Spring is finally here, and the cherry blossoms are blooming in Washington, DC. Tourists are out in full force, and the hospitality industry is beginning its busy time and hiring its seasonal workers. Just as the hospitality industry is ramping up, so are some legal and regulatory developments that employers need to be aware of. The hospitality industry continues to face a variety of legal challenges—from increased wage laws and new threats of privacy and data breaches to compliance with the Affordable Care Act ("ACA") and the Americans with Disabilities Act ("ADA"). This month's Take 5 addresses important issues affecting the hospitality industry in 2014.

1. President Obama's Agenda to Revise Current Wage and Hour Laws

On March 13, 2014, President Obama issued a memorandum ("Memorandum") directing the Secretary of Labor to propose revisions "to modernize and streamline" current regulations under the Fair Labor Standards Act ("FLSA"). The regulations cited as problematic are the white-collar exemptions, which create certain exceptions to minimum wage and overtime pay requirements. In the Memorandum, President Obama states that the regulations do not provide sufficient protections to American workers and instructs the Labor Secretary to consider how to: (1) revise the regulations to embody the full protections intended by the FLSA, (2) address the changing circumstances of the workplace, and (3) simplify the regulations to make them easier to understand and follow.

Pursuant to the FLSA, employees generally must be compensated with overtime at 1.5 times their regular rate of pay for any hours worked in excess of 40 per week. Under the current exemption regulations, however, employers do not have to pay overtime to workers classified as executive, administrative, professional, or outside sales employees. To qualify as exempt, employees must be paid at least $455.00 per week on a salary basis and perform certain duties depending on the applicable exemption. For example, an employee may qualify for the administrative exemption if his or her primary duty is the performance of office or non-manual work directly related to the management of the business and includes the exercise of discretion or independent judgment.

According to President Obama, these "outdated" white-collar classifications and the low salary threshold no longer serve the intended purpose of the FLSA's exceptions to the overtime and minimum wage requirements, as they were intended to exclude only highly paid, white-collar employees, but "now cover workers earning as little as $23,660.00 a year." Therefore, the revisions made by the U.S. Department of Labor ("DOL") will seek to increase the number of employees eligible for overtime pay by re-classifying as non-exempt many employees considered exempt under the current regulations.

This directive from the President follows his Executive Order requiring federal contractors to pay workers a minimum wage of $10.10 per hour and his call for an increase in the federal minimum wage for all employees. All of these actions demonstrate President Obama's resolve to decrease the income gap through an overhaul of the wage and hour legal framework. Although the President's directive to the DOL circumvents Congressional participation, the DOL must still employ its normal rulemaking process to change the applicable wage regulations.

Rulemaking requires the DOL formally to propose a rule changing the current exemptions, provide the public an opportunity to comment on the proposal, consider modifying the rule based on those comments, and then issue the final rule. Therefore, businesses will have an opportunity to express any concerns about the proposed changes to the current exemption regulations prior to the rule actually going into effect. The DOL may also face pushback from Congress and/or the courts if its modifications do not align with the language and intent of the FLSA.

Although the exact proposed changes have yet to be released, revisions to the current regulations will likely create narrower exemption classifications, entitling a greater number of employees to overtime payments. Thus, the hospitality industry would endure increased costs when and if new exemption regulations are passed. This change could also be detrimental to employees because it may force some employers to cut back hours to save costs. At this point, it is impossible to predict all the consequences of revised exemption and overtime regulations, but hospitality employers should keep abreast of the proposed changes and take advantage of the comment period to express any concerns regarding the DOL's proposal if such an opportunity should arise.

2. NLRB Tries Again to Push Through Its Ambush Election Rules

On February 6, 2014, the National Labor Relations Board ("Board") issued a Notice of Proposed Rulemaking ("NPRM") containing changes to current union election rules. Often referred to as the "ambush election rules," these proposed changes to the current election procedures seek to establish a faster, but potentially problematic, election process. This new NPRM is identical to the Notice of Proposed Rulemaking submitted by the Board in 2011 on this same issue, for which the Board received over 65,000 comments and promulgated a final rule. A federal district court, however, struck down the rule pursuant to a legal challenge because it found that the Board lacked the quorum necessary to issue the final rule. The Board now seeks further comment on the controversial revisions proposed in the NPRM. Although many problematic changes are suggested, some of the most troublesome for both employers and employees are highlighted below:

• The Board seeks to reduce the time prior to a union election by requiring that the regional director select an election date "as soon as practicable." This instruction is problematic because it decreases the time that employees have to learn all the facts and consider all the consequences of one of the most significant decisions related to their employment. Additionally, both employer and employee free speech rights will be restrained by a speedier proceeding because it reduces the opportunity to express views and engage in debate about the issues. The Board has provided no legitimate basis for speeding up this process, as its own data confirms that the median time between a petition for an election and the actual election is only 38 days.
• The Board proposes to require that an employer disclose personal and confidential employee e-mail accounts and phone numbers on the voter lists provided to the union. Mandating that the employer provide employee phone numbers and email addresses, however, would constitute an invasion of the employees' privacy and could lead to the potential use and abuse of their personal information.
• The Board proposes to limit review of whether the petition seeks an appropriate bargaining unit prior to an election to those cases when the individuals in dispute make up 20 percent or more of the unit. This proposal strikes at the heart of a representation petition because determining which employees will be a part of the bargaining unit will directly impact each employee's decision whether or not to support organization. Postponing that determination until after the election creates serious due process implications and would conceivably allow those who cannot be members, such as supervisors, to become part of the unit.
• The Board proposes to establish a strict seven-day time frame between a petition and pre-election hearing and, at the same time, adopt a "use it or lose it" stance on the pre-election position statements due at the time of the hearing. Accordingly, within days of the union filing a petition, the employer must determine any potential issues raised by the organizing campaign and decide which issues to raise in its position statement, since the failure to raise any issues in the position statement would result in a waiver of those arguments. Employers are at a serious information disadvantage in the initial stages of an organizing campaign. This makes it very challenging for an employer to put every possible argument it may have against formation of the unit into the position statement within seven days.

These new rules could have a significant impact in the hospitality industry by creating a much easier, but not necessarily proper, path to organization.

3. Cyber Security Remains a Top Threat to Hospitality

Data is going digital, devices are going mobile, and technology is revolutionizing how companies operate. It seems to be business as usual, since the hospitality industry continues to collect, use, and transmit large amounts of sensitive data to operate its businesses. To the extent that personally identifiable information or electronic protected health information is compromised in a cyber security breach, hospitality organizations can expect to spend on average of $114 per record to clean up the problem. As operations digitize, hospitality organizations should be cognizant of the cyber security risks affecting the data that flows through their systems. Further, hospitality organizations need to understand how to assess and manage these risks to meet the requirements under applicable state and federal privacy and security laws, including the Health Insurance Portability and Accountability Act ("HIPAA") and the Health Information Technology for Economic and Clinical Health ("HITECH") Act.

The hospitality sector continues to be a primary target for cyber attacks. Reports show that, in 2012, the retail, food and beverage, and hotel industry made up the top three targeted industries for data breaches at 45 percent, 24 percent, and 9 percent, respectively. External attacks constitute the majority of data breaches, with 92 percent of them attributable to outsiders and 14 percent committed by insiders. In fact, hacking was a factor in 52 percent of data breaches. Moreover, studies show that, in the last year, 12.6 million people have fallen prey to identity theft as a result of data breaches.

Recently, there has been increased scrutiny given the increased risk of data breaches. Federal agencies such as the Department of Justice ("DOJ") and Federal Trade Commission, as well states' attorneys general and departments of health, have all turned their focus and resources to enforcement in the context of data breaches. The FBI has also increased its role in investigating cyber security breaches. The FBI has recognized that collaborative efforts are needed to solve the cyber security problem. These include investigating insider threats, detecting external threats, and informing the hospitality industry of cyber security threats. Even with these collaborative efforts, however, hospitality organizations must be cognizant that assistance from the FBI could lead to increased scrutiny about the organization's security practices.

There are several steps that hospitality organizations can take to protect against cyber security data breaches. Taking these steps can protect hospitality organizations in the context of increasing investigatory activity by state and federal agencies.

First, organizations should conduct periodic risk analyses to determine cyber security-related risks. The risk analysis can help organizations to:

• identify key systems and locations,
• determine where protected data is located,
• identify vulnerabilities and threats,
• evaluate security safeguards, and
• evaluate risk to protected data.

Second, hospitality organizations should evaluate whether the draft cyber security framework established by the National Institute of Standards and Technology ("NIST") can improve their risk management process. The NIST cyber security framework contains five core elements, which help an organization:

• identify critical infrastructure,
• protect the organization's critical infrastructure using appropriate safeguards,
• detect cyber security events,
• respond to cyber security events using pre-defined and prioritized activities, and
• recover from cyber security events to restore critical infrastructure.

The framework's core elements then further subdivide into categories and subcategories and provide cross-references to a number of different standards from industry and government that address each subcategory within those functions. A hospitality organization can review these references and select the standard that best addresses the organization's particular needs.

Ultimately, as the hospitality industry continues to digitize, organizations must be cognizant of the cyber security risks affecting their networks, systems, and data. Further, as the number of cyber security-related breaches increases, hospitality organizations must prepare to identify and report such breaches as required by privacy and security laws. Yet, to avoid the pain and cost of recovering from a breach and also paying hefty fines for noncompliance, hospitality organizations should proactively leverage risk analyses (potentially incorporating the NIST cyber security framework) to identify, prioritize, mitigate, and monitor risk affecting protected data.

4. ACA Final Regulations Provide Rules for Seasonal Employees

On February 10, 2014, the Internal Revenue Service ("IRS") promulgated final regulations for the ACA's employer "shared responsibility provisions" in IRS Code Section 4980H ("Section 4980H"). These regulations affect all "applicable large employers," which generally means employers with 50 or more full-time employees during the prior calendar year. The IRS may subject such employers to an assessable payment if they fail, for a calendar month, to offer full-time employees affordable coverage that provides minimum value. This requirement can create a particular challenge for employers in the hospitality industry because of their frequent employment of seasonal employees, whose true employment status may be difficult to determine.

Treatment of Seasonal Employees for Purposes of Determining Status as an Applicable Large Employer

Section 4980H describes the circumstances under which an employer will be considered an applicable large employer for purposes of the ACA's requirements. For example, a resort must employ 50 or more full-time employees any time during the prior calendar year to be considered an applicable large employer. That resort, however, is not considered to employ 50 or more full-time employees if (1) its workforce exceeds 50 full-time employees for 120 days or fewer during the calendar year, and (2) the employees in excess of 50 employed during the 120-day period are seasonal workers. The new regulations help clarify how this standard will be applied by providing a definition for "seasonal employee" that the resort, or any other hospitality employer, can use in assessing whether a sufficient number of its employees are seasonal.

Under the regulations, "seasonal employee" means an employee in a position for which the customary annual employment is six months or less. The term "customary" refers to the fact that, by the nature of the employment, a seasonal employee is typically in the position for six months or less and begins employment during approximately the same part of each year. The definition is somewhat flexible in that it allows a seasonal employee's employment to extend beyond the six-month limitation in a particular year if unusual circumstances arise. For example, a particularly long, hot season may extend a hotel's or resort's need for lifeguards. In such circumstances, the lifeguard would not automatically become a full-time employee simply because he or she works slightly beyond six months.

Therefore, it is essential that hospitality employers carefully assess the employment characteristics of those workers hired as seasonal employees to ensure that they have been appropriately categorized. Hospitality employers can then properly use the seasonal worker exception to determine whether they must comply with the requirements of Section 4980H as an applicable large employer.

Using a Look-Back Period to Ensure the Proper Classification of Seasonal Employees

The new regulations clarify how and when a look-back period can be used to ensure that any seasonal workers have been properly classified and exempted from the ACA's requirements. Under Section 4980H, employers are required to provide health care benefits only to full-time employees. Thus, employers will not be required to provide such benefits to seasonal employees unless they have been improperly classified as such. As employers in the hospitality industry often employ seasonal workers during busy times of the year, the use of a look-back period may be essential to ensure that these employees hired as seasonal workers have not become full-time employees.

The look-back period consists of a measurement period and an optional administrative period. During the measurement period, the employer can take time to evaluate the work of seasonal employees to ensure that they have been properly classified, while not incurring any assessable payment for non-compliance with the ACA if the employees would actually be considered full time. The measurement period can last anywhere from three months to 12 months and should begin at or shortly after the hire date. After the measurement period, an employer could use an administrative period for additional time to assess an employee's work. At a maximum, the administrative period can be 90 days, but the administrative period and the measurement period cannot last beyond the first calendar month beginning on or after the one-year anniversary of the employee's start date.

After a seasonal employee's work has been evaluated for proper employment status, the stability period kicks in, during which the employee must retain his or her employment status as determined during the measurement period. The stability period must be of equal or greater length to the measurement period, but, at a minimum, must last six months. Therefore, even if the measurement period is three months, the stability period must be six months.

The employment of seasonal employees is particularly prominent in the hospitality industry. Thus, hospitality employers should become familiar with these regulations because they help clarify exactly who should be considered a seasonal employee and how this assessment impacts an employer's responsibilities under the ACA. In assessing whether it would be classified as an applicable large employer, a hospitality employer must carefully assess which employees would be considered seasonal employees under the seasonal employee exception using the definition provided in the new regulations. Hospitality employers can perform this evaluation, without fear of penalty, by using a look-back period as clarified and explained in the new regulations.

5. Addressing ADA Access Issues in Public Accommodations

Title III of the ADA prohibits public accommodations from discriminating against individuals "on the basis of disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages or accommodations." The DOJ develops and enforces standards established pursuant to Title III of the ADA and has recently been conducting investigations throughout the country to ensure compliance with its revised 2010 Standards (defined below). Because of these investigations and the proliferation of drive-by lawsuits from professional plaintiffs, it has become essential that hospitality organizations evaluate and consider the state of ADA compliance within their facilities.

The ADA requires that all hotels and restaurants make their goods and services available to and usable by individuals with disabilities on an equal basis with members of the general public. To meet this goal, the DOJ has promulgated regulations that provide detailed architectural requirements known as the ADA Standards for Accessible Design. Under the 2010 ADA Standards for Accessible Design ("2010 Standards") places of public accommodation built prior to January 26, 1992, are required to remove physical barriers for individuals with disabilities to the extent that it is readily achievable to do so. In other words, if barrier removal is "easily accomplishable and able to be carried out without much difficulty or expense," then that barrier must be removed. For example, ramping a step so that an individual in a wheelchair can enter a lobby would likely be a readily achievable architectural barrier to address.

Renovations, alterations, or additions, however, must comply with the 2010 Standards to the "maximum extent feasible" under the circumstances. Alterations are any changes to the existing building that affect or could affect usability of the facility. Only where the nature of the existing facility would make it virtually impossible to comply fully with the 2010 Standards could a planned alteration be made without adherence to accessibility requirements—but these circumstances will be rare. In all other cases, alterations must be made accessible in accordance with the 2010 Standards.

Specifically, hospitality organizations should be aware of the following key architectural requirements for accessibility:

• The 2010 Standards set the following priorities for barrier removal: (1) providing access from public sidewalks, parking areas, and public transportation; (2) providing access to services (i.e., restaurants, spas, and exercise rooms); (3) providing access to public restrooms; and (4) removing barriers to other amenities offered to guests (i.e., drinking fountains and elevators). To meet these priorities, hotel owners and operators, for example, should ensure that there is an accessible path from the sidewalk to entryways, a portion of the check-in counter is appropriate for use by an individual in a wheelchair, the main lobby has at least one accessible bathroom, and conference room entrances are wide enough for wheelchair passage.
• Swimming pools, wading pools, spas, saunas, and steam rooms must have accessible points of entry and exit that comply with the 2010 Standards. For example, large pools must have at least two accessible means of entry—one entry must be sloped or use a pool lift and the other could use sloped entry, a pool lift, a transfer wall, or a transfer system. Wading pools must provide one sloped entry into the deepest part of the pool. If there is only one spa, it must be accessible with a pool lift, transfer wall, or transfer system. If there is more than one spa, 5 percent of the total number of spas must be accessible. Finally saunas and steam rooms must also be accessible, which requires appropriate turning space, doors that do not swing into clear floor space, and, where one is provided, an accessible bench.
• Other amenities, such as a parking lot or exercise room, must meet their own accessibility requirements. A hotel or restaurant must provide a sufficient number of parking spaces for cars and vans if it is readily achievable to do so. Additionally, one out of every six spaces must be van accessible, meaning that a person in a wheelchair or other mobility device has an access aisle by which to exit and enter the van. For an exercise room, the 2010 Standards require 30 by 48 inches of clear space next to at least one of each type of exercise equipment to allow transfer by someone in a wheelchair and a 36-inch wide accessible route to that piece of equipment. All trainers and other exercise room staff should be instructed not to move this exercise equipment once it is placed correctly.

With all of these architectural requirements, it is essential that hospitality owners and operators conduct regular inspections of their properties, paying special attention to areas that the general public easily sees, uses, and accesses. This step should be taken at the direction of counsel, where feasible, to acquire the protection of the attorney-client privilege. Additionally, managers should perform comprehensive and ongoing staff training about ADA requirements to make sure that staff members on the front lines know how to properly and sensitively address accommodation requests and issues.

These steps are even more important given the ever-increasing costs of ADA non-compliance. In March 2014, the DOJ issued a final rule raising the civil monetary penalties assessed or enforced by the DOJ's Civil Rights Division, including those assessed under Title III of the ADA. Effective April 28, 2014, the maximum civil penalty for a first violation of Title III increases from $55,000 to $75,000, and the maximum civil penalty for a second violation increases from $110,000 to $150,000. Thus, beyond making the required changes to architectural features of the facility, hospitality owners and operators can stave off costly litigation by ensuring that their staffs understand the requirements for communicating with and assisting customers requiring an accommodation.