete agreements in most cases, with a few exceptions. For example, the rule does not apply to non-compete agreements that are part of a business sale or to agreements that protect trade secrets. The FTC’s new rule bans not only new non-competes, but also existing non-competes in almost all circumstances. In addition, employers must provide explicit notice to both current and former employees that their non-competes are no longer enforceable.

For a deeper dive into the situation, you can read our full Insight here.

What Do Manufacturers Need to Know?

The rule defines “non-competition agreements” as any term or condition of employment that prohibits a worker from, penalizes a worker for, or functions to prevent a worker from seeking or accepting employment with another business or operating a business. This new rule will apply to almost all of your employees, from sales employees with key relationships and detailed know-how on how to move product to production engineers.

At the very least, you have a 120-day window before this rule takes effect. With plenty of lead time, these are the steps you should consider taking to ensure your company is ready if/when the rule takes effect:

1. Look at What You Have and Make a Plan Work with your legal counsel as soon as possible to craft an individualized strategy plan. It should take into consideration the size of your business, the number of non-competes in play, the importance of such agreements to your business, your risk tolerance levels, and the resources you have on hand.

Manufacturers should take immediate action to determine which of your employees present the highest risk of competition through the use of company know-how and information. Most often these employees will either serve in high level roles or have closely held information regarding production methods and designs.

2. Understand What the Rule Does Not Include

Importantly, the rule does not explicitly ban other forms of protection for employers, such as customer non-solicitation agreements or employee non-recruitment, confidentiality, or non-disclosure provisions. The validity determinations will be made on a case-by-case basis, but the provisions are valid so long as they do not prevent the employee from getting a job. Now is a great time to sync with your FP counsel to ensure these agreements are tailored to protect your legitimate interests.

3. Understand Who the Rule Does Not Include

One of the few circumstances where employers can still enforce non-competes under this rule is with Senior Executives. The final rule defines “senior executives” as workers earning more than $151,164 annually and who are in policy-making positions. Keep in mind that the FTC estimates “senior executives” make up fewer than 0.75% of all workers – make sure you determine which of your workers fall into this category.

4. Understand Alternative Options

A less burdensome covenant, such as a properly tailored customer non-solicitation or confidentiality provision, could achieve the same goals as a non-compete with less risk involved. Work with your legal counsel to bolster these covenants, particularly as they relate to production, design, and key sales employees.

5. Understand and Maximize Trade Secret Protection

The FTC cites the availability of trade secret protection as a factor that could mitigate the harm of abrogating non-competes. It will be critical to identify trade secrets and ensure that you have proper policies and procedures in place to protect them, limit trade secret access only to those who need it, train employees how to handle trade secrets and protect against theft and implement suitable technological controls.

Frequently, manufacturers will implement non-compete agreements that incorporate trade secret language in a “one size fits all approach.” If you maintain such an agreement, it is worth considering separating out trade secret from non-competition.

Want More?

We will continue monitoring workplace law developments as they apply to manufacturers, so make sure you are subscribed to Fisher Phillips’ Insight System to have the most up-to-date information sent directly to your inbox. If you have questions, contact your Fisher Phillips attorney, the authors of this Insight, or any attorney on our Manufacturing Industry Team.

In this pro bono podcast, Littler’s Lavanga Wijekoon speaks with Ellen Miller of the National Immigrant Justice Center, Jodi Ziesemer of the New York Legal Assistance Group and Laura Lunn of the Rocky Mountain Immigrant Advocacy Network about the work being done across the country to help immigrants and their families who are in desperate need of immigration protections.

Employers should review their handbooks and workplace conduct policies in light of a new development that could greatly expand the penalties for unfair labor practice charges. The NLRB’s General Counsel just issued a memo on April 8 directing the Board’s Regional Offices to seek full remedies for all employees harmed by an unlawful work rule or contract term – even if those employees are not identified during an unfair labor practice investigation. As we predicted last year in the aftermath of a Labor Board decision that dramatically changed the law on employee handbooks, employers will need to kick their compliance efforts into high gear. We’ll explain the key points and give you four steps you should consider taking next. 

Federal Labor Law and the Stericycle Standard

In its Stericycle, Inc. decision last year, the NLRB adopted a new legal standard for evaluating whether an employer’s work rule violates the National Labor Relations Act even if it does not expressly restrict employees’ right to engage in protected concerted activity under Section 7 of the act. The new standard examines whether a workplace rule or policy “has a reasonable tendency to interfere with, restrain, or coerce employees who contemplate engaging in protected activity.”

In the aftermath of that decision, common employer policies, such as those on confidentiality, moonlighting, at-will employment, dress code, and many others, have been struck down by administrative law judges (ALJ). For example, in United Electrical Contractors, Inc., an ALJ concluded that a prohibition on “disrespect toward supervision” and rules against dishonesty or falsification of company records (such as employment applications and time entries) were presumptively unlawful. And in General Motors Components Holdings, LLC, an ALJ struck down employer prohibitions on:

  • distracting the attention of others;
  • “wasting time” or loitering;
  • unauthorized soliciting or collecting contributions for any purpose whatsoever during working hours;
  • misusing or removing certain items from employer premises (such as employee lists, blueprints, company records, or confidential information) without proper authorization;
  • making or publishing of malicious statements concerning any employee, the company, or its products.

What the Recent Memo Means for Employers

Some recent post-Stericycle ALJ orders have arguably already expanded employee remedies for unlawful work rules. For example, in addition to cease-and-desist orders, remedies included:

  • reversal of the discipline, including reinstatement of the discharged employee (ExxonMobil Global Services Company);
  • removal of all references to the unlawful disciplinary actions from company files;
  • a “make whole” remedy for loss of earnings and other benefits, with interest compounded daily;
  • compensation for any other direct or foreseeable financial harms, including job-search and interim employment expenses, with interest; and
  • compensation for any adverse tax consequences of receiving a lump-sum backpay award.

As is typical, the employers were also ordered to post notices in obvious places for 60 days regarding the violations and ALJ order and distribute the notice electronically if the company regularly communicates to its employees in that manner.

But the General Counsel’s new memorandum appears to target another class of cases – which do not necessarily involve specifically identified affected employees. These types of cases previously have had less comprehensive remedies – but the memorandum suggests that those remedies fail to make impacted employees whole. So, the General Counsel is instructing Regional Directors to:

  • identify employees who were impacted by the unlawful work rules and order the employer to remove discipline from their record and provide backpay as part of the remedy;
  • obtain this information from the employer “during settlement efforts,” which could greatly expand the liability of any given case and make settlement more costly for employers; and
  • request legal fees and costs, if any, as part of the remedy for those eligible employees impacted by an unlawful contract term.

Because any work rule deemed unlawful could impact an employer’s entire workforce, the potential liability employers may face under such expanded remedies could be dramatic and ultimately detrimental to their business.

What Employers Should Do Next

Now, more than ever, you should consider taking the following four steps:

  1. Review your work rules for potential Section 7 violations, especially all too common rules on confidential information and disobedience.
  2. Seek legal counsel for questionable work rules and ensure they’re narrowly tailored or properly phrased in compliance with the law.
  3. Train managers and human resources staff to avoid chilling employees’ Section 7 rights.
  4. Review all other policies to ensure they are compliant with the NLRA and close the gap on potential liabilities.


We will continue to monitor developments as they unfold. Make sure you are subscribed to Fisher Phillips’ Insight System to get the most up-to-date information directly to your inbox. Should you have any questions on the implications of the GC Memorandum and how it may impact your current workplace rules and policies, please do not hesitate to contact your Fisher Phillips attorney, the authors of this Insight, or any member of our Labor Relations Group for additional guidance.

Businesses take heed: California state officials just warned that the law prohibits you from collecting unnecessary data and retaining data for longer than necessary. The California Privacy Protection Agency published its first Enforcement Advisory on data minimization under the state’s hallmark data privacy law on April 2, focusing on a very specific context: when businesses respond to consumer requests under the California Consumer Privacy Act (CCPA). Here is what you need to know and the four key steps you can take to avoid over-collecting data when you respond to CCPA consumer requests – including from employees and job applicants.

What is Data Minimization and Why Issue an Enforcement Advisory?

While an Enforcement Advisory is not meant to interpret the CCPA or make new law, it nevertheless provides insight into what a likely priority of the Agency will be going forward. And the April 2 Enforcement Advisory is very clear in providing a warning to businesses.

The Agency appears to have the impression that businesses are requesting too much information from consumers when they submit a CCPA consumer request. As it states: “Data minimization is a foundational principle of the CCPA.” This principle is undermined when you make it too hard for consumers to exercise CCPA rights that effectuate data minimization, or you ask for too much information to verify a consumer’s identity.

Data minimization is premised on the CCPA requirement that a business’s collection, use, retention, and sharing of consumer personal information be “reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed.” Whether the collection, use, retention, and/or sharing of personal information is reasonably necessary and proportionate to achieve the purpose identified is based on the following:

  • The minimum personal information necessary to achieve the purpose identified, or any purpose for which the business obtains the consumer’s consent (meaning a use of the data that you’ve disclosed to the consumer at or before you collected the data from the consumer, or that you can prove was consented to by the consumer);
  • The possible negative impacts on consumers; and
  • The existence of additional safeguards for the personal information to specifically address the possible negative impacts on consumers.

To illustrate the concept, the Enforcement Advisory highlights this principle as seen in the CCPA rules regarding opt-out preference signals (aka global privacy controls), requests to opt-out of the sale/sharing of personal information, requests to limit the use and disclosure of sensitive personal information, and the general rules regarding verification of a consumer’s identity.

The Enforcement Advisory further provides two factual scenarios where a business should consider and implement data minimization: in a response to a consumer request to opt-out of the sale/sharing of personal information; and when verifying a consumer’s identify in response to a CCPA request to delete personal information.

Data Minimization Through Opting Out of Sharing and Selling of Personal Information

In the first scenario, the Enforcement Advisory reminds businesses that you cannot require a consumer to verify their identity in connection with a request to opt out of the sale or sharing of consumer personal information or a request to limit the use and disclosure of their sensitive personal information. That means your process for receiving, processing, and responding to these two types of requests cannot include an identity verification step. While you may need additional information to effectuate the opt-out, this is not the same as verifying a consumer’s identity. And, when you need additional information, you should ask for the minimum amount necessary to effectuate the request.

The Enforcement Advisory first posits the scenario of a consumer opting out of cross-context behavioral advertising through an opt-out preference signal. Certain web browsers enable users to set up such signals so that the browser sends an automatic signal to the website that the user has opted out of the sharing of data through cookies for targeted ad purposes. In such case, you would not need additional information to read, process, and comply with the out-out signal.

However, if you sold or shared personal information offline and were unable to connect the online user with their offline activities, you would need additional information to effectuate the offline opt-out. That being said, the information requested should only be sufficient to effectuate that offline request. Asking for unrelated personal information – for example, asking for a driver’s license to opt-out of having a business sell a consumer’s purchasing history – would likely be in excess of what you need (according to this Enforcement Advisory).

Data Minimization When Verifying a Consumer’s Identity

In the second scenario, the Enforcement Advisory walks through an example of how you may apply the principle when receiving consumer requests to delete personal information. Here, the Agency did not provide any easy or suggested answers – instead, it put forward a series of questions (without any suggested answers) that you can ask in evaluating what information to request when evaluating whether to delete consumer data.

Despite avoiding answers to its own questions, the questions themselves provide some insight into what you should consider when determining how to verify an identity:

  • Evaluate the harm of an unauthorized deletion to the consumer. While the example focuses on destruction of information of sentimental value, you should also consider whether the destruction of information could have economic or other significant negative impacts. Where the potential harm to a consumer is on the higher end of the spectrum, more stringent verification will be required. Where the information to be deleted is not significant, you need not overcomplicate the verification process. The key takeaway here is that the verification process cannot be a one-size fits all approach.
  • Evaluate the harm of asking for additional, new information from the consumer. If you ask for highly sensitive information such as a driver’s license or social security number, the consumer is at risk of identity theft if a data breach occurs. While not addressed in the Enforcement Advisory, you should also ask yourselves how requesting information from consumers that you do not already have (and thus cannot verify) helps you confirm the identity of the consumer.

It is important to emphasize that what is not at issue is any harm to your business. The Agency’s questions are consumer-centered, considering only the benefits and harms they face. When determining the appropriate verification process, you should view your processes through that lens.

Your 4 Next Steps: A Compliance Guide

In order to best position your organization for compliance, we recommend you consider the following four steps:

1. Review Your Practices

Review your mechanism for processing requests to opt out of selling/sharing of personal information and to limit the use or disclosure of personal information. If you are verifying identities to process these requests, you need to stop immediately. If you need additional information to figure out who a person is so that you can process the request (perhaps they have a common name!), you should only ask for the minimum amount of information needed to process or effectuate the request.

2. Determine if it’s Time for Global Privacy Controls

If your website utilizes third-party cookies, pixels, beacons, tags, or other tracking technology or discloses data to third parties that is then used for targeted advertising, and does not currently process or accept Global Privacy Controls (GPCs) as an opt-out preference signal, you must get this set up now.

3. Ensure Your Verification Processes are on Point

Review how you are verifying consumer identities for Requests to Know/Access, Delete, and Correct. You ideally should be verifying identities based on information already in your possession. That requires you to look at what you have and tailor the verification questions you ask based on that data. While it may be easier to just ask for a copy of a driver’s license or other government ID, you may end up collecting information which you do not already have (and information which is considered sensitive information under the CCPA to-boot), thus subverting the data minimization standards encompassed in the law.

4. Purge Stale Data

While not addressed specifically in the Enforcement Advisory, the CCPA prohibits you from retaining personal information longer than you have a legitimate business purpose to do so. If your business does not have a data retention schedule or does not follow its data retention schedule, you should make it a priority. This includes ensuring that vendors that process and store data on your behalf also follow through with deletion of stale data. “Our vendor won’t or can’t delete the data” is likely not a good excuse anymore. The law requires stale data to be deleted, so there has to be a workable solution whereby data that you are legally responsible for can be deleted – wherever it resides.


Fisher Phillips will continue to monitor CCPA obligations and enforcement efforts and provide updates as warranted, so make sure that you are subscribed to Fisher Phillips’ Insights to get the most up-to-date information directly to your inbox. For further information, contact your Fisher Phillips attorney, the authors of this Insight, or an attorney on the firm’s Consumer Privacy Team. You can also visit our firm’s CCPA Resource Center at any time.

The news that California regulators can immediately begin enforcing new data privacy regulations will have an outsized impact on the PEO community. A surprise February 9 decision from a state appeals court pressed fast-forward on California Consumer Privacy Act (CCPA) compliance that most employers thought wouldn’t hit home right away. As you’re reading this, prying eyes and website trolls are scouring the internet looking to take advantage of this new opportunity – and employees may become aware of their new rights and jolt you into this new era of exposure. Read on for a quick summary of what went down, why this news is particularly important to PEOs – and what you can do to protect your organization.

What Went Down

  • New CCPA regulations took effect in March 2023 that provide consumers additional data privacy rights – and in California, this also includes a PEO’s worksite employees. Along with these additional rights come additional obligations on businesses, including PEOs.
  • Just because your business is not located in California doesn’t mean you can ignore the CCPA. You could be a covered business if you have one client in California and collect personal information from even a single California worksite employee.
  • Regulators built in a grace period to start enforcing them until July 1, 2023.
  • On the eve of that date, a California court delayed enforcement and concluded they could not be enforced until March 29, 2024.
  • The California Privacy Protection Agency and the California Attorney General appealed the decision.
  • On February 9, an appellate court determined that the Agency and the AG have authority to immediately enforce the regulations and don’t have to wait until late March month to begin enforcement.

Why PEOs are in the Crosshairs

To be perfectly blunt, your average employer doesn’t have to worry about immediate enforcement of the new regulations. That’s because most employers are (relatively) small enough to fly under the radar of state regulators. They just don’t have the resources to scour the state (and country) looking for violators, so their focus will likely be on larger businesses.

But PEOs? That’s a different story. PEOs are not “most” employers. The nature of your operations means you support many different small businesses and have more worksite employees as your “consumers.” If you support 1,000 businesses, for example, each with somewhere between 30 and 100 employees, you now have tens of thousands of people under your portfolio. And that is bound to catch the attention of data privacy regulators – even if you are a local or regional PEO.

Put simply, the sheer number of worksite employees involved with the average PEO puts you at higher risk than most employers.

What Should You Do?

Fisher Phillips has created a seven-step compliance plan to help covered businesses prepare for this new era of enforcement and exposure. You can access that plan here. The best place to start is a gap assessment of your data privacy practices, which can be completed in one day by our consulting subsidiary fpSOLUTIONS, among other Data Privacy Compliance services.

 But the key step for PEOs? Immediately implement a worksite employee privacy policy.

  • The new regulations require businesses to make available to worksite employees a privacy policy that, among other things, informs them about how they can exercise their new CCPA rights.
  • They also require you to list each category of personal information and sensitive information collected, the purpose for each category, any category that is sold or shared, and the retention period for each category of personal information.
  • The policy must be simple and easy to understand with minimal to no “legalese.” It must be made available in other languages if you already provide worksite employees with legal notices in another language.

Since you are likely to be scrutinized by a regulator or opportunistic plaintiffs’ attorney at some point given your status as a PEO, you need to pay particular attention to the content of your privacy policy. The time is now to update your privacy policy. This means you need to do much work to put yourself in the best position to succeed.

The bottom line – if you have not updated your CCPA notices since 2022 or earlier – or if you have never provided such notices – you should act quickly to implement new notices and stay compliant with the ever-changing law.


Make sure to subscribe to the FP Insight System to make sure you don’t miss out on further developments of interest to the PEO community. For more information, reach out to your Fisher Phillips attorney, the authors of this Insight, or any member of our PEO and Staffing Team.

This article is reprinted with permission from PEO Insider where it appeared in the April 2024 edition, available here.

Littler Women’s Leadership Initiative co-chair Margaret Parnell Hogan, interviews fellow Littler attorney Dionysia L. Johnson-Massie, about how respecting women in the workplace helps recruit and retain crucial talent, among other IE&D efforts.