Author: Darius Rohani-Shukla

Privacy Notices Explained: When a Policy Is Required and When It Is Not Enough Consumer Privacy Thresholds, Point-of-Collection Disclosures, and Employment Data Considerations

Darius Rohani-Shukla Leave a comment

By Darius Rohani-Shukla

Publishing a website privacy policy is now standard practice. But assuming that a single, generic policy covers everything is inherently risky. In reality, privacy obligations can arise from several directions: baseline online notice expectations when you collect personal information through a website or app, comprehensive state consumer privacy laws that apply once you cross certain thresholds, and separate requirements that apply in the employment context.

In many cases, meeting those obligations is not just a matter of maintaining a policy in the footer. It also requires the right disclosures at the moment data is collected, whether that is through cookies and tracking technologies, a signup form, a checkout flow, or an application portal. Recruiting and workplace data add another layer. Applicant information, employee monitoring, biometrics used for timekeeping or access control, and automated hiring tools can each trigger standalone notice obligations that a consumer-facing privacy policy does not address.

This blog summarizes when a privacy policy is legally required, when additional point-of-collection disclosures are appropriate, and how consumer and workforce requirements can overlap. Continue reading

EEOC Quorum Restored: What Changes

Darius Rohani-Shukla Leave a comment

The EEOC regained a quorum on October 7, 2025, when Brittany Panuccio was confirmed by the Senate, restoring three sitting Commissioners: Acting Chair Andrea Lucas, Kalpana Kotagal, and Brittany Panuccio. With three members seated, the Commission can again take actions that legally require Commission votes.

Brief History

  • January 28, 2025: The EEOC lost its quorum after Commissioners Charlotte A. Burrows and Jocelyn Samuels were removed, leaving only two of five seats filled.
  • January–October 2025 (no-quorum period): Field operations continued (charge intake, investigations, mediations, subpoenas, conciliations), but actions requiring Commission votes were largely paused.
  • October 7, 2025: Quorum restored with Brittany Panuccio’s confirmation.

How Voting Works

With three Commissioners now seated, the EEOC can finally take up business that requires formal votes. Three members make a quorum, and actions pass by majority. In practice, that means two of the three Commissioners can approve items, whether that’s green-lighting a systemic lawsuit, adopting or rescinding guidance, or updating the Strategic Enforcement Plan. Recusals can complicate headcounts on specific matters, but as long as three are in office, the Commission can operate, and a two-vote majority carries the day.

What the Commission Does and Why It Matters

Commissioners choose which big cases the EEOC will bring, what guidance investigators and courts will rely on, and which priorities get elevated nationwide. When the Commission speaks, through votes on litigation, guidance, or the enforcement plan, field offices follow. A functioning quorum is difference between idling and actually moving policy.

What the EEOC Could Not Do Without a Quorum

For more than eight months, investigation work continued, as charges were filed and probed, mediations and conciliations occurred, and subpoenas issued, but the Commission couldn’t touch anything that required a vote (e.g. no new or rescinded guidance). The result was a holding pattern on the most consequential levers of policy and enforcement.

What the EEOC Can Do Now

Now that the quorum is back, those levers are live again. Expect the Commission to revisit items that stacked up during the pause and to move quickly on priorities that align with the current majority.

  • Significant litigation can advance. Systemic and pattern-or-practice matters that require Commission approval can be authorized with two votes, clearing the way for larger, higher-impact filings.
  • Guidance can be updated or withdrawn. Technical assistance and policy statements, on harassment, DEI-related practices, religious accommodation, AI in HR, and more, can be issued or revised, tightening the interpretive framework investigators bring to cases.
  • Policy and rulemaking steps can proceed. Where Commission approval intersects with data and reporting with standards under laws like the PWFA, the Commission can now align, adjust, or initiate changes.
  • Priorities can be reset. By refreshing the Strategic Enforcement Plan, the Commission signals where scrutiny will intensify, steering resources toward the themes the majority sees as most urgent.

Practical Takeaways

We expect faster movement at the policy level and a clearer line of sight into where the Commission intends to push next. With a quorum restored, agendas can advance without delay and signals will be easier to read. For employers, the takeaway is practical: two votes can now launch big cases, rewrite or rescind guidance, and redirect enforcement attention, shaping priorities in real time and raising the stakes for compliance and risk planning.

 

Navigating Legal Risk in the Remote Work Era

Darius Rohani-Shukla Leave a comment

The widespread adoption of remote work arrangements has reframed the employment landscape, offering organizations access to a broader talent pool and increased operational flexibility. However, this reorganization also presents complex legal challenges—many of which remain underappreciated.

As employees work from locations that may be hundreds or thousands of miles from their employers’ offices, questions of applicable law, regulatory obligations, and legal exposure become increasingly difficult to resolve. In particular, employers must contend with a patchwork of state and federal employment laws, jurisdictional triggers based on employee location, and a rising set of cybersecurity and compliance risks; all of which may be activated by something as simple as an employee moving across state lines.

The Problem of Legal Geography: Where Your Employees Are Matters

Too often, employers operate on the assumption that compliance flows from where the company is headquartered. But in practice, most employment laws look to the employee’s physical location, not the employer’s. And in a remote-first world, that means companies are increasingly subject to laws in places they never intended to do business.

Sometimes, those laws have clearly defined geographic limits. Other times, they don’t. In general, courts apply a presumption against extraterritoriality, declining to apply a state law outside its borders unless the statute expressly says otherwise. However, this is state-dependent: some states reject the presumption and instead rely on traditional statutory interpretation or conflict-of-laws principles. This creates real confusion—particularly when an employee lives in one state, reports to a supervisor in another, and accesses systems hosted in a third.

In Washington, D.C., for example, the law often looks to where the controlling authority or supervisor resides. That means a Virginia-based employee working remotely could potentially be protected by D.C.’s Human Rights Act simply because their boss sits in a D.C. office. In contrast, California’s CFRA typically applies to employers with five or more employees nationwide, even if just one works remotely in California. New York’s paid sick leave law triggers based on total employee headcount, regardless of where employees are located.

Not Just Leave Laws: Workers’ Comp and Wage Claims

Continue reading

EEOC Shifts Focus to “DEI-Related Discrimination”: What It Means for Title VII Enforcement

Darius Rohani-Shukla Leave a comment

By Darius Rohani-Shukla

The EEOC has recently issued new guidance signaling a marked shift in its enforcement priorities: a heightened focus on “diversity, equity, and inclusion-related discrimination.” While the foundational legal framework of Title VII obviously remains unchanged, this guidance reflects a new interpretation of how DEI initiatives intersect with existing anti-discrimination protections.

Reaffirming Title VII Protections

Title VII prohibits employment discrimination based on race, sex, color, religion, and national origin. The EEOC’s updated guidance does not introduce new legal obligations but urges employers to reassess their DEI programs to ensure they are implemented in a manner consistent with these longstanding protections. While the guidance does not suggest widespread noncompliance, it does identify specific DEI practices that may attract greater scrutiny: Continue reading

The EEOC’s New Guidance on Wearable Tech: What Employers Need to Know

Darius Rohani-Shukla Leave a comment

By Darius Rohani-Shukla and Jordan B. Schwartz

Last year, many of our clients began asking us about the feasibility of requiring or, at the very least, providing their employees with the option of using “wearable technology” in the workplace. As wearable technologies become increasingly integrated into workplace operations, the Equal Employment Opportunity Commission (EEOC) has issued new guidance outlining how these innovations intersect with employment discrimination laws. The guidance is consistent with the advice and counsel we have been providing on this issue, including the concern that requiring workers to use wearable devices, without adequate legal safeguards, could expose a company to liability. While these devices—ranging from smartwatches to biometric scanners—offer potential benefits in efficiency, safety, and health monitoring, employers embracing these tools must navigate a landscape shaped by federal laws like the Americans with Disabilities Act (ADA), the Genetic Information Nondiscrimination Act (GINA), and Title VII of the Civil Rights Act.

Key Considerations from the EEOC’s Guidance

The EEOC’s fact sheet and accompanying guidance highlight several areas where wearable technologies may run afoul of anti-discrimination laws. Below are the primary concerns that employers should consider: Continue reading

AI in the Workplace: Legal Pitfalls and the Department of Labor’s Roadmap for Employers

Darius Rohani-Shukla Leave a comment

Understanding AI in the Workplace: What Employers Need to Know

Artificial intelligence (AI) is rapidly transforming how businesses operate. From automating repetitive tasks to streamlining decision-making, AI has become a powerful tool for increasing efficiency and fostering innovation. With its growing adoption, employers face many new questions about how AI should be used in the workplace, what responsibilities businesses have in its implementation, and what legal risks should be considered.

To address these challenges, the U.S. Department of Labor released a guidance document “Artificial Intelligence and Worker Well-Being: Principles and Best Practices for Developers and Employers.” This framework provides a structured approach for businesses and developers to think critically about the role of AI in the workplace. While it carries no direct legal force, it has substantial influence as a framework for responsible AI use.

Employers who adopt its recommendations can reduce risks, build trust, and create safer, fairer workplaces. At the same time, the document provides a potential tool for employees or regulators to hold organizations accountable for failures in AI oversight. This blog explores the key aspects of these principles and practices, helping employers understand the framework and its implications for their operations.

The Role of AI in the Workplace

AI has the potential to enhance productivity and improve operations in numerous ways. It can automate time-consuming tasks, analyze large datasets to make informed decisions, and even assist in hiring by screening resumes more efficiently.

The Department of Labor’s framework is at pains to highlight that AI should be implemented in ways that empower workers, rather than replace them. While the principles outlined below are not mandates, they encourage employers to think about AI adoption as more than a technical upgrade, and demonstrate the DOL’s position is that AI is an opportunity to foster trust, improve job quality, and mitigate risks.

Key Principles for AI in the Workplace

The framework outlines several principles and best practices for employers and AI developers. Below is a breakdown of these key ideas and what they mean for businesses:

Continue reading

AI-Empowered HR: Crafting Compliance in the Digital Age

ImageDarius Rohani-Shukla Leave a comment

The Department of Labor’s Wage and Hour Division (WHD) has released a Field Assistance Bulletin (FAB) guiding employers on the use of artificial intelligence (AI) in human resources activities. The FAB focuses on how the use of AI can cause concerns complying with the Fair Labor Standards Act (FLSA), the Family and Medical Leave Act (FMLA), and the Employee Polygraph Protection Act (EPPA). The guidance predominantly addresses AI systems that undertake traditional human resources functions—such as tracking work hours, evaluating worker performance, setting schedules, and assigning tasks—and highlights their impact on remote and hybrid work environments across diverse workplaces.

Continue reading

FTC Targets Employers Utilizing Worker Surveillance Technologies

Darius Rohani-Shukla Leave a comment

When used appropriately, worker surveillance technologies like time and attendance software, video surveillance systems, GPS tracking software, and biometric technology can benefit employers in a variety of ways, including by boosting productivity, identifying internal and external cybersecurity threats, and even preventing or responding to workplace accidents. However, employers must be careful that employee monitoring programs do not run afoul of an increasingly wide range of regulators, now including the Federal Trade Commission.

In recent comments, FTC Division of Privacy and Identity Protection Associate Director Benjamin Wiseman outline the Commission’s commitment to protecting worker privacy. The Commission is the nation’s primary privacy regulator and its privacy enforcement tool is Section 5 of the FTC Act, which prohibits unfair, deceptive, and anticompetitive trade practices. In recent years, the Commission demonstrated its willingness to pursue novel technological issues through enforcement actions against companies utilizing AI facial recognition technologies.  Wiseman warned that businesses that infringe on worker privacy risk becoming targets of FTC enforcement actions, stating:  Continue reading

Understanding and Adjusting to the EEOC’s Strategic Enforcement Plan for 2024 to 2028

Darius Rohani-Shukla Leave a comment

Earlier this Fall, the EEOC released its strategic enforcement plan (SEP) for fiscal years 2024 to 2028.  The SEP establishes the EEOC’s six subject matter priorities that the Agency will focus its tools, including enforcement (including investigations, settlements, and litigation), education and outreach, research, and policy development on during that time frame. This SEP has important implications for employers as it lays out specific areas where failing to comply with federal employment laws and EEOC guidance could result in tough EEOC enforcement actions.

Priority #1: Eliminating Barriers in Recruitment and Hiring

Continue reading

DC Attorney General Issues a Business Advisory Demystifying Restaurant Service Fee Compliance Requirements

Darius Rohani-Shukla Leave a comment

Last month, Attorney General Brian L. Schwalb issued a new advisory explaining restaurants’ legal obligation to adequately disclose service fees. Under the DC Consumer Protection Procedures Act (CPPA), restaurants are required to disclose fees, including service fees, in a timely, prominent, and adequate manner.  This new advisory includes examples of compliant and non-compliant fee disclosures according to the CPPA.

According to AG Schwalb, the new advisory was motivated by diners expressing concerns about being surprised by unexpected fees and surcharges at the end of their meals. As well as that, the advisory indicated that diners have also expressed confusion about how restaurants are using service fees, especially whether restaurants distribute the fees as tips to servers or retain the fees to cover operational expenses.

Service Fee Language

The advisory emphasized that conclusory or general statements indicating service charges or service fees would not comply with the CPPA.

For example, the following statement would not comply with the CPPA:

A 22% service charge is included on every tab and will help to support our staff.

Whereas the following statement would comply with the CPPA:

A 22% service charge is included on every tab. 15% is distributed directly to service workers on top of their base wages, and the remaining 7% is used to help pay for our staff costs, such as base wages, health insurance, etc. You may choose to leave an extra tip.

Timely and Prominent Disclosure

The advisory also clarifies that restaurants must disclose the existence and amount of fees before diners place their orders. In addition, the advisory explains that restaurants cannot bury fees, or make obscure theme in smaller print. The advisory suggests that a good rule of thumb is for restaurants to communicate service fees in the same way that they communicate their prices.

Employer Takeaways

Using this guidance, DC restaurants should evaluate the substance, process, and prominence of their service fee language.  Where restaurants are found to be in violation of the CPPA, initial warnings may be issued as a precursor. However, it’s important to note that the Office of the Attorney General retains the authority to pursue remedies that encompass consumer refunds, imposition of penalties, and the enforcement of corrective actions upon these businesses.