Remote Work Legal Considerations

Over the past several years, I've written several times about ongoing #COVID19 risks*, employers' responsibilities to protect employees' health, and how accomodating the health concerns of the immunocompromised, disabled and others are a vital #DEI consideration. I predicted that stringent Return to Office (#RTO) policies would end up in courtrooms to determine if working in an office is truly a vital job requirement and whether employers are accomodating the diversity of health risks people face. Fortune's article notes, "After seemingly having won the return-to-office wars, employers may be walking into a legal storm by enforcing rigid return-to-office (RTO) mandates... Rigid RTO policies are disproportionately impacting disabled employees, mothers, and older workers–and could even, in certain cases, breach the law." The Americans with Disabilities Act is over 30 years old, but it pertains very much to our current age of ever-evolving COVID variants and repeated reinfections. The ADA’s reasonable accommodation obligation includes “modifying workplace policies” and “might require an employer to waive certain eligibility requirements or otherwise modify its telework program for someone with a disability who needs to work at home.” We know people with comorbidities face additional risks from COVID infections, thus some with disabilites are filing complaints to fight for accomodations from overly strict RTO policies. And it's not just people with disablities filing claims. "Companies are facing a rise in mental health disability discrimination complaints from employees who view remote work as a reasonable accommodation. The Equal Employment Opportunity Commission (EEOC) has observed a 16% increase in such charges between 2021 and 2022, particularly for conditions like anxiety, depression, and post-traumatic stress syndrome." Then there's older workers, who say they are more likely to retire due to forced to RTO (and less likely to do so when offered remote options.) "If RTO policies disproportionately affect older employees, either by forcing them into early retirement or by making their work conditions less favorable compared to their younger counterparts, employers could face age discrimination claims." The pandemic demonstrated companies can operate with workers remote and that employees can be productive and engaged in remote or hybrid work arrangements. Overly stringent RTO demands fly in the face of those lessons learned, and that is causing a rise in claims and lawsuits. Smart employers will consider what sort of flexibility it can offer to all employees, accomodate individual employee's unique health needs, and strive to make offices and workplace as safe as possible from the continued surges of COVID infections. *See the first comment for a note on ongoing COVID risks. https://lnkd.in/gyxYmuRA

A recent lawsuit filed by an Apple employee against the company highlights the risks of mishandling Bring Your Own Device (BYOD) policies. The employee claims the tech giant monitored personal devices and iCloud accounts, sparking privacy and legal concerns. It's a stark reminder that allowing personal devices at work requires a carefully crafted policy that balances company needs with employee rights. Here's how to do it right: 1. Respect Employee Privacy: Employees deserve to feel secure about their personal information. Clearly define what data the company can access and avoid overly invasive monitoring or wiping personal data unless absolutely necessary. 2. Prioritize Data Security: Ensure all devices accessing company data are equipped with encryption, strong passwords, and regular updates. Outline clear steps for reporting lost or stolen devices to minimize the risk of breaches. 3. Define Ownership: Specify what happens to company data when an employee leaves. A "remote wipe" provision can protect proprietary information while ensuring personal data is untouched. 4. Foster Awareness: Policies only work when people understand them. Train employees on the importance of safeguarding company data and their responsibilities under the policy. 5. Comply with the Law: Legal compliance is non-negotiable. Make sure your BYOD policy aligns with state and federal privacy laws and is reviewed by an employment lawyer to avoid potential lawsuits. BYOD is a win-win when done right. A well thought out policy protects your business and fosters trust—but only if you're clear up front about boundaries.

In August, a Nashville man was indicted for running a "laptop farm." He allegedly convinced companies to hire him as a remote worker but instead of doing the work, downloaded and installed software on company computers that granted access to foreign bad actors posing as workers, breaching company security and funneling money abroad. This may sound like an outlandish story, but easy access to AI-generated audio and video heighten the risk of employee impersonation. Ways for companies to protect against employee impersonation: Before hiring: • Running background checks (and following state/local notice and disclosure requirements) • Vetting educational and employment background • Using secure methods for checking identity and work authorization. Especially for sensitive roles that are fully remote, consider flying the candidate out to meet in person or hiring a vendor who can vet their identity in person. • Requiring employees to sign robust confidentiality agreements During employment • Working with IT/InfoSec to develop best practices for securing company data • Monitoring employee login patterns and downloads • Developing protocols for exchanging money and sensitive information (for example, requiring multiple points of verification) • Even if you don’t regularly work on video, doing this occasionally. • Training managers to keep an eye out for suspicious activity After employment • Reminding employees of their confidentiality obligations • Securing company data immediately upon separation and monitoring use when employees give notice of resignation • Reviewing hardware that is returned and properly wipe equipment What else?

This article highlights a St. Louis federal court indicted 14 North Korean nationals for allegedly using false identities to secure remote IT jobs at U.S. companies and nonprofits. Working through DPRK-controlled firms in China and Russia, the suspects are accused of violating U.S. sanctions and committing crimes such as wire fraud, money laundering, and identity theft. Their actions involved masking their true nationalities and locations to gain unauthorized access and financial benefits. To prevent similar schemes from affecting you businesses, we recommend a multi-layered approach to security, recruitment, and compliance practices. Below are key measures: 1. Enhanced Recruitment and Background Verification - Identity Verification: Implement strict verification procedures, including checking legal identification and performing background and reference checks. Geolocation Monitoring: Use tools to verify candidates’ actual geographic locations. Require in-person interviews for critical roles. - Portfolio Validation: Request verifiable references and cross-check submitted credentials or work samples with previous employers. - Deepfake Detection Tools: Analyze video interviews for signs of deepfake manipulation, such as unnatural facial movements, mismatched audio-visual syncing, or artifacts in the video. - Vendor Assessments: Conduct due diligence on contractors, especially in IT services, to ensure they comply with sanctions and security requirements. 2. Cybersecurity and Fraud Prevention - Access Control: Limit access to sensitive data and systems based on job roles and implement zero-trust security principles. - Network Monitoring: Monitor for suspicious activity, such as access from IPs associated with VPNs or high-risk countries. - Two-Factor Authentication (2FA): Enforce 2FA for all employee accounts to secure logins and prevent unauthorized access. - Device Management: Require company-issued devices with endpoint protection for remote work to prevent external control. - AI and Behavioral Analytics: Monitor employee behavior for anomalies such as unusual working hours, repeated access to restricted data, or large data downloads. 3. Employee Training and Incident Response - Cybersecurity Awareness: Regularly train employees on recognizing phishing, social engineering, and fraud attempts, using simulations to enhance awareness of emerging threats like deepfakes. - Incident Management and Reporting: Develop a clear plan to handle cybersecurity or fraud incidents, including internal investigations and containment protocols. - Cross-Functional Drills and Communication: Conduct company-wide simulations to test response plans and promote a culture of security through leadership-driven initiatives. #Cybersecurity #HumanResources #Deepfake #Recruiting #InsiderThreats

🚨 ADA & Remote Work: Employers, Take Note On August 13, 2025, a federal court in D.C. sent a message to employers: prior remote work arrangements may undercut your “undue hardship” defense under the ADA. Here’s what happened: ✅ A court clerk who had successfully worked remotely for two years during the pandemic asked to continue remote work as an ADA accommodation after cancer treatment. ✅ The employer denied the request, citing “essential” in-person duties and “undue hardship.” But here’s the problem: the employer provided little documentation, ignored the clerk’s performance record, and dismissed a narrower hybrid proposal with a one-line rejection. ✅ The court refused to dismiss the case, ruling that a jury could find in favor of the employee because her proven success working remotely cast doubt on whether in-person duties were truly “essential.” ⚖️ The Lessons for Employers 1️⃣ History matters. If an employee has successfully performed remotely, that history will weigh heavily in assessing whether in-person duties are truly “essential.” 2️⃣ Documentation is king. Employers must identify and substantiate essential job functions before disputes arise. Rely on updated job descriptions, supervisor input, and actual work experience. 3️⃣ Undue hardship requires evidence. It’s not enough to claim “burden.” There needs to be contemporaneous, detailed support showing why the accommodation won’t work. 4️⃣ Engage, don’t stonewall. A terse “no” will not hold up in litigation. Employers should engage in the interactive process, explore alternatives, and clearly explain decisions. 5️⃣ Consistency counts. If others in similar roles are permitted hybrid or remote schedules, be prepared to explain why a specific employee cannot have the same flexibility. 💡 Takeaway: Courts are scrutinizing remote-work accommodation requests more closely than ever. Employers who fail to document essential functions, engage in good-faith dialogue, and back up hardship claims with evidence risk losing in litigation. #law #hr #humanresources #employmentlaw

Employers, repeat after me: Just because the COVID pandemic has passed doesn't necessarily mean you can deny employees' requests to work remotely. Osmose Utility Services allegedly refused to accommodate an employee by letting her work remotely after she had a stroke. According to the EEOC's complaint, she worked for a provider of infrastructures and products to utility companies. Her job was responding to customer inquiries, including electronically entering tickets for services. The EEOC asserts that her job could have been done remotely. She asked to work full-time from home after her stroke, because she couldn't drive and the office lights aggravated her stroke-related headaches. Osmose allegedly denied this request. Osmose also allegedly denied her request to work from home on the 2-3 days a week she had medical appointments. While it did grant her leave to go to her appointments, it fired her after her supervisor allegedly questioned her absences and pressured her to end her appointments. So the EEOC sued for failure to accommodate and retaliation under the ADA. Employers had, pre-pandemic, been steadfastly contending that most work could only be done on premises. The pandemic proved many of them wrong in many cases. While we are no longer experiencing a pandemic, and while many employers have required --and legally can require-- a return to in-person work, that does not change an employer's obligation to provide reasonable accommodations under the ADA. It also does not change the fact that remote work can be an accommodation of a disability. Neither does it change an employer's obligation to engage in the interactive process (i.e. talk and LISTEN to your employee) when the employee requests a disability-related accommodation. The EEOC alleges that this employer failed on every count, and did not articulate any undue hardship that remote work would pose. To my eye, employers who behave this way often end up expending more time, effort and resources refusing to do what's right and what in many cases is also a legal obligation. 5 words could have taken Osmose in the right direction: "How can I help?" If Osmose would have at least done that it might even have been able to find an alternative to full-time remote work or been able to address whatever concerns it had about granting the request. But Osmose didn't even do that. If you find yourself in a similar situation with an employee, you might want to ask yourself: "What do I lose by saying those 5 words?" Or perhaps the better question might be: "What do I stand to lose if I don't at least say those 5 words?" What do you think? Feel free to share below.

Did you know that you can leverage the Americans with Disabilities Act (ADA) to request work-from-home (WFH) accommodations based on mental health conditions? This could significantly reshape the "Return to Office" (RTO) landscape, creating both opportunities and challenges for employees and employers alike. Understanding RTO Mandates and the ADA: - The ADA requires employers to provide reasonable accommodations for employees with disabilities, including mental health conditions. - Keith Sonderling, Commissioner at the EEOC, highlights the importance of engaging in an interactive process with employees who request accommodations for mental health conditions. - Brandalyn Bickner, EEOC spokesperson, emphasizes that "reasonable accommodation" includes modifying workplace policies, potentially enabling remote work for employees with disabilities. The Impact of ADA Awareness on RTO Dynamics: - Many employees are unaware they can request remote work as an accommodation for mental health conditions such as anxiety, depression, or PTSD. - Increased awareness could dramatically shift current RTO dynamics, leading to more accommodation requests. - Employees need a formal diagnosis from a licensed mental health professional to claim a WFH accommodation. This must indicate that remote work is necessary for managing their condition. Legal Precedents and Employer Responsibilities: - The EEOC has shown its teeth, as seen in the ISS Facility Services, Inc. settlement and a complaint against a Georgia company for ADA violations. - Employers must navigate legal requirements and handle accommodation requests carefully to avoid discrimination and legal repercussions. Balancing Employee Needs and Operational Efficiency: - Employers should develop clear, consistent policies for handling accommodation requests, including training for managers and HR professionals. - Creative solutions, such as hybrid work schedules, flexible hours, or designated quiet spaces in the office, can help balance remote work with in-office expectations. As the workplace continues to evolve, the interplay between mental health accommodations and remote work will remain a critical issue. Employers have a legal obligation to inform their staff of their rights under the ADA and must be prepared to accommodate legitimate mental health needs while maintaining operational efficiency. Creating an inclusive work environment that supports mental health without sacrificing the benefits of in-person collaboration is crucial. By navigating this complex landscape thoughtfully and legally, employers can foster a workplace that respects employees' mental health needs and drives business success.

Remote work continues to reshape the employment landscape! It's crucial for companies to understand the compliance requirements associated with hiring remote employees and contractors. Here’s a quick guide to help you navigate these obligations effectively: 📌 Employee vs. Contractor - Employees: Regular salary, taxes withheld, eligible for benefits. - Contractors: Self-employed, handle their own taxes, more control over their schedule. - Misclassification can lead to severe penalties, so it’s essential to know the distinctions! ⚖️ Compliance for Remote Employees - State Registration & Taxes: Register your business in each state where remote workers are located and set up state tax accounts. - Payroll & Labor Laws: Comply with state-specific laws regarding minimum wage, overtime, and pay frequency. - Workers' Compensation: Obtain necessary insurance in states where your employees work. - Benefits & Leave Policies: Ensure compliance with state laws regarding benefits and family leave. 🛠️ Compliance for Independent Contractors - Collect W-9 forms and issue 1099-NEC forms for payments over $600. - Stay compliant with state-specific contractor registration requirements. 🇺🇸 Federal Compliance Regardless of classification, ensure you: - Verify employment eligibility (Form I-9) - Report new hires - Comply with federal labor laws and anti-discrimination regulations. 💡 Best Practices - Develop clear remote work policies. - Use written agreements for both employees and contractors. - Implement systems to track work hours and locations. By understanding these compliance requirements, you can build successful remote teams while avoiding legal pitfalls.