Take 5 Newsletter: Five New Challenges Facing Retail Employers

by Epstein Becker & Green

Retailers face new challenges every day as a result of legislation, litigation, and technology. This Take 5 addresses some of these challenges.

  1. Pregnancy Accommodation

Several states and municipalities across the country have recently enacted statutory protections for pregnant workers. Such laws, which generally protect pregnant employees from discrimination and require reasonable accommodations for pregnant workers (regardless of whether the employees are disabled by the pregnancy), particularly impact retailers due to the nature of the work performed by retail employees.

For example, New Jersey recently amended its Law Against Discrimination ("LAD") to add pregnancy as a protected category. For purposes of the LAD, "pregnancy" means "childbirth, or medical conditions related to pregnancy or childbirth, including recovery from childbirth." In addition to prohibiting discrimination against pregnant employees, the statute now requires New Jersey employers to provide reasonable accommodations to pregnant workers. The amended LAD includes several examples of potential accommodations, including bathroom breaks, breaks for increased water intake, periodic rest, assistance with manual labor, job restructuring or modified work schedules, and temporary transfers to less strenuous or hazardous work. Other states with similar laws include Alaska, California, Connecticut, Hawaii, Illinois, Louisiana, and Texas. New York City also recently amended its Human Rights Law to provide for similar protections of pregnant workers.

In light of the new requirements to accommodate pregnant employees, regardless of whether those employees are disabled due to pregnancy, retailers will need to consider what types of accommodations might be appropriate and think about which accommodations will even be possible in their stores. For example, the need to increase water intake might be accommodated by a sales associate being permitted to either carry a water bottle or take additional breaks. Another common request will likely be for rest breaks and the opportunity to sit down. Various factors, such as the size and layout of the store, the number of sales associates on duty, and whether cashiers also walk the floor, will clearly impact the employer's ability to allow employees to take breaks and/or perform duties while seated.

Retailers should be aware that certain jurisdictions also require notice to new (and, in some cases, current) employees of these accommodation requirements.

Furthermore, retailers should keep in mind that, pursuant to recent amendments to the Fair Labor Standards Act, as well as certain state laws, employers must also provide employees returning to work after giving birth with an appropriate place (and reasonable time) to express breast milk. This requirement has proved especially tricky for some retailers, because small stores, for the most part, do not have adequate room or privacy for such activities. Retailers may need to be creative in this regard—if a store is in a mall, perhaps the mall itself may have an office or room that could be utilized for this purpose.

  1. Releases and Other Considerations Attendant to Layoffs

In today's economic climate, many retailers have found themselves moving or consolidating operations, or simply laying off workers. When an employer provides severance in exchange for a release of claims to terminated employees, the employer generally uses a standard separation agreement. Employers may wish to revisit this form, especially in light of a recent lawsuit by the federal Equal Employment Opportunity Commission ("EEOC") against a large retailer over the terms of the retailer's form release agreement.

When employers require a release of claims in exchange for severance, they should consider the EEOC's position that several common provisions in employers' separation and release agreements are unlawful, unenforceable, or otherwise insufficient, in that they allegedly violate the prohibition in Section 707 of Title VII of the Civil Rights Act ("Title VII") against engaging in a "pattern or practice" of denying employees' rights to "enjoyment of any of the rights" provided under Title VII. In particular, in a recent lawsuit, the EEOC challenged:

  • the scope of waiver language—i.e., whether an employer can include language requiring employees to waive "any claim of unlawful discrimination of any kind";
  • covenants not to sue—i.e., whether these covenants must clearly exclude employees' rights to bring claims with the EEOC and state/local Fair Employment Practices Agencies ("FEPAs");
  • non-disparagement and cooperation provisions as being violative of public policy in that they restrict employees from bringing concerns or claims to the EEOC or FEPAs;
  • confidentiality provisions, where certain items such as "information concerning the Corporation's personnel" and "wages and benefit[s]" fall within the definition of "confidential information," and may lead an employee to believe that he or she cannot share such information with the EEOC or FEPAs in connection with a claim against the employer; and
  • certain provisions in the separation agreement regarding attorneys' fees and other penalties resulting from a breach of the agreement by the employee, as being unlawful and/or chilling.

Additionally, and significantly, the EEOC alleged that a single statement within a five-page release—which said, "Nothing in this paragraph is intended to or shall interfere with employee's right to participate in a proceeding with any appropriate federal, state or local government agency enforcing discrimination laws, nor shall this agreement prohibit employee from cooperating with any such agency in its investigations"—is insufficient to advise employees of their right to communicate with the EEOC and FEPAs and/or initiate claims (even though the employees may properly be precluded from recouping the monetary benefit in connection with such claims).

While the recent lawsuit represents a rather aggressive stance by the EEOC, there is a chance that the court will agree with some or all of the points raised. As such, employers may wish to review some of their own release provisions, with an eye towards the points raised by the EEOC.

While reviewing their form separation agreements, employers should also ensure compliance with the Older Workers Benefit Protection Act ("OWBPA"), an amendment to the Age Discrimination in Employment Act, in the context of a "group termination," which provides employees with certain protections when releasing claims against an employer. Specifically, per the OWBPA, a release of federal age discrimination claims will not be valid unless workers 40 years of age and older are provided with (i) 45 days to consider whether to release claims against the employer, (ii) information regarding the ages and titles of employees who were and were not selected for termination, and (iii) seven days to revoke their signature once they have signed the release. The OWBPA includes other provisions as well, such as requiring an employer to advise an employee to consult with legal counsel regarding the release.

Furthermore, in planning and implementing layoffs, employers should consider whether the planned layoff is large enough to constitute a "plant closing" or "mass layoff" under the federal Worker Adjustment and Retraining Notification ("WARN") Act. If so, covered employers must provide 60 days' advance notice to affected employees. Employers should note that several states maintain their own WARN laws, many of which provide additional protections to terminated employees. For example, in New York, a 90-day notice period is typically required, and the thresholds for employer coverage and the number of terminations that constitute a WARN event are lower. In New Jersey, failure to give notice can result in a requirement to provide "severance" payments to affected workers. It is important to review both federal and state laws before deciding to engage in any terminations that might constitute a WARN event.

  1. Racial Profiling

New York's Attorney General is currently investigating various claims of racial profiling at retailers throughout the region. In recent years, many retailers have increased security measures due to theft, but such procedures have caused major problems when the policies are (or are alleged to be) applied in a discriminatory manner. Several lawsuits have been filed against major retailers for detaining or questioning individuals suspected of theft or fraud on the basis of race.

In response to the public outcry, various retailers have begun to post a Shoppers' "Bill of Rights" within their stores. This document specifically bans the practice of judging and addressing people based on their race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, ancestry, appearance, or any personal or physical characteristics.

New York law provides specific guidelines pertaining to the training of licensed security guards. Such training should include a discussion of the prohibition against discrimination on the basis of unlawful factors. Federal, state, and local laws also prohibit racial profiling in places of public accommodation, including retail stores open to the public. In addition to any required training under applicable law, retailers should train all security personnel, as well as managers and other staff, on diversity, anti-discrimination, and required public accommodation rules, such as those pertaining to service animals and accommodating other visitors with special needs.

  1. Data Security[1]

The Washington Post labeled 2013 the "Year of Cybersecurity," and with good reason: Edward Snowden and massive retail data breaches (among other developments) have ensured that cybersecurity issues remained in the fore. The risks posed by criminals, state-sponsored actors, "hactivists," and corporate insiders (negligent and otherwise) are grave and continue to grow.

The cost, time, and frequency with which organizations must deal with resolving cyberattacks continue to rise year-over-year. Indeed, a recent Poneman Institute report found that the average annualized cost of cybercrime incurred by the United States-based organizations surveyed exceeded $11.5 million—a 78 percent increase over the past four years. According to the report, surveyed organizations collectively experienced an average of 122 successful attacks per week, up from 102 in 2012. The number of cybersecurity events is not only increasing, but such events are increasing in complexity as well.

Large companies are not the only targets of cyberattacks. One recent study reported that, of 1,200 companies with less than $10 million in annual revenue surveyed, 55 percent had experienced the loss or theft of sensitive data. In addition, data breaches are increasingly triggering civil litigation—typically putative class actions—brought by persons allegedly harmed by the breach.

Undoubtedly, the most effective approach to the risks posed by a data breach is to prevent one from occurring in the first place. Organizations should routinely conduct privacy and risk assessments that involve:

  • identifying the scope of the risk, including systems and processes;
  • identifying and documenting potential threats and vulnerabilities to in-scope systems and processes;
  • assessing the adequacy of current security controls;
  • determining the likelihood of threat occurrence;
  • determining the potential impact of threat occurrence; and
  • determining the level of risk.

Once that process is complete, the organization can:

  • identify additional security measures to mitigate risks to an acceptable level;
  • monitor the progress of mitigation;
  • develop policies and procedures and/or review current policies and procedures; and
  • train employees on security issues.

Despite the best security efforts, a breach can still occur. When a security incident does occur, employers should be ready to respond quickly and efficiently to review and comply with all applicable legal requirements, which may include:

  • preserving digital evidence;
  • conducting a forensic analysis of implicated data;
  • determining the source of the breach and preventing future loss;
  • analyzing the relevant notification requirements;
  • preparing notifications through trusted notification agencies;
  • negotiating with government agencies and local law enforcement;
  • defending against government investigations and litigation; and
  • defending class actions brought on behalf of individuals whose personal information may have been compromised.
  1. Social Media in Hiring

Another hot topic for retailers is the use of social media in the hiring process (both on the recruiting and screening sides). A recent study by Carnegie Mellon University found that between 10 percent and one-third of companies used social media early in the hiring process. Another study by SHRM (the Society for Human Resource Management) found that 77 percent of private employers frequently consulted social media in the hiring process.

On the recruiting side, retailers that use social media to recruit should be aware of certain demographic concerns. According to a 2011 Pew Research Center report, 85 percent of LinkedIn users, 78 percent of Facebook users, and 71 percent of Twitter users were white. Similarly, only 4 percent of LinkedIn users, 6 percent of Facebook users, and 4 percent of Twitter users were over 65 years of age. If the majority of your recruiting is done though these social media sites, consider how it will impact the characteristics of your applicant pool and, therefore, your eventual employee pool.

On the screening side, the use of social media has become almost the new norm. While employers should take care to ensure that social media is not being used to discriminate, employers that are not using social media may be missing out on a valuable tool to determine if a candidate is the right fit for their work environment.

There are various opinions about the extent to which social media should play a role in hiring decisions. Some believe that social media should not be used at all in hiring decisions due to the risk of obtaining legally protected information in connection with viewing such accounts. For example, "Googling" an applicant may reveal that she is pregnant or active in a labor union. Using this information as a basis not to hire her would be unlawful. On the other hand, failure to use social media can cause an employer to overlook publicly accessible information to which customers and other employees will all have ready access. Given these competing concerns, employers may wish to designate a non-decision-maker (e.g., a Human Resources representative or even a third-party provider) to review applicants' social media accounts and other publicly available information and report any relevant information to the hiring manager, who can then consider that information as part of the hiring process.

In any event, it is generally not recommended to require applicants to provide his or her Facebook or other online profile password in connection with his or her application. In fact, such a requirement is unlawful in several states, including California and New Jersey. Some state laws also prohibit "shoulder surfing" whereby an employer requires an applicant to go to his or her Facebook account so that the hiring manager can view it.

If your organization does not have a policy or practice regarding the use of social media in the hiring process—even if an "official" policy is not desired—the above factors should be considered and addressed, and the organization should create a game plan going forward.

[1] This section was prepared by Patricia M. Wagner, a member of Epstein Becker Green's Data Breach/Cybersecurity Prevention and Response Team.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Epstein Becker & Green | Attorney Advertising

Written by:

Epstein Becker & Green

Epstein Becker & Green on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.