The COVID-19 global pandemic has been an unprecedented challenge for U.S. employers over the past 12+ months. Among other things, pandemic-containment policies and best practices limited business and personal travel. As we enter summer 2021, the sun seems brighter as we near the end of the tunnel. But as the world re-opens and as more Americans become vaccinated, U.S. employers should give due care to several obvious and not-so-obvious areas:
(1) how to handle travel-quarantines, masks, and vaccines as applied to employees;
(2) how to handle employees traveling internationally, including the ongoing challenges to obtain visas; and
(3) maintaining employer data security and balancing privacy in a new era of remote work.
II. COVID-19 Workplace Considerations
Navigating the highly dynamic landscape of federal, state, and local COVID-19 rules and policies has presented myriad challenges for U.S. employers. Most recently, mass proliferation of vaccines and a clear decrease in hospitalizations is making it easier for employers to keep their employees safe, and is slowly (or sometimes abruptly!) leading to increased business reopening and travel throughout the United States. Federal and state guidance and regulations on masks, testing, and quarantining have begun to relax. The CDC announced on May 13 that “fully vaccinated people no longer need to wear a mask or physically distance in any setting.” The guidance also states that fully vaccinated people can refrain from testing and quarantine following a known exposure under certain circumstances.
However, most changes in federal guidance pertain to “the public,” and private employers are not “the public.” Accordingly, the CDC website sets forth the following caveat with regard to its most recent guidance on relaxed mask and quarantine guidelines: “except where required by federal, state, local, tribal, or territorial laws, rules, and regulations, including local business and workplace guidance.” (Emphasis added.) Moreover, although OSHA is advising employers to follow CDC guidelines for fully-vaccinated employees, the general duty clause under the OSH Act requires that employers keep their employees safe and recommends employers implement and maintain social distancing and shield or facemask measures for unvaccinated employees.
Thus, even though CDC guidance is becoming less restrictive, employers must still comply with applicable federal, state, and local workplace laws regarding mask mandates and quarantines. And because federal guidance and state reopening orders often contain detailed rules that vary by industry, it is vital that employers consider the fine print on all federal, state, and local rules and guidance. For example, following the May 13 federal CDC announcement, the state of Minnesota lifted its mask-mandate, only to have both the Minneapolis and St. Paul mayors announce that both cities are continuing to impose mask mandates.
In terms of vaccinations, it is in an employer’s best interest to have a fully vaccinated workforce (to the extent possible). However, in response to employer trends of incentivizing or even requiring vaccines, a countervailing state law trend is emerging to curb the ability of employers to promote vaccinations or treat vaccinated and non-vaccinated people differently. Several state governors (e.g., Texas, Florida, and Arizona) have issued executive orders limiting the use of COVID-19 vaccination documentation to confer certain rights or privileges on individuals. Also, Montana recently passed a law that, effective July 1, 2021, prohibits discrimination against non-vaccinated people.
With only a few exceptions, the Montana law prevents any entity from treating vaccinated and non-vaccinated people differently. Although employers in Montana can still “recommend” that employees receive vaccines, employer plans to only allow vaccinated employees to return to the office or only require non-vaccinated employees to wear masks have, in large part, come to a screeching halt.
III. International Travel Restrictions
Since his inauguration in January 2021, President Biden has kept his promise to roll back certain Trump administration travel and visa restrictions. For instance, President Biden has rescinded the so-called “Muslim travel ban.”
Biden has also rescinded Trump’s categorical visa ban that prevented the issuance of certain common work visas, including H-1B and L-1 visas.
But the Biden administration remains strict about COVID-19 precautions, related international travel, and visa issuance. President Biden has maintained aspects of the previous Administration’s travel restrictions and has even increased or added restrictions as global conditions evolve. Currently, there are four “geography-based” presidential proclamations that suspend entry into the United States of most foreign nationals who are physically present in any of 33 countries during the 14-day period prior to entry.
The geography-based travel ban countries currently include China, Iran, the Schengen Area, the U.K., Ireland, Brazil, South Africa, and most recently, India. While these orders only restrict the travel of individuals to the United States, anecdotally it has become clear that some U.S. consulates in these countries will not issue visas, even if the traveler intends to quarantine in a country not on the list and then enter the United States 14+ days later.
Fortunately, the geography-based travel/visa restrictions entail various exceptions. For instance, the restrictions do not apply to U.S. citizens and permanent residents (and parents of minor children who are U.S. citizens), and there are exceptions for travelers whose entry is deemed in the U.S. national interest.
Each U.S. consulate has its own processes to apply for a National Interest Exception (“NIE”), and thus travelers and employers are encouraged to investigate such processes on a consulate-by-consulate basis.
Besides the “geography-based” travel limitations, another way in which the Biden Administration is taking seriously the containment of COVID-19 is ongoing travel related mandates for masking and COVID-19 testing.
- With regard to masks, the administration’s January 21, 2021 proclamation requiring airports, trains, intercity bus services, and other forms of public transportation to “require masks to be worn in compliance with CDC guidelines” appears to still be in force.
The most recent CDC guidelines regarding masks and public transportation, in turn, require travelers to wear masks, even if they are fully vaccinated.
This requirement is for travelers “boarding, disembarking, or traveling on airplanes, ships, ferries, trains, subways, buses, taxis, and ride-shares. . . .”
- With regard to COVID-19 testing, the same January 21, 2021, proclamation also requires all travelers (U.S. citizens and permanent residents included) to produce proof of a recent negative COVID-19 test prior to boarding an international flight to the United States and to comply with CDC guidelines concerning travel, self-quarantine, and self-isolation after entry. Critically, this requirement for a negative COVID-19 test prior to flying to the United States applies to everyone, including individuals who have been fully vaccinated.
IV. Data Security and Privacy: Considerations Related to U.S. Ports of Entry
As global travel slowly resumes, and employees embrace some of the work-from-home or ‘digital nomad’ work arrangements permitted during the pandemic, employers should pay close attention to the data their employees store on company electronic devices—especially if an employee will be traveling internationally and will be carrying a company electronic device. Given the explosion of work-from-home arrangements and the commensurate increase of employees taking company devices to their homes and with them while traveling, this is particularly timely.
Among professional-level employees, it is not always well-known how much discretion U.S. Customs and Border Protection officers at U.S. airports have in conducting warrantless searches of electronic devices carried by travelers. Americans generally assume they have a right to be free from unreasonable searches and seizures, as provided by the Fourth Amendment. But a well-established and significant exception to the 4th Amendment applies at U.S. ports of entry, whereby the U.S. government has nearly unfettered discretion to search individuals at the border and other ports of entry, including searching data contained on electronic devices. The extent of this broad power to search was recently confirmed by the First Circuit Court of Appeals in Alasaad v. Mayorkas, which involved challenges to the U.S. Customs and Border Protection’s (“CBP”) and U.S. Immigration and Customs Enforcement’s (“ICE”) electronic device search policies. See Alasaad, 988 F.3d 8 (1st Cir. 2021).
As described in Alasaad, there is a distinction between “basic” searches and “advanced” searches under the border search exception. Basic searches are “routine” searches that do not require reasonable suspicion. The scope of a basic search is relatively limited but it is far from non-intrusive. Border agents can make travelers present and unlock their electronic devices, and can then search for “information on the device that is accessible through software applications present on the device.”
Anyone who refuses the search can have their device seized for a certain number of days, can be detained themselves, and foreign nationals can be denied entry.
In advanced searches, officers can “connect external equipment, through a wired or wireless connection, to an electronic device not merely to gain access to the device, but to review, copy, and/or analyze its contents.” Alasaad, 988 F.3d at 13. According to the First Circuit, when it comes to advanced searches, officers only need reasonable suspicion of any crime. See id. at 20.
Note that CBP policy does not allow officers to search remote access data, that is, data in the cloud.
Employers should actively consider the potential costs and benefits to allowing employees to have access to work data on smartphones and other electronic devices. If allowed such access, employers should take several precautions, such as using strong encryption methods and requiring employees to completely shut down electronic devices before reaching any airports, deleting unnecessary sensitive data from their devices, and saving all sensitive data remotely (to the cloud).