Florida Governor Ron DeSantis just extended his Safer At Home Order for the State of Florida but announced his plan to gradually re-open the state pursuant to a new Order that will go into effect just after midnight (at 12:01 am) on the morning of May 4, 2020. The new Order initiates the first of three phases to re-open every county in Florida except for Miami-Dade, Broward and Palm Beach counties. Additionally, local governments in Florida will also be able to have more restrictive policies in place if they desire. What do Florida employers need to know?
Essential And Non-Essential Businesses Are Permitted To Operate Pursuant To CDC And OSHA Guidelines
The new Order permits all services and activities currently allowed under the previous Safer-at-Home Order. Any non-essential businesses that were not previously permitted to be open can reopen as long as they also follow CDC and OSHA guidelines. However, The Order contains the following industry specific restrictions:
Every business is required to continue to follow guidelines issued by the CDC and OSHA. These guidelines include:
The CDC also recommends that businesses only reopen after they have implemented safeguards for the ongoing monitoring of employees, including:
Senior Citizens And Individuals With Significant Underlying Medical Conditions
The Order strongly encourages individuals who are older than 65 and those with significant underlying medical conditions to stay at home. They should take all measures to limit the risk of exposure to COVID-19 such as wearing masks during face-to-face interactions. Additionally, the Order encourages individuals to avoid socializing in groups of more than 10.
Social Distancing And Other Guidelines
Additionally, all persons in Florida should practice social distancing, avoid nonessential travel, and adhere to guidelines from the CDC regarding isolation for 14 days following travel on a cruise or from any international destination and any area with significant presence of COVID-19. The Order also extends Governor DeSantis’ Orders regarding airport screening and isolation of individuals traveling to Florida. Notably, there is an exception for these orders for persons involved in military, emergency, health or infrastructure response or involved in commercial activity.
Criminal Penalties
A violation of the Order is a second-degree misdemeanor which is punishable by imprisonment not to exceed 60 days, a fine not to exceed $500.00 or both.
What Does This Mean For Employers?
Employers with operations in Florida should review the CISA guidance and Miami-Dade County Emergency Order 07-20, and its amendments, to determine if they are deemed essential or non-essential.
Before reopening, you should have a thorough plan in place to establish a safe and healthy workplace and share that plan to provide employees peace of mind. You should also be prepared to address concerns from older employees and those with underlying significant health conditions regarding whether or not they must come in to work. You should also carefully assess the availability of telework for these employees.
As you begin the process of reopening, you should familiarize yourself with some useful info:
Although the Department of Homeland Security (DHS) recently relaxed I-9 requirements for employers operating remotely as a result of the COVID-19 crisis, employers are still left with some questions on how to meet their obligations in this uncertain time.
Under federal guidance, employers are temporarily no longer be required to review an employee’s identity and work authorization documents in the employee’s physical presence. Instead, inspection of these documents can be conducted remotely (e.g., by video, fax, or email).
According to the U.S. Citizenship and Immigration Services (USCIS), “if employers are performing inspections remotely (e.g., over video link, fax or email, etc.) they must obtain, inspect, and retain copies of the Section 2 documents within three business day of hire. In addition to completing Section 2, Employers also should enter ‘COVID-19’ in the Additional Information field.”
Then, when “normal operations resume,” all employees whose documents were presented via remote verification must, within three business days, undergo the required “in-person” examination of documents. The person conducting the physical examination should write the words “documents physically examined” in the Additional Information box in Section 2, and should include their name and the date of inspection.
It is important to keep in mind that the DHS’s relaxed requirements apply only to employers who are operating remotely. According to the guidance, if there are employees physically present at a work location, then you must follow the normal in-person physical inspection rules. However, if newly hired employees or existing employees of an employer who still has employees present at a work location are subject to COVID-19 quarantine or lockdown protocols, “DHS will evaluate this on a case-by-case basis.”
While employers appreciate the DHS’s temporary relaxation of the in-person document inspection rules, some questions are not addressed by either DHS or USCIS. Here are the most common questions we have seen and the best practices to follow.
The COVID-19 pandemic has caused many employers now operating remotely to conduct meetings via video conference – which has created a whole new set of various privacy and cybersecurity concerns. While these remote work tools have facilitated a more personal connection and interactive experience, their use is fraught with privacy concerns you may never have before considered. If your organization is weighing its options or unaware of the risks these services may create, this article provides a 10-point plan to protect your personal and confidential information and ensure you remain compliant with various federal and state privacy laws.
The Risks of Video Conferencing
Before diving into the blueprint for compliance, it is first helpful to understand the three main risks of video conferencing.
“Zoom-Bombing”
Since the start of the COVID-19 public health emergency, the FBI has noted a substantial increase in the number of businesses and schools reporting instances of video conference “hijackings” (also known as “Zoom-bombings”). During these hijackings — which generally occur where a video conference link is shared over social media or is not password-protected — uninvited participants have disrupted meetings by interjecting inappropriate language or displaying hateful or pornographic images into business meetings.
Aside from unwanted disruptions, uninvited interlopers pose a more serious threat. Those that choose to remain undetected could lead to the unauthorized disclosure of personal or confidential information.
Insufficient Or Non-Existent Encryption
Many video conferencing companies tout their services’ encryption capabilities. However, these claims should be closely scrutinized. By way of example, the video conferencing platform Zoom has indicated that hosts may “enable an end-to-end (E2E) encrypted meeting.” This was reportedly proven to be untrue. The company was supposedly able to access user data and video conferences in transit and it was reported that it could be compelled to provide access or information to the government if such a request was made.
Additionally, the storage of recorded video conferences creates other issues. Thousands of Zoom conference recordings were recently found on an unsecured online storage platform. Prior to Zoom restricting access to their storage location, anyone with an internet connection could access the private and confidential meetings of countless users. Likewise, if your business does not store its recorded conferences in a secure manner, there is a substantial possibility that an unauthorized individual may gain access to their contents.
Inadequate Privacy
Video conferencing raises privacy issues on two fronts. First, according to a recent California class action lawsuit, video conferencing providers may be improperly using their subscriber’s data. Specifically, as alleged in the suit, California’s privacy law and other state statutes may have been violated if users’ personal information was shared with Facebook without the users’ consent.
End-users may also create privacy issues. Among other things, confidential information may be mistakenly divulged if an employee shares their screen while such information is visible. If an end-user participates in a video conference in a public space, everything that is said and displayed during the conference is disclosed to those around them. Moreover, if an end-user records or takes screenshots of images displayed during the meeting, those items may be improperly disseminated.
Legal Consequences Of A Video Conferencing Breach
If you or your video conference provider has inadequate privacy and cybersecurity policies or procedures, your business may inadvertently run afoul of various federal and state laws. Among other laws, the unauthorized disclosure of your employees’ personal and confidential information may violate:
10-Point Plan To Prevent Video Conferencing Disasters
To avoid potential video conferencing related privacy or cybersecurity breaches when using Zoom or similar platforms, your business should consider employing the following practices:
Conclusion
In the wake of the COVID-19 pandemic, many employers are relying on video conferencing platforms to conduct meetings and providing remote educational instruction. While Zoom and other video conferencing platforms can provide a valuable interactive experience while social distancing, it is important to educate employees on potential privacy and cybersecurity risks. You must require them to adhere to best practices to ensure the security of remote meetings, protect the privacy of participants, and reduce the risk of intervention by unwanted participants.
Besides continuing to follow recommendations issued by the state and local health departments, you can consider these 5 steps:
According to the CDC guidance, you should consider three questions when deciding whether to reopen:
CDC states you should only consider reopening if you can answer “yes” to all three questions.
Once you feel comfortable that your organization can satisfy the three preliminary questions, you should next adopt the CDC’s recommended safety actions. They include:
Next, before reopening, you should implement safeguards for the ongoing monitoring of employees. They include:
The final step before you reopen your doors involves preparing your location for the reentry of workers, customers, guests, and other visitors. The CDC has released guidance for cleaning and disinfecting public spaces, workplaces, businesses, schools, and homes. Review this guidance when implementing cleaning procedures at your facilities after shelter-in-place orders are lifted.
The Department of Labor’s Occupational Safety and Health Administration issued guidance for enforcing OSHA’s recordkeeping requirements for COVID-19 cases. OSHA recordkeeping requirements mandate covered employers record certain work-related injuries and illnesses on their OSHA 300 log.
According to the guidance, COVID-19 is a recordable illness, and must be recorded on an employer’s OSHA 300 log if:
Recognizing the difficulty in determining whether COVID-19 was contracted while on the job, OSHA will not enforce its recordkeeping requirements that would require employers in areas where there is ongoing community transmission to make work-relatedness determinations for COVID-19 cases, except where:
This waiver of enforcement does not apply to employers in the healthcare industry, emergency response organizations (e.g., emergency medical, firefighting and law enforcement services), and correctional institutions in areas where there is ongoing community transmission. These employers must continue to make work-relatedness determinations.
This new guidance provides employers with one fewer issue to worry about in their response efforts to an employee with a confirmed case of COVID-19. Employers should continue to focus on minimizing the risk of transmission in the workplace.
The Internal Revenue Service has broadened the filing and payment relief provided under prior guidance. IRS Notice 2020-23 postpones, among other relief, the due date for employee benefit plans required to make the Form 5500 series filings due on or after April 1, 2020, and before July 15, 2020. Plans with original due dates or extended due dates falling within this period now have until July 15, 2020, to file their information reports.
Plan Administrators with original (un-extended) filing due dates falling within this announced 2 ½ month period who need additional time to file may request extensions by filing Form 5558 by July 15, 2020. However, the extended due date will not be later than what it would have been absent this relief.
The chart below highlights the plans with a plan year-end which may benefit from Notice 2020-23 and have until July 15, 2020, to complete the required filing.
Notice 2020-23 invokes the Rev. Proc. 2018-58 section about Postponements for Federally Declared Disasters, which also states, “whatever postponement of the Form 5500 series filing due date is permitted by the IRS under section 7508A will also be permitted by the Department of Labor and PBGC [Pension Benefit Guaranty Corporation] for similarly situated plan administrators and direct filing entities.”
The PBGC acknowledged this IRS notice in its own Disaster Relief Announcement but reminded filers there are certain actions listed on the PBGC’s Exception List that do not automatically qualify for the relief. The Exception List comprises actions that the PBGC views as creating a high risk of harm to plan participants. For those actions, the PBGC will consider relief on a case-by-case basis. For example, the PBGC filing relief may help those defined benefit plan sponsors recently engaging in significant layoffs who now need to file a PBGC Reportable Event due to a single cause active participant reduction.
IRS Notice 2020-23 also applies to the Form 990 series of filings that apply to tax-exempt trusts described in Internal Revenue Code Section 501(c)(9), referred to as VEBA (voluntary employees’ beneficiary association) trusts, among others, due on or after April 1, 2020, and before July 15, 2020. The due date for these information reports is extended as well to July 15, 2020.